OpenSSL 3.5 Beta Release
The OpenSSL Project is pleased to announce the release of the OpenSSL 3.5 Beta1 pre-release, which adds significant new functionality to the OpenSSL Library.
This release incorporates the following potentially significant or incompatible changes:
- Default encryption cipher for the
req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.
- The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.
- All
BIO_meth_get_*() functions were deprecated.
This release adds the following new features:
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks including 0-RTT support
- Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
- A new configuration option
no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option
enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP
- Support added for opaque symmetric key objects (EVP_SKEY)
- Support for multiple TLS keyshares and improved TLS key establishment group configurability
- API support for pipelining in provided cipher algorithms
You can download the Alpha release from our download page or from the GitHub release page.
