Skip to content

Releases: openssl/openssl

OpenSSL 4.0.0

14 Apr 12:55
@openssl-machine openssl-machine
openssl-4.0.0
11b7b6e

Choose a tag to compare

View all tags
OpenSSL 4.0.0 Latest
Latest

OpenSSL 4.0.0 is a feature release adding significant new functionality
to OpenSSL.

This release incorporates the following potentially significant or incompatible
changes:

  • Removed extra leading '00:' when printing key data such as an RSA modulus
    in hexadecimal format where the first (most significant) byte is >= 0x80.

  • Standardized the width of hexadecimal dumps to 24 bytes for signatures
    (to stay within the 80 characters limit) and 16 bytes for everything else.

  • Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC API
    with FIPS provider.

  • Added AKID verification checks when X509_V_FLAG_X509_STRICT is set.

  • Augmented CRL verification process with several additional checks.

  • libcrypto no longer cleans up globally allocated data via atexit().

  • BIO_snprintf() now uses snprintf() provided by libc instead of internal
    implementation.

  • OPENSSL_cleanup() now runs in a global destructor, or not at all
    by default.

  • ASN1_STRING has been made opaque.

  • Signatures of numerous API functions, including those that are related
    to X509 processing, are changed to include const qualifiers for argument
    and return types, where suitable.

  • Deprecated X509_cmp_time(), X509_cmp_current_time(),
    and X509_cmp_timeframe() in favor of X509_check_certificate_times().

  • Removed support for the SSLv2 Client Hello.

  • Removed support for SSLv3. SSLv3 has been deprecated since 2015,
    and OpenSSL had it disabled by default since version 1.1.0 (2016).

  • Removed support for engines. The no-engine build option
    and the OPENSSL_NO_ENGINE macro are always present.

  • Support of deprecated elliptic curves in TLS according to RFC 8422 was
    disabled at compile-time by default. To enable it, use the
    enable-tls-deprecated-ec configuration option.

  • Support of explicit EC curves was disabled at compile-time by default.
    To enable it, use the enable-ec_explicit_curves configuration option.

  • Removed c_rehash script tool. Use openssl rehash instead.

  • Removed the deprecated msie-hack option from the openssl ca command.

  • Removed BIO_f_reliable() implementation without replacement.
    It was broken since 3.0 release without any complaints.

  • Removed deprecated support for custom EVP_CIPHER, EVP_MD, EVP_PKEY,
    and EVP_PKEY_ASN1 methods.

  • Removed deprecated fixed SSL/TLS version method functions.

  • Removed deprecated functions ERR_get_state(), ERR_remove_state()
    and ERR_remove_thread_state(). The ERR_STATE object is now always
    opaque.

  • Dropped darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets
    from Configurations.

This release adds the following new features:

  • Support for Encrypted Client Hello (ECH, RFC 9849).
    See doc/designs/ech-api.md for details.

  • Support for RFC 8998, signature algorithm sm2sig_sm3, key exchange
    group curveSM2, and [tls-hybrid-sm2-mlkem] post-quantum group
    curveSM2MLKEM768.

  • cSHAKE function support as per SP 800-185.

  • "ML-DSA-MU" digest algorithm support.

  • Support for SNMP KDF and SRTP KDF.

  • FIPS self tests can now be deferred and run as needed when installing
    the FIPS module with the -defer_tests option of the openssl fipsinstall
    command.

  • Support for using either static or dynamic VC runtime linkage
    on Windows.

  • Support for negotiated FFDHE key exchange in TLS 1.2 in accordance
    with RFC 7919.

Assets 6
Loading

OpenSSL 3.6.2

07 Apr 12:23
@openssl-machine openssl-machine
openssl-3.6.2
fe686e1

Choose a tag to compare

View all tags
OpenSSL 3.6.2

OpenSSL 3.6.2 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed loss of key agreement group tuple structure when the DEFAULT keyword
    is used in the server-side configuration of the key-agreement group list.
    (CVE-2026-2673)

  • Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
    (CVE-2026-28386)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Loading
2 Join discussion

OpenSSL 3.5.6

07 Apr 12:30
@openssl-machine openssl-machine
openssl-3.5.6
286ddea

Choose a tag to compare

View all tags
OpenSSL 3.5.6

OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed loss of key agreement group tuple structure when the DEFAULT keyword
    is used in the server-side configuration of the key-agreement group list.
    (CVE-2026-2673)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Loading
0 Join discussion

OpenSSL 3.4.5

07 Apr 12:37
@openssl-machine openssl-machine
openssl-3.4.5
03b8620

Choose a tag to compare

View all tags
OpenSSL 3.4.5

OpenSSL 3.4.5 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Loading
0 Join discussion

