OpenSSL 3.5 Alpha Release

1 view
Skip to first unread message

openssl-...@openssl.org

unread,
Mar 12, 2025, 1:38:00 PM3/12/25
to openssl-...@openssl.org

OpenSSL 3.1.2 FIPS 140-3 Validation Announcement

The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST).

OpenSSL 3.1.2 FIPS Provider holds certificate #4985, which remains valid for five years and expires on March 10, 2030.

With OpenSSL 3.1.2 now validated, users can confidently integrate this module into their systems, ensuring adherence to the most up-to-date cryptographic standards. This module is compatible with any version of OpenSSL 3.0, 3.1, 3.2, 3.3, 3.4 and future 3.5.

Read our Blog for more information.

OpenSSL 3.5 Alpha Release

The OpenSSL Project is pleased to announce that OpenSSL 3.5 Alpha1 pre-release has been released and is adding significant new functionality to the OpenSSL Library.

This release incorporates the following potentially significant or incompatible changes:

  • Default encryption cipher for the reqcms, and smime applications changed from des-ede3-cbc to aes-256-cbc.
  • The TLS supported groups list has been changed in favor of PQC support.
  • The default TLS keyshares have been changed to offer X25519MLKEM768 and X25519.

This release adds the following new features:

  • Support for server side QUIC (RFC 9000)
  • Support for 3rd party QUIC stacks
  • Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA)
  • Allow the FIPS provider to optionally use the JITTER seed source. Because this seed source is not part of the OpenSSL FIPS validations, it should only be enabled after the [jitterentropy-library] has been assessed for entropy quality. Moreover, the FIPS provider including this entropy source will need to obtain an [ESV] from the [CMVP] before FIPS compliance can be claimed. Enable this using the configuration option enable-fips-jitter.
  • Support for central key generation in CMP
  • Support added for opaque symmetric key objects (EVP_SKEY).
  • Support for multiple TLS keyshares.

You can download the Alpha release from our download page or from the GitHub release page

OpenSSL Corporation, Inc. 40 East Main Street, Newark,
New Castle County, 19711, USA
Reply all
Reply to author
Forward
0 new messages