Blog

Believe it or not, it’s time to start the election process for the 2026 Foundation Business Advisory Committee (FBAC). Advisory committees play a critical role in the governance of the OpenSSL Foundation. This committee focuses on the strategic direction of the OpenSSL Foundation and our mission.

Each of the six communities (Academics, Committers, Distributions, Individuals, Large Businesses and Small Businesses) will have a representative who will serve for one year. In addition to a monthly meeting, representatives also lead discussions on the Communities platform and generally promote the OpenSSL Mission.

Lightship Security, an Applus+ Laboratories company and accredited cryptographic security test laboratory, and the OpenSSL Corporation, the co-maintainer of the OpenSSL Library, announce the submission of OpenSSL version 3.5.4 to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation.

This submission confirms that the code is complete and that all included algorithms have successfully passed NIST testing and independent laboratory review. The final CMVP review and certificate issuance remain as the last step in the process.

The final release of OpenSSL 3.6 is now live. We would like to thank all those who contributed to the OpenSSL 3.6 release, without whom the OpenSSL Library would not be possible.

Release Announcement for OpenSSL Library 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd and 1.0.2zm

The OpenSSL Project team announces the release of new versions of our open-source toolkit for SSL/TLS.

Among the 91 PRs approved in August, 6 were from people who hadn’t contributed to OpenSSL’s code base until now.

zl523856 started by submitting an issue that asking about the proposed change. The pull request includes some assembly code that improves the performance of the AES-128-CBC decryption algorithm on the RISC-V architecture. It’s not the sort of code that just anyone can write. Open source projects, such as OpenSSL, can benefit from one-time contributions of expertise. In turn, anyone who uses OpenSSL or products that include the library also benefit. It’s a beautiful thing.

Release Announcement for OpenSSL Library 3.5.3

The OpenSSL Project team announces the release of new versions of our open-source toolkit for SSL/TLS.

The OpenSSL Project is pleased to announce that OpenSSL 3.6 Beta1 pre-release is available, adding significant functionality to the OpenSSL Library.

The OpenSSL Project is pleased to announce that OpenSSL 3.6 Alpha1 pre-release is released and adding significant new functionality to OpenSSL Library.

In July, 58 pull requests were approved for merge into the OpenSSL Library code base. There were also four people who contributed code for the first time:

• yzpgryx provided a fix to support the SM2 PEM format with matching tests.
• caolanm designated an unchanging structure to be constant.
• igus68 found a good first issue and fixed it. Before this fix, the OpenSSL cryptographic library would accept a certificate revocation list that was invalid according to the X.509 Public Key Infrastructure specification. Fun fact: Igor Ustinov represents the Individuals community on the Foundation Technical Advisory Committee and this is his first pull request. And he’s on a roll with another pull request that addresses an issue with the help wanted label.
• Saurabh825 corrected the order of options for the asn1parse command.

So far in the development cycle of OpenSSL 3.6, the plurality of changes come from developers paid by either the OpenSSL Corporation or Foundation. But individual contributions continue to make up a large proportion of commits (41%) and overall changes (28%). Additionally individual committers also have done 18.5% of reviews so far.

Early Bird registration is now open for the inaugural OpenSSL Conference, taking place from October 7 to 9, 2025, in Prague, Czech Republic. Take advantage of exclusive Early Bird rates and secure your spot now!

Join the global community of cryptographers, open-source innovators, security experts, and thought leaders who shape the future of secure communications. The OpenSSL Conference promises to be a landmark event, uniting diverse perspectives from across technical, enterprise, academic, and regulatory fields.