OpenSSL 3.5.0 is a feature release adding significant new functionality to
OpenSSL.

This release incorporates the following potentially significant or incompatible
changes:

• Default encryption cipher for the req, cms, and smime applications
  changed from des-ede3-cbc to aes-256-cbc.

• The default TLS supported groups list has been changed to include and
  prefer hybrid PQC KEM groups. Some practically unused groups were removed
  from the default list.

• The default TLS keyshares have been changed to offer X25519MLKEM768 and
  and X25519.

• All BIO_meth_get_*() functions were deprecated.

This release adds the following new features:

• Support for server side QUIC (RFC 9000)

• Support for 3rd party QUIC stacks including 0-RTT support

• Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

• A new configuration option no-tls-deprecated-ec to disable support for
  TLS groups deprecated in RFC8422

• A new configuration option enable-fips-jitter to make the FIPS provider
  to use the JITTER seed source

• Support for central key generation in CMP

• Support added for opaque symmetric key objects (EVP_SKEY)

• Support for multiple TLS keyshares and improved TLS key establishment group
  configurability

• API support for pipelining in provided cipher algorithms

Known issues in 3.5.0

• #27282
  Calling SSL_accept on objects returned from SSL_accept_connection
  results in error. It is expected that making this call will advance
  the SSL handshake for the passed connection, but currently it does not.
  This can be handled by calling SSL_do_handshake instead. A fix is planned
  for OpenSSL 3.5.1