OpenSSL 3.5 is PQC enabled, and an LTS release. 22 mar 2025

Author: Bernard Spil | Category: Security
Tags: OpenSSL PQC

OpenSSL 3.5 is soon to be released, and brings new Post-Quantum Cryptographic protocols.

OpenSSL 3.5 is PQC enabled, and an LTS release.

The upcoming OpenSSL release 3.5 should be released soonish and has some interesting novel features.

Amongst others:

  1. ML-KEM (FIPS 203), ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) Post-Quantum algorithms and ciphers.
  2. Server-side QUIC support.

This blog-post focuses on the PQC addition, I hope to get to play with QUIC at some later time.

NOTE: OpenSSL 3.5 is currently in Alpha stage, don't be using this for your production websites.

This is a follow-up post on the previous post on Apache with PQC. Using OpenSSL 3.5 removes the requirement for additional OpenQuantumSafe libraries and engine (liboqs, oqs-provider). Client apps will use X25519MLKEM768 by default, no need to set -curves or --curves on command-line.

Using OpenSSL 3.5

On FreeBSD, set the default OpenSSL version to 3.5.

# /etc/make.conf
DEFAULT_VERSIONS+=   ssl=openssl35

Then rebuild the packages depending on OpenSSL so they link with OpenSSL from ports. To find packages that depend on older OpenSSL ports, you can use

$ pkg query '%n %dn' | grep openssl
apache24 openssl35
apr openssl35
curl openssl35

Another option is to use a separate Poudriere set that uses OpenSSL 3.5

# /usr/local/etc/poudriere.d/openssl35-make.conf
DEFAULT_VERSIONS+=   ssl=openssl35

and then build your packages appending -z openssl35 to your poudriere command.

Build OpenSSL 3.5 and demo packages.

As I'm maintaining the OpenSSL ports in FreeBSD, I have a porting jail. This is where I'll build OpenSSL 3.5 and the ports I want to use in the demo.

cd /usr/ports/security/openssl35
make clean package reinstall

Then continue building other packages in the correct order (Apache depends on APR, so we must build APR first).

cd /usr/ports/devel/apr1
make clean package reinstall
cd /usr/ports/www/apache24
make clean package reinstall
cd /usr/ports/ftp/curl
make clean package reinstall

Neither APR nor Apache httpd show the OpenSSL version used in the configure output, but it does show it will link with ports' OpenSSL:

  setting LDADD_crypto_openssl to "-L/usr/local/lib  -lssl -lcrypto"

You can inspect the result using readelf -d or ldd for libraries or binaries:

$ ldd /usr/local/libexec/apache24/mod_ssl.so | grep -E 'lib(crypto|ssl)'
        libssl.so.17 => /usr/local/lib/libssl.so.17 (0x305f998fa000)
        libcrypto.so.17 => /usr/local/lib/libcrypto.so.17 (0x305f9c000000)

Enabling ML-KEM support in Apache httpd

If you had oqs-provider enabled in OpenSSL, you can revert that by commenting out oqsprovider in openssl.cnf.

[provider_sect]
default = default_sect
# oqsprovider = oqsprovider_sect

OQS Provider should no longer appear in your openssl list -providers -verbose output.

Verify that we have a PQC capable setup using curl:

$ curl https://pq.cloudflareresearch.com/cdn-cgi/trace --curves X25519MLKEM768
fl=522f159
h=pq.cloudflareresearch.com
ip=192.0.1.7
ts=1733670505.942
visit_scheme=https
uag=curl/8.11.0
colo=AMS
sliver=none
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519MLKEM768

The kex field in the response tells you that you've used a PQC key-exchange.

For verification of your Apache server, see below.

Configure Apache httpd

(If you had OQS Provider configured before, nothing needs changing!)

Now that we know that we have OpenSSL all set up, we can move on to configuring Apache httpd.

This is a tiny task. We're starting with a config generated by Mozilla's SSL-configurator (only the relevant lines here for brevity).

# modern configuration
SSLProtocol             TLSv1.3
SSLOpenSSLConfCmd       Curves X25519:prime256v1:secp384r1

Simply extend the Curves configuration with the ML-KEM curve

# modern configuration
SSLProtocol             TLSv1.3
SSLOpenSSLConfCmd       Curves X25519MLKEM768:X25519:prime256v1:secp384r1

Restart your Apache service. When all's well, you now have a PQC functional webserver!

Validate that your server is using MLKEM768 with curl (output shortened). With OpenSSL 3.5 you no longer have to specify the curve to use X-Wing.

$ curl -vo /dev/null https://your.example.org/
...
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
...

Check the output to see that the SSL connection uses MLKEM768 hybrid mode.

Qualys SSL Labs is still oblivious to the concept of PQC it seems. Hope that that changes soon!

What's next?

OpenSSL 3.5 should be released in weeks/months, I'm hoping FreeBSD will import it before releasing 15.

This blog is proudly powered by Pelican, which takes great advantage of Python.

W3 Personal Blog is a flat bootstrap responsive theme designed by W3layouts ported to a pelican by Samael500.

Creative Commons LicenseThis work is CC-BY-4.0 licensed.