OpenSSL 3.3.7

07 Apr 12:43
@openssl-machine openssl-machine
openssl-3.3.7
204165c

Choose a tag to compare

View all tags
OpenSSL 3.3.7

OpenSSL 3.3.7 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Loading
0 Join discussion

OpenSSL 3.0.20

07 Apr 12:52
@openssl-machine openssl-machine
openssl-3.0.20
5aada9c

Choose a tag to compare

View all tags
OpenSSL 3.0.20

OpenSSL 3.0.20 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Loading
4 Join discussion

OpenSSL 4.0.0-beta1

24 Mar 15:23
@openssl-machine openssl-machine
openssl-4.0.0-beta1
470ad17

Choose a tag to compare

View all tags
OpenSSL 4.0.0-beta1 Pre-release
Pre-release

OpenSSL 4.0.0-beta1 is a feature release adding significant new functionality
to OpenSSL.

This release incorporates the following potentially significant or incompatible
changes:

  • Removed extra leading '00:' when printing key data such as an RSA modulus
    in hexadecimal format where the first (most significant) byte is >= 0x80.

  • Standardized the width of hexadecimal dumps to 24 bytes for signatures
    (to stay within the 80 characters limit) and 16 bytes for everything else.

  • Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC API
    with FIPS provider.

  • Added AKID verification checks when X509_V_FLAG_X509_STRICT is set.

  • Augmented CRL verification process with several additional checks.

  • libcrypto no longer cleans up globally allocated data via atexit().

  • OPENSSL_cleanup() now runs in a global destructor, or not at all
    by default.

  • ASN1_STRING has been made opaque.

  • Signatures of numerous API functions, including those that are related
    to X509 processing, are changed to include const qualifiers for argument
    and return types, where suitable.

  • Deprecated X509_cmp_time(), X509_cmp_current_time(),
    and X509_cmp_timeframe() in favor of X509_check_certificate_times().

  • Removed support for the SSLv2 Client Hello.

  • Removed support for SSLv3. SSLv3 has been deprecated since 2015,
    and OpenSSL had it disabled by default since version 1.1.0 (2016).

  • Removed support for engines. The no-engine build option
    and the OPENSSL_NO_ENGINE macro are always present.

  • Support of deprecated elliptic curves in TLS according to RFC 8422 was
    disabled at compile-time by default. To enable it, use the
    enable-tls-deprecated-ec configuration option.

  • Support of explicit EC curves was disabled at compile-time by default.
    To enable it, use the enable-ec_explicit_curves configuration option.

  • Removed c_rehash script tool. Use openssl rehash instead.

  • Removed the deprecated msie-hack option from the openssl ca command.

  • Removed BIO_f_reliable() implementation without replacement.
    It was broken since 3.0 release without any complaints.

  • Removed deprecated functions ERR_get_state(), ERR_remove_state()
    and ERR_remove_thread_state(). The ERR_STATE object is now always opaque.

  • Dropped darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets
    from Configurations.

This release adds the following new features:

  • Support for Encrypted Client Hello (ECH, RFC 9849).
    See doc/designs/ech-api.md for details.

  • Support for RFC 8998, signature algorithm sm2sig_sm3, key exchange
    group curveSM2, and [tls-hybrid-sm2-mlkem] post-quantum group
    curveSM2MLKEM768.

  • cSHAKE function support as per SP 800-185.

  • "ML-DSA-MU" digest algorithm support.

  • Support for SNMP KDF and SRTP KDF.

  • FIPS self tests can now be deferred and run as needed when installing
    the FIPS module with the -defer_tests option of the openssl fipsinstall
    command.

  • Support for using either static or dynamic VC runtime linkage
    on Windows.

  • Support for negotiated FFDHE key exchange in TLS 1.2 in accordance
    with RFC 7919.

Loading

OpenSSL 4.0.0-alpha1

10 Mar 14:55
@openssl-machine openssl-machine
openssl-4.0.0-alpha1
a2d1457

Choose a tag to compare

View all tags
OpenSSL 4.0.0-alpha1 Pre-release
Pre-release

OpenSSL 4.0.0-alpha1 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible
changes:

  • Removed extra leading '00:' when printing key data such as an RSA modulus
    in hexadecimal format where the first (most significant) byte is >= 0x80.

  • Standardized the width of hexadecimal dumps to 24 bytes for signatures
    (to stay within the 80 characters limit) and 16 bytes for everything else.

  • Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC API
    with FIPS provider.

  • Added AKID verification checks when X509_V_FLAG_X509_STRICT is set.

  • Augmented CRL verification process with several additional checks.

