Release Announcement for OpenSSL 3.6.0

Oct 1, 2025

The final release of OpenSSL 3.6 is now live. We would like to thank all those who contributed to the OpenSSL 3.6 release, without whom the OpenSSL Library would not be possible.

This release adds the following new features and bug fixes:

• Added NIST security categories for PKEY objects.
• Added support for EVP_SKEY opaque symmetric key objects to the key derivation and key exchange provider methods. Added EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions.
• Added LMS signature verification support as per [SP 800-208]. This support is present in both the FIPS and default providers.
• An ANSI-C toolchain is no longer sufficient for building OpenSSL. The code should build on compilers supporting C-99 features.
• Support for the VxWorks platforms have been removed.
• Added an openssl configutl utility for processing the openssl configuration file and dumping the equal configuration file.
• Added support for FIPS 186-5 deterministic ECDSA signature generation to the FIPS provider.
• Deprecated EVP_PKEY_ASN1_METHOD related functions.

Please see the CHANGES.md file in the release for a full list of changes since OpenSSL 3.5, and incompatible or potentially significant changes.

You can download the release from our download page or from the GitHub release page.

The next release will be OpenSSL 4.0 in April 2026. Follow us up on GitHub, OpenSSL Communities and our Blog.