OpenSSL 3.6 Alpha Release Announcement

Sep 2, 2025

The OpenSSL Project is pleased to announce that OpenSSL 3.6 Alpha1 pre-release is released and adding significant new functionality to OpenSSL Library.

OpenSSL 3.6.0 is a feature pre-release adding significant new functionality, bug fixes and mitigations:

• Added PCT for key import for SLH-DSA when in FIPS mode.
• Added FIPS 140-3 PCT on DH key generation.
• Added NIST security categories for PKEY objects.
• Added support for EVP_SKEY opaque symmetric key objects to the key derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.
• The FIPS provider now performs a PCT on key import for RSA, EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
• Added LMS signature verification support as per [SP 800-208]. This support is present in both the FIPS and default providers.
• An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should build on compilers supporting C-99 features.
• The VxWorks platforms have been removed.
• Added an openssl configutl utility for processing the openssl configuration file and dumping the equal configuration file.
• Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.
• Deprecated EVP_PKEY_ASN1_METHOD related functions.

You can download the Alpha release from our download page or from the GitHub release page