In a recent development, the OpenSSL library released version 3.5.0 which includes the implementation of SSL/TLS protocols and various encryption algorithms. OpenSSL 3.5 is classified as a Long Term Support (LTS) release, with updates scheduled for the next 5 years until April 2030. The support for past branches such as OpenSSL 3.3, 3.2, and 3.0 LTS will last until April 2026, November 2025, and September 2026 respectively. The project’s code is distributed under the Apache 2.0 license.
The main innovations in the OpenSSL 3.5.0 release include:
- Added support for cryptoalgorithms resistant to quantum computing selection:
- ml-kem (Crystals-kyber) – a key metabolism algorithm using lattice-based cryptography solutions that are resistant to quantum computing.
- ml-dsa (crystals-dilithium) – an algorithm for digital signature generation based on lattice theory.
- slh-dsa (sphincs+) – a digital signature algorithm using hash-functioning methods, effective in cases of compromised lattice-based algorithms.
- Full support for the QUIC protocol (rfc 9000), enabling its use in both client and server applications. QUIC is a protocol built on top of UDP, providing multiplexing of connections and encryption methods equivalent to TLS. This protocol is utilized in HTTP/3 as an alternative to the TCP+TLS combination, addressing issues with connection setup time and packet loss during data transfer.
- Introduced the ability to utilize third-party stacks with QUIC protocol implementation, including support for 0-rtt mode (0 Round Trip Time) for immediate data exchange upon connection initiation.
- Added support for opaque symmetrical key objects (evp_skey) to shield key details.
/Reports, release notes, official announcements.