Update dependency openssl/openssl to v3.5.0 #112
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.4.1->3.5.0Release Notes
openssl/openssl (openssl/openssl)
v3.5.0: OpenSSL 3.5.0Compare Source
OpenSSL 3.5.0 is a feature release adding significant new functionality to
OpenSSL.
This release incorporates the following potentially significant or incompatible
changes:
Default encryption cipher for the
req,cms, andsmimeapplicationschanged from
des-ede3-cbctoaes-256-cbc.The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
All
BIO_meth_get_*()functions were deprecated.This release adds the following new features:
Support for server side QUIC (RFC 9000)
Support for 3rd party QUIC stacks including 0-RTT support
Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
A new configuration option
no-tls-deprecated-ecto disable support forTLS groups deprecated in RFC8422
A new configuration option
enable-fips-jitterto make the FIPS providerto use the
JITTERseed sourceSupport for central key generation in CMP
Support added for opaque symmetric key objects (EVP_SKEY)
Support for multiple TLS keyshares and improved TLS key establishment group
configurability
API support for pipelining in provided cipher algorithms
Known issues in 3.5.0
Calling SSL_accept on objects returned from SSL_accept_connection
results in error. It is expected that making this call will advance
the SSL handshake for the passed connection, but currently it does not.
This can be handled by calling SSL_do_handshake instead. A fix is planned
for OpenSSL 3.5.1
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "before 2am" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.