Do Son 
A new release of OpenSSL 3.5—one of the foundational libraries enabling secure communications over the internet—has officially arrived. Designated as a Long Term Support (LTS) version, this update significantly fortifies the integrity of network connections through the integration of quantum-resistant cryptography, support for the QUIC protocol, and a host of technical enhancements.
The development team has implemented server-side support for the QUIC protocol (RFC 9000), designed to accelerate web applications by streamlining the connection setup process. The update also introduces compatibility with external QUIC implementations, including support for zero round-trip time (0-RTT) mode.
Among the most striking innovations is the addition of post-quantum cryptographic algorithms: ML-KEM, ML-DSA, and SLH-DSA. By default, OpenSSL now employs hybrid PQC KEM groups capable of resisting attacks from quantum computers. Less commonly used cipher suites have been deprecated, while key exchanges now utilize the X25519MLKEM768 and X25519 algorithms.
Security defaults have been upgraded as well: the des-ede3-cbc encryption algorithm has been replaced by the more robust aes-256-cbc in the req, cms, and smime utilities. A new configuration parameter, no-tls-deprecated-ec, allows administrators to disable support for legacy TLS groups as specified in RFC 8422.
The FIPS cryptographic module now supports an enable-fips-jitter option, enabling the use of the JITTER entropy source for enhanced random number generation. The Certificate Management Protocol (CMP) has been expanded to support centralized key generation. In addition, the system now accommodates opaque symmetric keys through EVP_SKEY objects.
TLS group configuration has been refined, and multi-key support has been introduced. A new API has been added to support pipelined operations in encryption algorithms. Meanwhile, all BIO_meth_get_*() functions have been marked as deprecated and are scheduled for removal in future releases.
OpenSSL 3.5 LTS is now available for download from the official website at OpenSSL-Library.org. As part of its long-term support status, this version will continue to receive regular security updates and bug fixes.
