With Oracle Linux 10.1, OpenSSL is updated to version 3.5 and includes ML-KEM, ML-DSA, SLH-DSA, QUIC transport, and additional post-quantum and modern cryptography features.

You can now improve security for TLS connections and cryptographic operations in Oracle Linux environments, preparing systems for a quantum-safe future.

See https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#openssl-35 for more information.

With Oracle Linux 10.1, use the SSLKEYLOGFILE environment variable to instruct OpenSSL to log TLS connection secrets to a file.

With Oracle Linux 10.1, the NSS cryptographic toolkit packages are updated to upstream version 3.112 with many improvements and fixes.

See https://firefox-source-docs.mozilla.org/security/nss/releases/index.html for more information.

The libreswan IPsec implementation is updated to version 5.3, delivering bug fixes and feature improvements.

See https://download.libreswan.org/CHANGES for more information.

The gnutls package is updated to version 3.8.10, adding certificate compression, expanded ML-DSA algorithm support, and support for PKCS#11 module overrides.

See https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html for more information.

SELinux policy packages are updated to version 42.1, delivering multiple improvements and fixes, including added types for systemd generators.

The fips-provider-next package introduces the next version of the FIPS provider for OpenSSL. The package is under review with the National Institute of Standards and Technology (NIST) for validation. The openssl-fips-provider remains the validated FIPS provider.

To switch to the fips-provider-next, run the following command:

sudo dnf swap openssl-fips-provider fips-provider-next

The fips-provider-next package is available as a technical preview.

Version 3.25.0 of the openCryptoki packages is now available.

See https://github.com/opencryptoki/opencryptoki/releases/tag/v3.25.0 for more information.