OpenSSL 3.5.0 Released with Support for Post-Quantum Cryptography

The OpenSSL Project has officially released version 3.5.0 of its widely used cryptographic library, marking a significant milestone with the integration of post-quantum cryptography (PQC) algorithms and other groundbreaking features.

This release, announced on April 8, 2025, is set to revolutionize cybersecurity by addressing the growing need for quantum-resistant encryption.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

Key Highlights of OpenSSL 3.5.0

1. Post-Quantum Cryptography Algorithms
OpenSSL 3.5.0 introduces support for three major PQC algorithms:

• ML-KEM (Module Lattice-Based Key Encapsulation Mechanism): A secure key exchange mechanism designed to withstand quantum computing attacks.
• ML-DSA (Module Lattice-Based Digital Signature Algorithm): A robust signature algorithm based on lattice structures, ensuring authenticity and non-repudiation.
• SLH-DSA (Stateless Hash-Based Digital Signature Algorithm): A hash-based signature method leveraging the SPHINCS+ framework for enhanced security.

These algorithms comply with emerging standards and are pivotal in preparing for a post-quantum world where classical cryptographic methods may no longer be secure.

2. Enhanced TLS Support
The default TLS-supported groups list has been updated to include hybrid PQC Key Encapsulation Mechanism (KEM) groups, prioritizing quantum-safe options while removing rarely used groups. Additionally, the default TLS keyshares now offer X25519MLKEM768 and X25519, enabling more robust key exchange mechanisms.

3. QUIC Protocol Support
OpenSSL 3.5.0 adds server-side support for QUIC (Quick UDP Internet Connections), as standardized in RFC 9000. This feature includes compatibility with third-party QUIC stacks and supports 0-RTT connections for faster and more efficient communication.

4. New Configuration Options and Features
The release introduces several new capabilities:

• no-tls-deprecated-ec: Disables support for deprecated TLS groups.
• enable-fips-jitter: Enables the FIPS provider to use the JITTER entropy source for enhanced randomness.
• Opaque symmetric key objects (EVP_SKEY): Improves secure key handling.
• Centralized key generation in CMP: Simplifies cryptographic management.

Compatibility Changes and Deprecations

OpenSSL 3.5.0 also brings some potentially incompatible changes:

• The default encryption cipher for certain applications like req, cms, and smime has been updated from des-ede3-cbc to aes-256-cbc.
• All BIO_meth_get_*() functions have been deprecated.

A notable issue in this release involves calling SSL_accept on objects returned from SSL_accept_connection, which currently results in an error. Users are advised to use SSL_do_handshake as a workaround until a fix is implemented in OpenSSL 3.5.1.

With OpenSSL 3.5.0, the project takes a bold step into the quantum era, equipping developers and organizations with tools to safeguard data against future quantum threats while maintaining backward compatibility with existing systems.

This release underscores OpenSSL’s commitment to innovation and security in an ever-evolving digital landscape.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free

The post OpenSSL 3.5.0 Released with Support for Post-Quantum Cryptography appeared first on Cyber Security News.