We are pleased to announce that OpenSSL
3.5
will be the next long term stable (LTS) release. Per OpenSSL’s LTS
policy,
3.5 will be supported until April 8, 2030.
The previous LTS (OpenSSL 3.0)
will continue to be fully supported until September 7, 2025 and
receive security fixes until September 7, 2026. Projects that
currently depend on 3.0 are strongly encouraged to switch to OpenSSL
3.5 once it has been released.
In addition, the OpenSSL Corporation and Foundation have agreed to
designate an LTS every two years. That means there will be an LTS
release in April of 2027, another in 2029, and so on. As always, each
LTS will be supported for 5 years with the final year’s support being
security patches only. For more information, please see the OpenSSL
Library Roadmap.
We’re introducing a streamlined process for deciding which new features make it into each OpenSSL Library release. This involves two layers of readiness checks—technical and business—to help ensure features are both technically sound and well-aligned with the broader needs of the communities. For OpenSSL 3.5, the OpenSSL Technical Committee (OTC) has advised on technical readiness, and the Business Advisory Committee has advised on business readiness.
The go/no-go decisions ensure we merge well-vetted features into the main codebase for OpenSSL 3.5, complementing OpenSSL Library’s existing review process.
The freeze date for OpenSSL 3.5 Alpha is rapidly approaching. If you have a feature on the planning page, please ensure that your associated PRs are posted, reviewed, and ready to be merged before the include/exclude decision date (Tuesday, February 11, 2025) and merged before the repository freeze date (Tuesday, February 25, 2025). Otherwise, the feature will be postponed until the next release.
Important dates
Feature branches include/exclude decision date: February 11, 2025
Feature branches merge: February 18, 2025
Repository freeze date: February 25, 2025
Alpha release date: March 11, 2025
Beta release date: March 25, 2025
Release date: April 8, 2025
Current highlights of the feature list planned for 3.5 include:
QUIC server - QUIC (RFC 9000 - Quick UDP Internet Connections) is a protocol intended to deliver faster, secure communication for Internet applications. Standardized as RFC 9000, QUIC operates over UDP.
ML-KEM - Module Lattice Based Key Encapsulation Mechanism (FIPS 203), a post-quantum cryptography algorithm for key encapsulation for secure key exchange.
ML-DSA - Module Lattice Based Digital Signature Algorithm (FIPS 204), a post-quantum cryptography algorithm for signature generation and verification for proof of authenticity and non-repudiation.
SLH-DSA - Stateless Hash Based Digital Signature Algorithm (FIPS 205), a post-quantum cryptography algorithm for signature generation and verification for proof of authenticity and non-repudiation.
If you have any questions or comments regarding the OpenSSL 3.5 release contact us at feedback@openssl.org.
The anticipated future arrival of cryptographically relevant quantum computers (CRQCs),
that could undermine the algorithms that underlie the currently most widely used public key algorithms (ECDHE, ECDSA, DH and RSA),
has led to the development and recent standardisation of new “post-quantum” (PQ) algorithms, that are believed to not be vulnerable to CRQC attack.
Two of the first algorithms standardized are ML-KEM (for key agreement) and ML-DSA (for digital signatures).
These algorithms are standardized by NIST in FIPS 203 and FIPS 204. These define the algorithm parameters and how to correctly
perform the necessary mathematical operations, but do not define such details as data formats for public and private keys.
Those details were left to other standards organisations, such as the IETF.
From the very beginning of the project, OpenSSL has depended on a
community of experts to enable secure and private communication. It’s
safe to say that without volunteers contributing code, tests and
documentation, we wouldn’t have the modern internet. In order to
preserve and grow that ecosystem, the OpenSSL
Foundation has brought in Jon Ericson
as its first Communities Manager.
Jon began his programming career as an intern at the US National
Weather Service where he designed software to test instruments for the
Automated Surface Observing System
(ASOS). He continued as a programmer
at the Jet Propulsion Laboratory (JPL)
with the Shuttle Radar Topography Mission
(SRTM)
ground-data team. When that project ended, he managed data processing
for the Tropospheric Emission Spectrometer
(TES) mission which collected global
atmospheric data from heliosynchronous orbit. Along the way he
participated in open source projects such as Perl and Emacs via Usenet
groups and mailing lists.
The OpenSSL Foundation will be attending FOSDEM in Brussels, Belgium on 1-2 February 2025, and we’d like to connect with you!
The Free and Open Source Developers’ European Meeting (FOSDEM) is a volunteer-organized event to promote the widespread use of free and open source software. The conference includes 1,001 events across two days, taking place in 40 rooms on the ULB Solbosch Campus. There is no fee to participate and attend.
The OpenSSL Foundation is pleased to share its Annual Report for fiscal year 2024, covering the period of August 1, 2023 through July 31, 2024. This public document is a first for the Foundation, reflecting a renewed commitment to transparency with our communities and the sponsors and donors whose contributions provide critical financial support.
One year ago, we celebrated the 25th anniversary of OpenSSL, marking the release of version 0.9.1c on December 23, 1998, and it seemed fitting to share this Annual Report today, on OpenSSL’s 26th birthday. So much has changed over those 26 years, but our reliance on our community of committers, contributors, and funders has not. We greatly appreciate the many contributions of many types that keep OpenSSL strong and secure and hope you enjoy reading about all that we achieved together.
As previously communicated the recent election for the Distributions seat on the
Foundation BAC resulted in a tie between Dmitry Belyavsky (Red Hat) and John
Haxby (Oracle). As a result we will be re-running this election in early January
with just these two candidates. Voting will open on 3rd January 2025 and will
close on 10th January 2025.
The “Distributions” community includes maintainers of operating systems or
significant packages that integrate OpenSSL Foundation and OpenSSL Corporation
projects. If you are involved in an OpenSSL distribution then we encourage you
to sign up to the
community and vote in the second round of the election in January.
Upon certification of the election results by the Election Committee, the OpenSSL Foundation and the OpenSSL Corporation are pleased to announce the official results of the Business Advisory Committee (BAC) elections. After a thorough nomination and voting process, the OpenSSL community has selected a group of distinguished individuals to provide guidance and advice to OpenSSL.
Newly Elected Members
The following candidates have been elected to serve on the Business Advisory Committee:
The OpenSSL Foundation is pleased to announce that we are reopening the opportunity for individuals to financially support our work through donations on Github Sponsors. Individual contributions of time, expertise, and financial support have always been critical to our ability to keep improving the OpenSSL software library, and we are excited to once again welcome financial contributions at all levels.
