Friday, December 5, 2025
News

OpenSSL 3.6.0: New features, crypto support

by CybrGPT
0 comment

The OpenSSL Project has announced the release of OpenSSL 3.6.0, a feature update that brings significant functionality improvements, standards compliance, and a few key deprecations that developers and security teams will need to keep in mind.

Key cryptographic enhancements

OpenSSL 3.6.0 introduces several important crypto updates:

  • NIST security categories for PKEY objects: Public key objects now carry NIST security category information.
  • Opaque symmetric key objects: New APIs support EVP_SKEY opaque symmetric key objects for use with key derivation and key exchange provider methods. Three new functions have been added: EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY().
  • LMS signature verification: Support for verifying Leighton-Micali Signatures (LMS) has been added, in line with NIST SP 800-208. This feature is available in both the FIPS and default providers.
  • Deterministic ECDSA (FIPS 186-5): The FIPS provider now supports deterministic ECDSA signature generation as specified in FIPS 186-5, offering stronger security guarantees compared to randomized approaches.

Developer and build changes

A few developer-facing changes stand out:

  • C99 requirement: OpenSSL can no longer be built with just an ANSI-C toolchain. Compilers must support C99 features going forward.
  • VxWorks support removed: Support for the VxWorks operating system has been dropped.
  • New configuration utility: A tool named openssl configutl has been introduced. It processes an OpenSSL configuration file and dumps the “equal configuration file,” simplifying configuration auditing and replication.

Deprecations

The release also continues the cleanup of older APIs.

  • EVP_PKEY_ASN1_METHOD: Functions related to EVP_PKEY_ASN1_METHOD have been deprecated, reinforcing the shift toward provider-based abstractions.

Adoption considerations

For developers and security professionals, the headline items are the LMS signature verification support and FIPS 186-5 deterministic ECDSA, both of which align OpenSSL with evolving NIST standards. Developers should also check build toolchains for C99 compliance and note the removal of VxWorks support.

OpenSSL 3.6.0 marks another step in balancing crypto agility with stability across the ecosystem. As always, testing in pre-production environments is strongly recommended before deployment.

Source link

You Might Be Interested In

You may also like

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP...

Scattered Lapsus$ Hunters stress testing Zendesk weak spots • The Register

New ClickFix attacks use fake Windows Updates to swipe creds • The Register

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Stay informed with the latest cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

Facebook Twitter Instagram
Weather Data Source: 30 tage wettervorhersage

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

©2025 cybrgpt.com – All rights reserved.

@2025 - All Right Reserved.
View Cart Checkout Continue Shopping
Close