Latest in branch 3.6
3.6.2
Released 07 Apr 2026
(1 month ago)
SoftwareOpenSSL
Branch3.6
Status
Supported
Initial release3.6.0
01 Oct 2025
(7 months ago)
Latest release3.6.2
07 Apr 2026
(1 month ago)
End of
OSS support		01 Nov 2026
(Ends in 5 months)
Premium supportUnavailable
Release noteshttps://github.com/openssl/openssl/releases/tag/openssl-3.6.2
Source codehttps://github.com/openssl/openssl/tree/openssl-3.6.2
Downloadhttps://github.com/openssl/openssl/releases/tag/openssl-3.6.2
OpenSSL 3.6 ReleasesView full list
SEE ALSO: MySQL MySQL HAProxy HAProxy New Redis Redis New Elasticsearch Elasticsearch New NGINX OSS NGINX OSS New Apache Kafka Apache Kafka Keycloak Keycloak Docker Engine Docker Engine New

What Is New in OpenSSL 3.6

Category Highlights
New Features NIST security categories for PKEY objects; EVP_SKEY opaque symmetric key support; LMS signature verification (SP 800-208); FIPS 186-5 deterministic ECDSA; new openssl configutl utility.
Improvements Restored X509_V_FLAG_CRL_CHECK_ALL behavior; fixed stapled OCSP regression; corrected DEFAULT keyword handling in key-agreement group lists.
Bug Fixes Dozens of CVE patches covering RSA-KEM, AES-CFB-128, DANE, delta CRL handling, CMS recipient info, hex conversion, PKCS#12 MAC validation, CMS AuthEnvelopedData, TLS 1.3 compressed certificates, BIO line-buffer, OCB trailing bytes, and more.
Breaking Changes VxWorks platform support removed; build now requires a C-99 capable compiler; several legacy APIs no longer compile.
Deprecations All EVP_PKEY_ASN1_METHOD-related functions are deprecated in favor of the new provider-based APIs.

What new cryptographic capabilities does OpenSSL 3.6 bring?

OpenSSL 3.6 adds a suite of modern algorithms and key-handling primitives that were previously unavailable.

  • NIST security categories are now attached to PKEY objects, enabling policy-driven key usage.
  • The EVP_SKEY opaque symmetric key type lets providers expose raw key material without leaking it to the application layer.
  • LMS (Leighton-Micali-Signature) verification is supported out-of-the-box, complying with SP 800-208.
  • Deterministic ECDSA per FIPS 186-5 is available in the FIPS provider, useful for reproducible signatures.

Example: deriving a symmetric key with the new API:

EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_CTX_set_params(ctx, OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0));
EVP_KDF_CTX_set_SKEY(ctx, NULL, 0); /* opaque key placeholder */
EVP_KDF_derive_SKEY(ctx, out, outlen);
EVP_KDF_CTX_free(ctx);
EVP_KDF_free(kdf);

How has OpenSSL 3.6 hardened its security posture?

The 3.6 series patches dozens of high-impact vulnerabilities across the TLS, CMS, PKCS#12, and low-level crypto code paths.

  • RSA-KEM encapsulation failure handling (CVE-2026-31790) and AES-CFB-128 out-of-bounds read on AVX-512 CPUs (CVE-2026-28386).
  • Multiple NULL-pointer dereferences in delta CRL, CMS KeyAgreeRecipientInfo, and KeyTransportRecipientInfo handling (CVE-2026-28388-28390).
  • Heap buffer overflow in hex conversion (CVE-2026-31789) and in PKCS#12 friendly-name UTF-8 conversion (CVE-2025-69419).
  • Fixes for TLS 1.3 compressed certificate memory blow-up (CVE-2025-66199) and DANE client use-after-free (CVE-2026-28387).

In practice these patches eliminate denial-of-service vectors and prevent potential key-material leakage in production workloads.

What breaking changes and deprecations should I watch for when moving to OpenSSL 3.6?

Upgrading to 3.6 requires attention to removed platform support, compiler requirements, and API deprecations.

  • VxWorks support removed - any embedded build targeting VxWorks must migrate to a supported OS.
  • C-99 compiler required - the build now uses designated initializers and other C-99 features; older ANSI-C toolchains will fail.
  • EVP_PKEY_ASN1_METHOD functions deprecated - replace calls such as EVP_PKEY_asn1_find_str() with provider-based lookups like EVP_PKEY_new() and EVP_PKEY_get0().

Example migration snippet:

// Old API (deprecated)
EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find_str(NULL, "RSA", -1);
// New API
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_set_type(pkey, EVP_PKEY_RSA);

What new tooling does OpenSSL 3.6 provide for configuration management?

The openssl configutl utility helps operators validate and dump the effective OpenSSL configuration.

  • Parses the standard openssl.cnf file and resolves includes, defaults, and environment substitutions.
  • Outputs a normalized, human-readable representation that can be diffed against previous versions.
  • Useful for CI pipelines to ensure configuration drift is caught early.

Typical usage:

openssl configutl -dump -config /etc/ssl/openssl.cnf

FAQ

Does OpenSSL 3.6 require a newer compiler?
Yes, the build now requires a compiler that supports C-99 language features.

Can I still run OpenSSL on VxWorks after upgrading to 3.6?
No, VxWorks platform support has been removed.

How do I enable LMS signature verification in OpenSSL 3.6?
Load the default provider and use the algorithm identifier "LMS" with EVP_DigestVerifyInit.

What is the recommended migration path away from EVP_PKEY_ASN1_METHOD functions?
Switch to the EVP_PKEY_new_raw_private_key and related provider-based APIs.

Is the openssl configutl utility backward compatible with existing config files?
It parses existing OpenSSL configuration files and dumps an equivalent normalized representation.

Which CVE in the 3.6.2 release is considered the most severe?
The most severe CVE in 3.6.2 is rated Moderate.

Releases In Branch 3.6

VersionRelease date
3.6.207 Apr 2026
(1 month ago)
3.6.127 Jan 2026
(3 months ago)
3.6.001 Oct 2025
(7 months ago)
3.6.0-beta116 Sep 2025
(7 months ago)
3.6.0-alpha102 Sep 2025
(8 months ago)