  • libcrypto no longer cleans up globally allocated data via atexit().

  • OPENSSL_cleanup() now runs in a global destructor, or not at all
    by default.

  • ASN1_STRING has been made opaque.

  • Signatures of numerous API functions, including those that are related
    to X509 processing, are changed to include const qualifiers for argument
    and return types, where suitable.

  • Deprecated X509_cmp_time(), X509_cmp_current_time(),
    and X509_cmp_timeframe() in favor of X509_check_certificate_times().

  • Removed support for the SSLv2 Client Hello.

  • Removed support for SSLv3. SSLv3 has been deprecated since 2015,
    and OpenSSL had it disabled by default since version 1.1.0 (2016).

  • Removed support for engines. The no-engine build option
    and the OPENSSL_NO_ENGINE macro are always present.

  • Support of deprecated elliptic curves in TLS according to RFC 8422 was
    disabled at compile-time by default. To enable it, use the
    enable-tls-deprecated-ec configuration option.

  • Removed c_rehash script tool. Use openssl rehash instead.

  • Removed the deprecated msie-hack option from the openssl ca command.

  • Removed BIO_f_reliable() implementation without replacement.
    It was broken since 3.0 release without any complaints.

  • Removed deprecated functions ERR_get_state(), ERR_remove_state()
    and ERR_remove_thread_state(). The ERR_STATE object is now always opaque.

  • Dropped darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets
    from Configurations.

This release adds the following new features:

  • Support for Encrypted Client Hello (ECH, RFC 9849).
    See doc/designs/ech-api.md for details.

  • Support for RFC 8998, signature algorithm sm2sig_sm3, key exchange
    group curveSM2, and [tls-hybrid-sm2-mlkem] post-quantum group
    curveSM2MLKEM768.

  • cSHAKE function support as per SP 800-185.

  • "ML-DSA-MU" digest algorithm support.

  • Support for SNMP KDF and SRTP KDF.

  • FIPS self tests can now be deferred and run as needed when installing
    the FIPS module with the -defer_tests option of the openssl fipsinstall
    command.

  • Support for using either static or dynamic VC runtime linkage
    on Windows.

  • Support for negotiated FFDHE key exchange in TLS 1.2 in accordance
    with RFC 7919.

Loading
2 Join discussion

OpenSSL 3.6.1

27 Jan 13:52
@openssl-machine openssl-machine
openssl-3.6.1
c9a9e5b

Choose a tag to compare

View all tags
OpenSSL 3.6.1

OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this
release is High.

This release incorporates the following bug fixes and mitigations:

  • Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
    (CVE-2025-11187)

  • Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing.
    (CVE-2025-15467)

  • Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
    (CVE-2025-15468)

  • Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB.
    (CVE-2025-15469)

  • Fixed TLS 1.3 CompressedCertificate excessive memory allocation.
    (CVE-2025-66199)

  • Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes.
    (CVE-2025-68160)

  • Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
    function calls.
    (CVE-2025-69418)

  • Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
    (CVE-2025-69419)

  • Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response()
    function.
    (CVE-2025-69420)

  • Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function.
    (CVE-2025-69421)

  • Fixed Missing ASN1_TYPE validation in PKCS#12 parsing.
    (CVE-2026-22795)

  • Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes()
    function.
    (CVE-2026-22796)

  • Fixed a regression in X509_V_FLAG_CRL_CHECK_ALL flag handling by
    restoring its pre-3.6.0 behaviour.

  • Fixed a regression in handling stapled OCSP responses causing handshake
    failures for OpenSSL 3.6.0 servers with various client implementations.

Loading
2 Join discussion

OpenSSL 3.5.5

27 Jan 13:53
@openssl-machine openssl-machine
openssl-3.5.5
67b5686

Choose a tag to compare

View all tags
OpenSSL 3.5.5

OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this
release is High.

This release incorporates the following bug fixes and mitigations:

  • Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
    (CVE-2025-11187)

  • Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing.
    (CVE-2025-15467)

  • Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
    (CVE-2025-15468)

  • Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB.
    (CVE-2025-15469)

  • Fixed TLS 1.3 CompressedCertificate excessive memory allocation.
    (CVE-2025-66199)

  • Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes.
    (CVE-2025-68160)

  • Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
    function calls.
    (CVE-2025-69418)

  • Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
    (CVE-2025-69419)

  • Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response()
    function.
    (CVE-2025-69420)

  • Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function.
    (CVE-2025-69421)

  • Fixed Missing ASN1_TYPE validation in PKCS#12 parsing.
    (CVE-2026-22795)

  • Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes()
    function.
    (CVE-2026-22796)

Loading
0 Join discussion