OpenSSL 3.4: What's New, Release History & EOL Status

What Is New in OpenSSL 3.4

What new cryptographic algorithms and signature support does OpenSSL 3.4 provide?

OpenSSL 3.4 adds composite signature algorithms such as RSA-SHA2-256 and introduces integrity-only TLS 1.3 cipher suites defined in RFC 9150.

• Composite signatures are exposed via the EVP_PKEY algorithm identifier RSA-SHA2-256 and can be used with EVP_DigestSignInit.
• TLS 1.3 now supports TLS_SHA256_SHA256 and TLS_SHA384_SHA384, useful for environments that require separate hash for handshake and traffic.
• RFC 9579 PBMAC1 is implemented in the PKCS#12 module, allowing password-based MACs with stronger key derivation.

EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_RSA, NULL, keybuf, keylen);
EVP_MD *md = EVP_get_digestbyname("SHA256");
EVP_DigestSignInit(ctx, NULL, md, NULL, pkey); // composite RSA-SHA2-256

How have the provider and FIPS modules changed in OpenSSL 3.4?

The FIPS provider now includes explicit FIPS-mode indicators and marks X25519/X448 as fips=no, while the default provider gains optional jitterentropy RNG support.

• FIPS indicators can be queried via OSSL_PROVIDER_get_capabilities() to confirm that the provider is operating in validated mode.
• X25519 and X448 are still available but will be disabled when the FIPS provider is loaded with fips=yes.
• The jitterentropy RNG source is linked statically; enable it by adding rng = jitter to the openssl.cnf RNG section.

Which APIs were deprecated or replaced in OpenSSL 3.4 and what should developers use instead?

Several legacy APIs have been superseded by Y2038-safe variants and new "_set0_" helpers.

• TS_VERIFY_CTX_set_* functions are replaced by TS_VERIFY_CTX_set0_* which accept const pointers and avoid accidental modification.
• Time-related session functions now use SSL_SESSION_get_time_ex() and SSL_SESSION_set_time_ex(), which accept a time_t that is safe on platforms with 64-bit time.
• SSL_CTX_flush_sessions() is deprecated; use SSL_CTX_flush_sessions_ex() for explicit control.

What are the most critical security fixes in the OpenSSL 3.4.x patch releases?

Each point-release from 3.4.1 to 3.4.5 addresses multiple CVEs, with the most severe being a High-severity fix in 3.4.4 and a Moderate-severity fix in 3.4.5.

• 3.4.5: Fixed use-after-free in DANE client code (CVE-2026-28387) and RSA-KEM encapsulation failure handling (CVE-2026-31790).
• 3.4.4: Patched PBMAC1 parameter validation (CVE-2025-11187) and TLS 1.3 compressed certificate memory blow-up (CVE-2025-66199).
• Earlier releases also fixed NULL dereferences in SSL_CIPHER_find(), heap overflows in BIO line buffering, and out-of-bounds writes in PKCS#12 handling.

What configuration and runtime behavior changes should operators be aware of in OpenSSL 3.4?

OpenSSL 3.4 introduces stricter configuration validation and alters default TLS handshake extensions.

• Setting config_diagnostics=1 in openssl.cnf forces SSL_CTX_new() and SSL_CTX_new_ex() to return errors on misconfiguration, helping catch problems early.
• On Windows, OPENSSLDIR, ENGINESDIR, and MODULESDIR can now be overridden at runtime via registry keys, removing the need for rebuilds.
• Clients with a minimum TLS version greater than 1.0 now send an empty renegotiation extension instead of the legacy SCSV, improving compliance with modern servers.