OpenSSL 3.5 Alpha Release Announcement
The OpenSSL Project is pleased to announce that OpenSSL 3.5 Alpha1 pre-release is released and adding significant new functionality to OpenSSL Library.
This release incorporates the following potentially significant or incompatible changes:
- Default encryption cipher for the
req,cms, andsmimeapplications changed fromdes-ede3-cbctoaes-256-cbc. - The TLS supported groups list has been changed in favor of PQC support.
- The default TLS keyshares have been changed to offer X25519MLKEM768 and X25519.
This release adds the following new features:
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks
- Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA)
- Allow the FIPS provider to optionally use the
JITTERseed source. Because this seed source is not part of the OpenSSL FIPS validations, it should only be enabled after the [jitterentropy-library] has been assessed for entropy quality. Moreover, the FIPS provider including this entropy source will need to obtain an [ESV] from the [CMVP] before FIPS compliance can be claimed. Enable this using the configuration optionenable-fips-jitter. - Support for central key generation in CMP
- Support added for opaque symmetric key objects (EVP_SKEY).
- Support for multiple TLS keyshares.
You can download the Alpha release from our download page or from the GitHub release page