OpenSSL 3.6 Series Release Notes

The major changes and known issues for the 3.6 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 3.6.1 and OpenSSL 3.6.2 [7 Apr 2026]

OpenSSL 3.6.2 is a security patch release. The most severe CVE fixed in this release is Medium.

This release incorporates the following bug fixes and mitigations:

• Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. (CVE-2026-31790)

• Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in the server-side configuration of the key-agreement group list. (CVE-2026-2673)

• Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support. (CVE-2026-28386)

• Fixed potential use-after-free in DANE client code. (CVE-2026-28387)

• Fixed NULL pointer dereference when processing a delta CRL. (CVE-2026-28388)

• Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. (CVE-2026-28389)

• Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. (CVE-2026-28390)

• Fixed heap buffer overflow in hexadecimal conversion. (CVE-2026-31789)

Major changes between OpenSSL 3.6.0 and OpenSSL 3.6.1 [27 Jan 2026]

OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. (CVE-2025-11187)

• Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)

• Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. (CVE-2025-15468)

• Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB. (CVE-2025-15469)

• Fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199)

• Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)

• Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418)

• Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)

• Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)

• Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)

• Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)

• Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)

• Fixed a regression in X509_V_FLAG_CRL_CHECK_ALL flag handling by restoring its pre-3.6.0 behaviour.

• Fixed a regression in handling stapled OCSP responses causing handshake failures for OpenSSL 3.6.0 servers with various client implementations.

Major changes between OpenSSL 3.5 and OpenSSL 3.6.0 [1 Oct 2025]

OpenSSL 3.6.0 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Added NIST security categories for PKEY objects.

• Added support for EVP_SKEY opaque symmetric key objects to the key derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.

• Added LMS signature verification support as per SP 800-208. This support is present in both the FIPS and default providers.

• An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should be built using compilers supporting C-99 features.

• Support for the VxWorks platforms has been removed.

• Added an openssl configutl utility for processing the OpenSSL configuration file and dumping the equal configuration file.

• Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.

• Deprecated EVP_PKEY_ASN1_METHOD-related functions.