OpenSSL 3.5.0 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.

• The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.

• The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.

• All BIO_meth_get_*() functions were deprecated.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)

• Support for 3rd party QUIC stacks including 0-RTT support

• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

• A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422

• A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source

• Support for central key generation in CMP

• Support added for opaque symmetric key objects (EVP_SKEY)

• Support for multiple TLS keyshares and improved TLS key establishment group configurability

• API support for pipelining in provided cipher algorithms

Known issues in 3.5.0

• https://github.com/openssl/openssl/issues/27282 Calling SSL_accept on objects returned from SSL_accept_connection results in error. It is expected that making this call will advance the SSL handshake for the passed connection, but currently it does not. This can be handled by calling SSL_do_handshake instead. A fix is planned for OpenSSL 3.5.1

OpenSSL 3.5.0 beta1 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.

• The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.

• The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.

• All BIO_meth_get_*() functions were deprecated.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)

• Support for 3rd party QUIC stacks including 0-RTT support

• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

• A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422

• A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source

• Support for central key generation in CMP

• Support added for opaque symmetric key objects (EVP_SKEY)

• Support for multiple TLS keyshares and improved TLS key establishment group configurability

• API support for pipelining in provided cipher algorithms

OpenSSL 3.5.0-alpha1 is a feature pre-release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.

• The TLS supported groups list has been changed in favor of PQC support.

• The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)

• Support for 3rd party QUIC stacks

• Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA)

• Allow the FIPS provider to optionally use the JITTER seed source. Because this seed source is not part of the OpenSSL FIPS validations, it should only be enabled after the [jitterentropy-library] has been assessed for entropy quality. Moreover, the FIPS provider including this entropy source will need to obtain an [ESV] from the [CMVP] before FIPS compliance can be claimed. Enable this using the configuration option enable-fips-jitter.

• Support for central key generation in CMP

• Support added for opaque symmetric key objects (EVP_SKEY).

• Support for multiple TLS keyshares.

OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this release is Low.

This release incorporates the following bug fixes and mitigations:

• Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

• Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.1.8 is a security patch release. The most severe CVE fixed in this release is Low.

This release incorporates the following bug fixes and mitigations:

• Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

• Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.2.4 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

• Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

• Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

• Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

• Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

OpenSSL 3.4.1 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

• Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

OpenSSL 3.4.0 has been released. You can find more details about this release in the release notes.

Beta 1 of OpenSSL 3.4.0 is now available: please download and test it!