Leonid Herasimau's Avatar
Leonid Herasimau
News·yesterday

OpenSSL 3.6.0 Released

Image

On October 1, 2025, the open-source project OpenSSL 3.6.0 was released. The cryptographic library supports new encryption and key management algorithms, works with SSL/TLS protocols at the Linux client kernel level, has an updated FIPS module, and has been integrated with the Certificate Management Protocol (CMP).

The project's source code is written in C and Perl and is distributed under the Apache 2.0 license. The release of OpenSSL 3.0.0 took place in September 2021. OpenSSL 3.4.0 was released at the end of 2024. OpenSSL 3.5.0 was introduced in April 2025.

The OpenSSL 3.6 release is classified as a standard support build, with updates released for 13 months. The OpenSSL 3.5.0 release is classified as a Long-Term Support (LTS) release, for which updates will be released for 5 years (until April 2030). Support for previous branches OpenSSL 3.3, 3.2 and 3.0 LTS will last until April 2026, November 2025, and September 2026, respectively.

According to OpenNET, the main refinements and #openssl-3.6" rel="noopener noreferrer nofollow">improvements in OpenSSL 3.6.0 are:

  • Added support for the EVP_SKEY (Symmetric KEY) structure to represent symmetric keys as opaque objects. Unlike raw keys, which are represented by a byte array, the key structure in EVP_SKEY is abstracted and contains additional metadata. EVP_SKEY can be used in encryption, key exchange, and key derivation (KDF) functions. The functions EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() have been added to work with EVP_SKEY keys;
  • Added support for verifying digital signatures based on the LMS (Leighton-Micali Signatures) scheme, which uses hash functions and tree-based hashing in the form of a Merkle Tree (each branch verifies all underlying branches and nodes). LMS digital signatures are resistant to quantum computer attacks and are designed to ensure the integrity of firmware and applications;
  • Added support for NIST security categories for PKEY object parameters (public and private keys). The security category is set via the security-category setting. The EVP_PKEY_get_security_category() function has been added to check the security level. The security level reflects resistance to quantum computer attacks and can take integer values from 0 to 5: 0 - implementation not resistant to quantum computer attacks; 1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key; 2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
  • 0 - implementation not resistant to quantum computer attacks;
  • 1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key;
  • 2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
  • Added the openssl configutl command to process configuration files. The utility allows generating a consolidated file with all settings from a multi-file configuration with include directives;
  • Added support for deterministic ECDSA digital signature generation to the FIPS crypto provider (the same signature is generated for the same input data), in accordance with the FIPS 186-5 standard requirements;
  • Increased build environment requirements. A toolchain with ANSI-C support is no longer sufficient to build OpenSSL; a C-99 compliant compiler is now required;
  • Functions related to the EVP_PKEY_ASN1_METHOD structure have been deprecated;
  • Support for the VxWorks platform has been discontinued.

The new version of the project fixes the following vulnerabilities:

  • CVE-2025-9230 — a vulnerability in the decryption code for CMS messages encrypted with a password (PWRI). The vulnerability can lead to an out-of-bounds write and read, allowing an attacker to cause a crash or memory corruption in an application that uses OpenSSL to process CMS messages. Exploitation for code execution is not ruled out, but the severity of the issue is reduced by the fact that password-based encryption of CMS messages is very rarely used in practice. In addition to OpenSSL 3.6.0, the vulnerability is fixed in OpenSSL releases 3.5.4, 3.4.3, 3.3.5, 3.2.6, and 3.0.18. The issue has also been fixed in updates to LibreSSL 4.0.1 and 4.1.1, developed by the OpenBSD project;
  • CVE-2025-9231 — the implementation of the SM2 algorithm is vulnerable to a side-channel attack that allows an attacker on systems with 64-bit ARM CPUs to reconstruct the private key by analyzing timing variations of specific computations. The attack could potentially be carried out remotely. The severity of the attack is reduced by the fact that OpenSSL does not directly support the use of certificates with SM2 keys in TLS;
  • CVE-2025-9232 — a vulnerability in the built-in HTTP client implementation that leads to an out-of-bounds read when processing a specially crafted URL in HTTP Client functions. The issue only manifests when the no_proxy environment variable is set and can lead to an application crash.

#openssl #news

0
44
Comments
Please log in to add comments.
Loading comments...

Recommendations