OpenSSL 3.5 Series Release Notes

The major changes and known issues for the 3.5 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025]

OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this release is Moderate.

This release incorporates the following bug fixes and mitigations:

• Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)

• Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)

• Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

• Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3).

Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]

OpenSSL 3.5.3 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

• Added FIPS 140-3 PCT on DH key generation.

• Fixed the synthesised OPENSSL_VERSION_NUMBER.

• Removed PCT on key import in the FIPS provider as it is not required by the standard.

Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]

OpenSSL 3.5.2 is a bug fix release.

This release incorporates the following bug fixes and mitigations:

• The FIPS provider now performs a PCT on key import for RSA, EC and ECX.

Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]

OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this release is Low.

This release incorporates the following bug fixes and mitigations:

• Fix x509 application adds trusted use instead of rejected use. (CVE-2025-4575)

Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]

OpenSSL 3.5.0 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.

• The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.

• The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.

• All BIO_meth_get_*() functions were deprecated.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)

• Support for 3rd party QUIC stacks including 0-RTT support

• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

• A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422

• A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source

• Support for central key generation in CMP

• Support added for opaque symmetric key objects (EVP_SKEY)

• Support for multiple TLS keyshares and improved TLS key establishment group configurability

• API support for pipelining in provided cipher algorithms

Known issues in 3.5.0

• https://github.com/openssl/openssl/issues/27282 Calling SSL_accept on objects returned from SSL_accept_connection results in error. It is expected that making this call will advance the SSL handshake for the passed connection, but currently it does not. This can be handled by calling SSL_do_handshake instead. A fix is planned for OpenSSL 3.5.1