OpenSSL 3.5 Final Release - Live

The final release of OpenSSL 3.5 is now live. We would like to thank all those who contributed to the OpenSSL 3.5 release, without whom the OpenSSL Library would not be possible.

This release adds the following new features:

• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
• Support for server side QUIC (RFC 9000)
• Support for 3rd party QUIC stacks including 0-RTT support
• Support added for opaque symmetric key objects (EVP_SKEY)
• A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422
• A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source
• Support for central key generation in CMP
• Support for multiple TLS keyshares and improved TLS key establishment group configurability
• API support for pipelining in provided cipher algorithms

Please see the CHANGES.md file in the release for a full list of changes since OpenSSL 3.4, and incompatible or potentially significant changes.

OpenSSL 3.5 is a long term stable (LTS) release. Per OpenSSL’s LTS policy, 3.5 will be supported until April 8, 2030.

LTS releases will be supported for 5 years with the final year’s support being security patches only. The previous LTS (OpenSSL 3.0) will continue to be fully supported until September 7, 2025, and receive security fixes until September 7, 2026. Organisations requiring continued support beyond standard timelines are encouraged to contact the OpenSSL Corporation for premium support options. Projects that depend on 3.0 are strongly encouraged to switch to OpenSSL 3.5.

The next release will be OpenSSL 3.6 in October 2025. Follow us up on GitHub, OpenSSL Communities and our Blog.