Security

Unlock the Future of Cybersecurity: OpenSSL 3.5.0 Introduces Cutting-Edge Post-Quantum

tuffbrownboy


Google News

Overview of OpenSSL 3.5.0 Release

On April 8, 2025, the OpenSSL Project launched version 3.5.0 of its essential cryptographic library. This version is a game-changer, integrating advanced post-quantum cryptography (PQC) algorithms to address the increasing threat posed by quantum computing to current encryption methods.

Transformative Features in OpenSSL 3.5.0

This update not only provides tools for future-proofing against quantum threats but also enhances overall cybersecurity with its array of new features:

  • Module Lattice-Based Key Encapsulation Mechanism (ML-KEM): Ensures secure key exchanges even against quantum threats.
  • Module Lattice-Based Digital Signature Algorithm (ML-DSA): Provides high integrity and authentication for digital communications.
  • Stateless Hash-Based Digital Signature Algorithm (SLH-DSA): Uses the SPHINCS+ framework for improved security performance.

Enhanced TLS Protocol Support

The latest release updates the default TLS-supported groups and introduces superior key exchange mechanisms, prioritizing quantum-safe options and enhancing connection security through:

  • Integration of hybrid PQC Key Encapsulation Mechanism (KEM) groups.
  • Updated default TLS keyshares to include X25519MLKEM768 and X25519 options.

Added QUIC Protocol Support

OpenSSL 3.5.0 now supports the QUIC protocol, which facilitates more efficient and robust connections, fully compatible with third-party QUIC stacks and supports 0-RTT connections.

New Configurable Features and Enhancements

  • no-tls-deprecated-ec: Disables outdated TLS groups.
  • enable-fips-jitter: Employs JITTER entropy sources for heightened randomness.
  • Opaque symmetric key objects (EVP_SKEY): Enhances secure key management.

Important Compatibility Changes

The release of OpenSSL 3.5.0 includes several changes that may affect compatibility:

  • Updated default encryption cipher for applications like req, cms, and smime from des-ede3-cbc to aes-256-cbc.
  • Deprecation of all BIO_meth_get_*() functions.

Current issues include an error when SSL_accept is called on objects returned from SSL_accept_connection. A temporary workaround is available using SSL_do_handshake.

With OpenSSL 3.5.0, prepare for tomorrow’s cybersecurity challenges today, strengthening defenses with state-of-the-art quantum-resistant technologies and ongoing innovations.

Related: 7 Alarming Ways Morphing Meerkat PhaaS Employs DNS Reconnaissance to Craft Highly

Last Updated: April 8, 2025

Post Views: 22

Related Posts