OpenSSL 3.5 (Native PQC)

OpenSSL is not a new entrant in this list — it is the foundational TLS and cryptographic library that underpins an estimated 70 to 80 percent of internet-facing HTTPS servers. For decades, every OpenSSL release has been a global infrastructure event. OpenSSL 3.5, released in 2025, is the most significant security release in the project's history: it ships native support for ML-KEM, ML-DSA, and SLH-DSA across all FIPS 203, FIPS 204, and FIPS 205 parameter sets, without requiring the separate oqs-provider plugin. This is a paradigm shift in the PQC deployment landscape. Previously, enabling PQC in OpenSSL required installing and configuring the oqs-provider, which was appropriate for testing and enterprise POC deployments but added operational complexity for production systems. With OpenSSL 3.5, any Linux distribution or server application that updates its OpenSSL dependency gains PQC support as a built-in capability. nginx, Apache, HAProxy, PostgreSQL, Python's ssl module, Go's crypto/tls (which links to BoringSSL but tracks OpenSSL conventions), and thousands of other server applications inherit PQC capability through a simple package update. OpenSSL 3.5 supports X25519MLKEM768 as a hybrid TLS key exchange group — the same hybrid construction used by Chrome and negotiated by Cloudflare's edge. This means an nginx server updated to link against OpenSSL 3.5 will automatically negotiate hybrid PQC with Chrome 124+ clients, with no nginx configuration changes required beyond enabling the new cipher group. The performance overhead is minimal: benchmark data published by the OpenSSL project shows hybrid ML-KEM-768 TLS handshakes adding 1.2ms at the median versus classical X25519 on modern x86-64 hardware. OpenSSL's FIPS module — the subset of the library that has undergone NIST CMVP validation — is maintained separately from the main library. The FIPS 3.5 module validation was in progress with CMVP as of mid-2026; organizations requiring a FIPS-validated implementation should track that validation status or use AWS-LC or SymCrypt in the interim.