The final release of OpenSSL 3.4 is now live. We would like to thank all those who contributed to the OpenSSL 3.4 release, without whom OpenSSL would not be possible.

OpenSSL delivers the following significant new features:

• Support for Integrity only cipher suites (RFC 9150)
• JITTER RNG support via statically linked jitterentropy library
• RFC 5755 Attribute Certificate support
• FIPS indicators in support of FIPS 140-3 validation
• Improved Base64 BIO input handling and error reporting
• XOF Digest size reporting improvements
• Windows Registry key-based directory lookup
• Support for several X509v3 extensions
• Support for position independent executables in the openssl app to support address space layout randomization

Please see the CHANGES.md file in the release for a full list of changes since OpenSSL 3.3

OpenSSL 3.4 is a regular release. Upon this final release a one-year full support period is initiated for regular releases. During this phase, bugs and security issues are addressed and fixed according to the Stable Release Updates Policy. Immediately after the Full Support phase ends, the Maintenance Support phase begins, lasting for one year. During this phase, the primary focus is on fixing security issues, although other bugs may be addressed at the discretion of OpenSSL engineering.

The next release will be OpenSSL 3.5. Details on the release schedule can be found on the OpenSSL Release 3.5 Planning Board on GitHub