OpenSSL 3.6.0, an implementation of the SSL/TLS protocols and various encryption algorithms, has been released. OpenSSL 3.6 is a regular support release, with updates available for 13 months. Support for previous OpenSSL releases—3.5 LTS, 3.4, 3.3, 3.2, and 3.0 LTS—will continue until April 2030, October 2026, April 2026, November 2025, and September 2026, respectively. The project's code is licensed under the Apache 2.0 License.
Main innovations:
- Added support for the EVP_SKEY (Symmetric KEY) structure for representing symmetric keys as opaque objects. Unlike raw keys, which are represented as a byte array, EVP_SKEY abstracts the key structure and contains additional metadata. EVP_SKEY can be used in encryption, key exchange, and key derivation (KDF) functions. The EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() functions have been added for working with EVP_SKEY keys.
- Support has been added for digital signature verification based on the Leighton-Micali Signatures (LMS) scheme, which uses hash functions and tree-based hashing in the form of a Merkle Tree (each branch verifies all underlying branches and nodes). LMS digital signatures are resistant to brute-force testing on a quantum computer and are designed to verify the integrity of firmware and applications.
- Added support for NIST security categories for PKEY object parameters (public and private keys). The security category is set via the "security-category" setting. The EVP_PKEY_get_security_category() function has been added to check the security level. The security level reflects the resistance to brute-force attacks on quantum computers and can take integer values from 0 to 5:
- 0 - implementation not resistant to hacking on quantum computers;
- 1/3/5 — the implementation does not exclude searching on a quantum computer for a key in a block cipher with a 128/192/256-bit key;
- 2/4 - the implementation does not exclude the possibility of searching for a collision in a 256/384-bit hash on a quantum computer).
- The "openssl configutl" command has been added for processing configuration files. This utility allows you to generate a consolidated file with all settings from a multi-file configuration with includes.
- The FIPS cryptographic provider has been updated to support deterministic generation of ECDSA digital signatures (the same signature is generated with the same input data), in accordance with the requirements of the FIPS 186-5 standard.
- Build environment requirements have been increased. Building OpenSSL no longer requires tools with ANSI-C support; a compiler compatible with the C-99 standard is now required.
- Functions related to the EVP_PKEY_ASN1_METHOD structure have been deprecated.
- Support for the VxWorks platform has been discontinued.
Fixed vulnerabilities:
- CVE-2025-9230 is a vulnerability in the decryption code for password-encrypted CMS messages (PWRI). The vulnerability can lead to out-of-bounds data being written or read, which could lead to a crash or memory corruption in an application that uses OpenSSL to process CMS messages. While exploitation of this vulnerability for code execution is possible, the severity of the issue is mitigated by the fact that password-encrypted CMS messages are rarely used in practice. In addition to OpenSSL 3.6.0, the vulnerability was fixed in OpenSSL 3.5.4, 3.4.3, 3.3.5, 3.2.6, and 3.0.18. The issue was also fixed in LibreSSL 4.0.1 and 4.1.1, a library developed by the OpenBSD project.
- CVE-2025-9231 — The implementation of the SM2 algorithm is vulnerable to a side-channel attack. On systems with 64-bit ARM CPUs, this allows private key recovery by analyzing the timing of individual calculations. The attack can potentially be carried out remotely. The attack's risk is mitigated by the fact that OpenSSL does not directly support the use of certificates with SM2 keys in TLS.
- CVE-2025-9232 is a vulnerability in the built-in HTTP client implementation that allows out-of-bounds data reading when processing a specially crafted URL in HTTP Client functions. The issue only manifests itself when the "no_proxy" environment variable is set and can lead to an application crash.
Source: opennet.ru
