Skip to content

Bump OpenSSL to >= 3.5.0

With tpo/core/tor#41041 (closed) we have finally gotten an opportunity to begin the work with migrating the Tor network towards a post-quantum TLS layer.

We most likely have a Debian Trixie release to arrive before the network will begin upgrading, but it would be useful to prepare on our client-side story early on.

The OpenSSL project recently released their 3.5.0 version which was announced in https://openssl-library.org/post/2025-04-08-openssl-35-final-release/ and it supports the ML-KEM that we want for the TLS encryption layer.

Once tor#41041 is fixed, we will most likely target its patch for inclusion in 0.4.8.x allowing Tor users to begin getting the benefit of TLS PQC as early as possible.

CC @nickm @mikeperry

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information