OpenSSL 3.5 Beta Release Announcement

Mar 25, 2025

The OpenSSL Project is pleased to announce that OpenSSL 3.5 Beta1 pre-release is released and adding significant new functionality to the OpenSSL Library.

This release incorporates the following potentially significant or incompatible changes:

• Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.
• The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.
• The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519.
• All BIO_meth_get_*() functions were deprecated.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)
• Support for 3rd party QUIC stacks including 0-RTT support
• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
• A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422
• A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source
• Support for central key generation in CMP
• Support added for opaque symmetric key objects (EVP_SKEY)
• Support for multiple TLS keyshares and improved TLS key establishment group configurability
• API support for pipelining in provided cipher algorithms

You can download the Beta release from our download page or from the GitHub release page