OpenSSL 4.0 Alpha Repository Freeze Approaching
The OpenSSL Project is announcing the upcoming release of OpenSSL 4.0 Alpha, scheduled for March 10, 2026. As a result, the repository will be frozen before the release on February 24, 2026.
The OpenSSL Project is announcing the upcoming release of OpenSSL 4.0 Alpha, scheduled for March 10, 2026. As a result, the repository will be frozen before the release on February 24, 2026.
Following on from the removal of ENGINE code, deprecated functions for creating or modifying custom METHODS will be removed from OpenSSL 4.0.
For a complete list of deprecated functions removed in OpenSSL 4.0, please see the ossl-removed-api documentation. They are divided into the following pull requests:
EVP_CIPHER_meth_*) were removed in PR
#29299.EVP_MD_meth_*) were removed in PR
#29366.EVP_PKEY_meth_*) were removed in PR
#29384.EVP_PKEY_asn1_*) were removed in PR
#29405. (These
functions were deprecated in OpenSSL 3.6.)Instead of using these methods, developers are encouraged to use the provider framework.
Release Announcement for OpenSSL Library 3.6.1, 3.5 5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze and 1.0.2zn
The OpenSSL Project team announces the release of new versions of our open-source toolkit for SSL/TLS.
OpenSSL 4.0, to be released in April 2026, is the first major release since 3.0 which replaced the ENGINE interface with Providers. Removing ENGINEs is a primary goal of this major release and this post describes the change agreed to by both the OpenSSL Corporation and OpenSSL Foundation.
All symbols defined in openssl/engine.h have been removed from the
shared library in
OpenSSL 4.0. Applications that use the ENGINE API will fail to compile
using the default build settings. This behavior matches what happens
in previous versions when building OpenSSL with the no-engine
configuration
option
with current versions. Up-to-date applications should not include
openssl/engine.h at all.
The voting from the Foundation BAC has been extended through December 21. If you want to participate in the future of the OpenSSL Foundation, please join the communities site and vote for your representative.
The currently running elections are:
For details about how the election works, please consult the Foundation Election Guide.
The OpenSSL Library would like to modernise and streamline development processes, especially to ensure effective code review and make the project easier for contributors to contribute to.
As part of this effort, we will be making some changes to our coding style guidelines and adopting clang-format using the WebKit C coding style as enforced by clang-format. We will transition to using clang-format to check pre-submissions and ensure code follows the format portions of the style guide before PRs are reviewed.
OpenSSL 3.2 series has reached its End of Life (EOL). As such it will no longer receive publicly available security fixes.
September has come and gone, so it’s past time to recognize new contributors to the OpenSSL Library:
| author | date | PR |
|---|---|---|
| xiaoloudongfeng | 2025-09-02 | fix length of digestinfo_sm3_der |
| Pkeane22 | 2025-09-07 | Fixed typo |
| LuiginoC | 2025-09-10 | crypto/evp/bio_ok.c:Integer Overflow in BIO_f_reliable record parser leads to Out-of-Bounds Read |
| ritesh006 | 2025-09-11 | doc: clarify SSL_SESSION_get0_hostname notes |
| jedenastka | 2025-09-11 | Fix cipher protocol ID type in docs |
| leesugil | 2025-09-14 | FIPS 186-5 auxiliary prime length check condition updated (Fixed #28526) |
| rodeka | 2025-09-16 | crypto/ml_dsa: fix public_from_private() error path to return failure |
| jonathimer | 2025-09-18 | Add Linux Foundation Health Score badge to README |
| bleeqer | 2025-09-29 | ts_conf: fix memory leak in TS_CONF_set_policies |
Here are more details on a sample of these pull requests.
The OpenSSL Corporation and the OpenSSL Foundation celebrate the success of the inaugural OpenSSL Conference, held in Prague, October 7-9. This was the first time in the history of the OpenSSL Project that the full community met in person. Developers, legal experts, and users from academics, committers, distributions, individuals, large businesses, and small businesses came together to discuss project direction, share experience, and collaborate on the future of secure digital communication.
Believe it or not, it’s time to start the election process for the 2026 Foundation Business Advisory Committee (FBAC). Advisory committees play a critical role in the governance of the OpenSSL Foundation. This committee focuses on the strategic direction of the OpenSSL Foundation and our mission.
Each of the six communities (Academics, Committers, Distributions, Individuals, Large Businesses and Small Businesses) will have a representative who will serve for one year. In addition to a monthly meeting, representatives also lead discussions on the Communities platform and generally promote the OpenSSL Mission.