RHEL 9.8 and 10.2 Bring PQC, io_uring, and Enterprise Upgrades
Red Hat has simultaneously released Red Hat Enterprise Linux (RHEL) 9.8 and RHEL 10.2, delivering one of the most significant platform updates in recent years. While the two releases target different lifecycle tracks, they share a common strategic direction: preparing enterprise infrastructure for the post-quantum era while modernizing Linux I/O, observability, and application performance.
Among the most notable changes are the broad rollout of Post-Quantum Cryptography (PQC) technologies, the promotion of io_uring to fully supported status, expanded eBPF capabilities, and major upgrades across databases, development toolchains, and security frameworks.
For enterprise architects, platform engineers, and Linux administrators, these releases provide a clear view of where Red Hat expects infrastructure to evolve over the next decade.
🔐 Post-Quantum Cryptography Moves Into the Mainstream #
The most strategically important enhancement across both releases is the continued expansion of Post-Quantum Cryptography.
While previous releases introduced PQC support in limited areas, RHEL 9.8 and 10.2 extend support throughout the software stack, signaling that Red Hat now considers post-quantum readiness a core platform requirement rather than an experimental capability.
OpenSSH Enhancements #
OpenSSH receives substantial upgrades, including support for hybrid quantum-resistant key exchanges.
Key improvements include:
- Support for
mlkem768x25519-sha256 - OpenSSH upgraded to version 9.9
- Separation of
sshdinto:sshdlistener daemonsshd-sessionper-session process
This architectural split reduces the attack surface and improves process isolation.
In FIPS-enabled environments, RHEL 10.2 further extends support with NIST-curve ML-KEM implementations.
GnuTLS Improvements #
RHEL 9.8 upgrades GnuTLS to version 3.8.10 and introduces:
- ML-KEM hybrid key exchange support
- ML-DSA signature support
- TLS certificate compression
- SHAKE hash functions
- RSA-OAEP enhancements
These additions enable organizations to begin validating post-quantum TLS deployments before future compliance requirements emerge.
libssh and PKCS#11 Updates #
RHEL 10.2 upgrades libssh to version 0.12.0, adding support for hybrid post-quantum algorithms such as:
sntrup761x25519-sha512
Meanwhile, p11-kit 0.26.1 updates PKCS#11 definitions to version 3.2 and incorporates support for PQC-related cryptographic primitives.
Container Signature Modernization #
RHEL 10.2 introduces:
podman-sequoia- Sequoia-PGP backend support
- Post-quantum composite container signatures
This marks another step toward quantum-resistant software supply chains.
FUTURE Crypto Policy Becomes Much Stricter #
Perhaps the most consequential policy change appears in RHEL 10.2’s FUTURE crypto profile.
Under this policy:
- Legacy key exchange algorithms are no longer permitted
- Only ML-KEM hybrid key exchanges are accepted
Organizations adopting the FUTURE profile must verify compatibility across all connected systems before deployment.
Potential compatibility issues include:
- Legacy TLS services
- Older Java application servers
- External vendor endpoints
- Red Hat content delivery infrastructure lacking ML-KEM support
This policy shift clearly signals Red Hat’s long-term cryptographic roadmap.
⚡ io_uring Officially Enters Production #
Another major milestone is the graduation of io_uring from Technology Preview status to fully supported functionality.
Why io_uring Matters #
Traditional Linux I/O relies heavily on system calls, creating overhead when applications frequently transition between user space and kernel space.
io_uring introduces:
- Shared submission queues
- Shared completion queues
- Reduced context-switch overhead
- Lower latency
- Higher throughput
This architecture enables applications to perform asynchronous I/O far more efficiently.
Enterprise Impact #
Workloads expected to benefit most include:
- Databases
- Web servers
- Storage systems
- High-frequency trading platforms
- Large-scale cloud services
- AI data pipelines
By officially supporting io_uring, Red Hat effectively signals that the technology is mature enough for production deployment across enterprise environments.
🛠️ Kernel Advancements Strengthen Enterprise Operations #
Both releases include significant kernel-level enhancements beyond cryptography and I/O.
Kernel Live Patching Arrives in RHEL 10 #
One of the most requested enterprise capabilities now becomes available throughout the RHEL 10 family.
Kernel Live Patching (kpatch) allows administrators to:
- Apply security fixes
- Patch critical vulnerabilities
- Avoid system reboots
- Minimize downtime
For organizations operating:
- Financial systems
- Telecommunications infrastructure
- Healthcare platforms
- Manufacturing environments
live patching can dramatically reduce operational disruption during security remediation.
eBPF Continues to Expand #
RHEL 10.2 aligns its eBPF implementation closely with upstream Linux developments.
Enhancements include:
- Additional kfunc interfaces
- Expanded BPF instruction support
- Resilient Queued Spinlocks
- Improved BPF map stability
- Enhanced observability capabilities
Examples of newly supported functionality include:
bpf_copy_from_user_task_str()
The updated subsystem provides deeper visibility into kernel activity while reducing the risk of lock contention within heavily instrumented environments.
PowerPC Gains Enhanced BPF Support #
RHEL 9.8 introduces BPF Trampoline support on:
ppc64le
This enables advanced scheduling and tracing capabilities on Power architecture systems that previously lacked access to certain modern eBPF features.
🗄️ PostgreSQL 18 and MariaDB 11.8 Push Database Performance Forward #
Database administrators will find substantial improvements in both major database platforms.
PostgreSQL 18 #
PostgreSQL 18 introduces a new asynchronous I/O subsystem designed to leverage modern Linux storage capabilities.
