OpenSSL 3.6 Series Release Notes
The major changes and known issues for the 3.6 branch of the
OpenSSL toolkit are summarised below. The contents reflect the current
state of the NEWS file inside the
git repository.
More details can be found in the ChangeLog.
Major changes between OpenSSL 3.5 and OpenSSL 3.6.0 [1 Oct 2025]
This release incorporates the following potentially significant or incompatible changes:
-
Added NIST security categories for PKEY objects.
-
Added support for
EVP_SKEYopaque symmetric key objects to the key derivation and key exchange provider methods. AddedEVP_KDF_CTX_set_SKEY(),EVP_KDF_derive_SKEY(), andEVP_PKEY_derive_SKEY()functions. -
Added LMS signature verification support as per SP 800-208. This support is present in both the FIPS and default providers.
-
An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should be built using compilers supporting C-99 features.
-
Support for the VxWorks platforms has been removed.
-
Added an
openssl configutlutility for processing the OpenSSL configuration file and dumping the equal configuration file. -
Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.
-
Deprecated
EVP_PKEY_ASN1_METHOD-related functions.
- Changelog
- CVEs and the FIPS provider
- News
- OpenSSL 1.1.1 Series Release Notes
- OpenSSL 3.0 Series Release Notes
- OpenSSL 3.1 Series Release Notes
- OpenSSL 3.2 Series Release Notes
- OpenSSL 3.3 Series Release Notes
- OpenSSL 3.4 Series Release Notes
- OpenSSL 3.5 Series Release Notes
- OpenSSL 3.6 Series Release Notes
- Release and Advisory Timeline
- Security advisory list (json)
- Security advisory list (txt)
- Vulnerabilities
- Vulnerabilities 0.9.6
- Vulnerabilities 0.9.7
- Vulnerabilities 0.9.8
- Vulnerabilities 1.0.0
- Vulnerabilities 1.0.1
- Vulnerabilities 1.0.2
- Vulnerabilities 1.1.0
- Vulnerabilities 1.1.1
- Vulnerabilities 3.0
- Vulnerabilities 3.1
- Vulnerabilities 3.2
- Vulnerabilities 3.3
- Vulnerabilities 3.4
- Vulnerabilities 3.5
- Top of News