OpenSSL 3.5 Alpha1 release

[Matt Caswell]

The OpenSSL Project is pleased to announce that OpenSSL 3.5 Alpha1 pre-release has been released and is adding significant new functionality to the OpenSSL Library.

This release incorporates the following potentially significant or incompatible changes:

- Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc

- The TLS supported groups list has been changed in favor of PQC support.

- The default TLS keyshares have been changed to offer X25519MLKEM768 and X25519.

This release adds the following new features:

- Support for server side QUIC (RFC 9000)

- Support for 3rd party QUIC stacks

- Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA)

- Allow the FIPS provider to optionally use the JITTER seed source. Because this seed source is not part of the OpenSSL FIPS validations, it should only be enabled after the [jitterentropy-library] has been assessed for entropy quality. Moreover, the FIPS provider including this entropy source will need to obtain an [ESV] from the [CMVP] before FIPS compliance can be claimed. Enable this using the configuration option enable-fips-jitter.

- Support for central key generation in CMP

- Support added for opaque symmetric key objects (EVP_SKEY).

- Support for multiple TLS keyshares.

You can download the Alpha release from our download page [1] or from the GitHub release page [2]

[1]: https://www.openssl-library.org/source/index.html

[2]: https://github.com/openssl/openssl/releases