Key additions include:
- Native AIO support
- OAuth 2.0 authentication
- Default page checksums
- MD5 authentication deprecation
According to PostgreSQL documentation, read performance improvements can reach:
Up to 3×
depending on workload characteristics and storage configuration.
Combined with io_uring support at the operating system level, PostgreSQL gains access to a significantly more efficient I/O path.
MariaDB 11.8 #
MariaDB continues evolving toward modern application workloads.
Notable enhancements include:
- Default
utf8mb4character encoding - Native Vector data type
- Vector distance functions
- Extended TIMESTAMP support through 2106
- Parallel dump and import operations
The introduction of vector capabilities reflects the growing importance of AI and machine learning workloads within traditional database environments.
🔨 Developer Toolchain Modernization #
Red Hat continues to refresh the platform’s software development ecosystem.
Rust Toolset 1.92 #
New capabilities include:
- Full i128/u128 support for
extern "C"interfaces - Workspace publishing enhancements
- Improved interoperability
GCC and glibc #
RHEL 10.2 adopts:
- GCC 14.3
- glibc 2.39
as the default platform toolchain.
These updates deliver performance improvements, newer language features, and stronger standards compliance.
LLVM and OpenJDK #
RHEL 9.8 includes:
- LLVM 21
- OpenJDK 25 LTS
OpenJDK’s tighter integration with system-wide crypto policies simplifies compliance and security management across Java deployments.
🛡️ Identity, Security, and Container Ecosystem Enhancements #
Beyond cryptography, Red Hat continues strengthening identity management and system hardening.
Samba and FreeIPA #
Updates include:
- Samba 4.23.0
- SMB3 UNIX extensions enabled by default
- Native Prometheus metrics support
- FreeIPA 4.13.0 improvements
- More than 170 bug fixes
Active Directory Improvements #
Organizations operating hybrid Windows/Linux environments benefit from:
- Cross-forest trust support
- Compatibility with Windows Server 2025 domain controllers
SELinux Tightening #
RHEL 10.2 moves several service domains from permissive operation to enforcement mode.
Examples include:
anaconda_generator_tsystemd_user_runtimedir_t
Additionally, systemd-oomd now receives dedicated policy constraints.
These changes strengthen default security posture without requiring administrator intervention.
🖥️ Desktop and User Experience Changes #
One notable desktop-related change appears in RHEL 10.2’s application distribution model.
Firefox and Thunderbird now ship primarily as:
Flatpak packages
rather than traditional RPM packages.
This aligns with broader trends toward application sandboxing and decoupled software delivery.
Interestingly, AlmaLinux 10.2 has elected to continue providing traditional RPM packages, creating a distinction between the two ecosystems.
📈 Three Strategic Trends Emerging From These Releases #
Several broader industry shifts become apparent when examining these updates collectively.
1. Post-Quantum Readiness Is Becoming Mandatory #
The move toward ML-KEM-first policies indicates that organizations can no longer treat PQC planning as a future concern.
Infrastructure expected to remain operational through the RHEL 10 lifecycle should begin:
- Cryptographic inventory audits
- TLS compatibility assessments
- Vendor readiness reviews
- Long-term migration planning
2. io_uring Has Reached Enterprise Maturity #
Official support from Red Hat, combined with PostgreSQL’s adoption of asynchronous I/O, demonstrates that io_uring has crossed the threshold from experimental technology to production-ready infrastructure.
Expect increasing adoption throughout:
- Databases
- Storage systems
- Web platforms
- Cloud-native services
3. Kernel Observability Continues to Deepen #
Enhanced eBPF functionality provides a stronger foundation for modern security and monitoring platforms.
Solutions such as:
- Falco
- Tetragon
- Runtime security agents
- Advanced tracing platforms
can leverage deeper kernel integration while maintaining lower overhead.
🚀 Migration and Deployment Recommendations #
Organizations Still Running RHEL 8 #
Mainstream support for RHEL 8 concluded in 2024.
Priority actions:
- Begin migration planning immediately
- Target RHEL 9.8 as the most conservative upgrade path
- Evaluate application compatibility before transition
Existing RHEL 9 Deployments #
For current RHEL 9 users:
- Upgrade toward 9.8
- Review PostgreSQL upgrade requirements
- Test PQC-related compatibility changes
New Enterprise Deployments #
For greenfield environments, RHEL 10.2 provides access to:
- Fully supported io_uring
- Kernel live patching
- Expanded eBPF functionality
- Modernized security defaults
These capabilities make it the preferred foundation for many new deployments.
FUTURE Crypto Policy Users #
Before enabling the FUTURE policy:
- Audit TLS endpoints
- Verify ML-KEM support
- Test Java application compatibility
- Validate external integrations
Failure to do so may result in unexpected connectivity issues.
Database-Heavy Environments #
Organizations operating large PostgreSQL installations should prioritize evaluation of:
- PostgreSQL 18
- io_uring integration
- Asynchronous I/O performance gains
- Checksum-related operational impacts
Testing in staging environments is strongly recommended before production rollout.
🎯 Conclusion #
RHEL 9.8 and RHEL 10.2 represent far more than routine maintenance releases. Together, they establish Red Hat’s strategic direction for the next generation of enterprise Linux infrastructure.
The expansion of post-quantum cryptography, official support for io_uring, kernel live patching, advanced eBPF capabilities, and modernized database platforms collectively indicate a platform focused on long-term security, performance, and operational resilience.
For enterprise teams planning infrastructure investments through the next decade, these releases provide a clear message: quantum-resistant security, high-performance asynchronous I/O, and deep kernel observability are rapidly becoming baseline expectations rather than optional enhancements.