OpenSSL version 3.5.0-beta1 released
3 views
Skip to first unread message
Tomas Mraz
Mar 25, 2025, 11:24:36 AMMar 25
to openssl-project, openssl-users
OpenSSL version 3.5 beta 1 released
===================================
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.5 is currently in beta.
OpenSSL 3.5 beta 1 has now been made available.
Note: This OpenSSL pre-release has been provided for testing ONLY.
It should NOT be used for security critical purposes.
The beta release is available for download at:
* https://github.com/openssl/openssl/releases
Please download and check this beta release as soon as possible.
To report a bug, open an issue on GitHub:
* https://github.com/openssl/openssl/issues
Release notes
=============
OpenSSL 3.5.0 beta1 is a feature release adding significant new functionality to
OpenSSL.
This release incorporates the following potentially significant or incompatible
changes:
* Default encryption cipher for the `req`, `cms`, and `smime` applications
changed from `des-ede3-cbc` to `aes-256-cbc`.
* The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
* The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
* All `BIO_meth_get_*()` functions were deprecated.
This release adds the following new features:
* Support for server side QUIC (RFC 9000)
* Support for 3rd party QUIC stacks including 0-RTT support
* Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
* A new configuration option `no-tls-deprecated-ec` to disable support for
TLS groups deprecated in RFC8422
* A new configuration option `enable-fips-jitter` to make the FIPS provider
to use the `JITTER` seed source
* Support for central key generation in CMP
* Support added for opaque symmetric key objects (EVP_SKEY)
* Support for multiple TLS keyshares and improved TLS key establishment group
configurability
* API support for pipelining in provided cipher algorithms
Yours,
The OpenSSL Project Team.
===================================
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.5 is currently in beta.
OpenSSL 3.5 beta 1 has now been made available.
Note: This OpenSSL pre-release has been provided for testing ONLY.
It should NOT be used for security critical purposes.
The beta release is available for download at:
* https://github.com/openssl/openssl/releases
Please download and check this beta release as soon as possible.
To report a bug, open an issue on GitHub:
* https://github.com/openssl/openssl/issues
Release notes
=============
OpenSSL 3.5.0 beta1 is a feature release adding significant new functionality to
OpenSSL.
This release incorporates the following potentially significant or incompatible
changes:
* Default encryption cipher for the `req`, `cms`, and `smime` applications
changed from `des-ede3-cbc` to `aes-256-cbc`.
* The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
* The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
* All `BIO_meth_get_*()` functions were deprecated.
This release adds the following new features:
* Support for server side QUIC (RFC 9000)
* Support for 3rd party QUIC stacks including 0-RTT support
* Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
* A new configuration option `no-tls-deprecated-ec` to disable support for
TLS groups deprecated in RFC8422
* A new configuration option `enable-fips-jitter` to make the FIPS provider
to use the `JITTER` seed source
* Support for central key generation in CMP
* Support added for opaque symmetric key objects (EVP_SKEY)
* Support for multiple TLS keyshares and improved TLS key establishment group
configurability
* API support for pipelining in provided cipher algorithms
Yours,
The OpenSSL Project Team.
Reply all
Reply to author
Forward
0 new messages