YuOpenSSL-3.5: Version History

YuOpenSSL-4.0 Demo YuOpenSSL-3.6 Demo YuOpenSSL-3.5 Demo YuOpenSSL-1.1.1 Demo Buy Commercial License Buy Source Code License

YuOpenSSL is a Delphi port of the OpenSSL cryptography and SSL/TSL library. All code is statically compiled into applications. OpenSSL DLLs are not needed. Over 5000 functions, procedures, constants, and types are ready to use in a single Delphi unit.

YuOpenSSL-3.5 v1.1.4 – 9 Apr 2026

Update to OpenSSL 3.5.6, a security patch release. The most severe CVE fixed is Medium.

Bug fixes:

Incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790).
Loss of key agreement group tuple structure when the DEFAULT keyword is used in the server-side configuration of the key-agreement group list (CVE-2026-2673).
Potential use-after-free in DANE client code (CVE-2026-28387).
NULL pointer dereference when processing a delta CRL (CVE-2026-28388).
Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (CVE-2026-28389).
Possible NULL dereference when processing CMS KeyTransportRecipientInfo (CVE-2026-28390).
Heap buffer overflow in hexadecimal conversion (CVE-2026-31789).
Broken detection of plantext HTTP over TLS.

YuOpenSSL-3.5 v1.1.3 – 28 Jan 2026

Update to OpenSSL 3.5.5, a security patch release. The most severe CVE fixed is High.

Bug fixes:

Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187).
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467).
NULL dereference in SSL_CIPHER_find function on unknown cipher ID (CVE-2025-15468).
TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199).
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160).
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418).
Out of bounds write in PKCS12_get_friendlyname UTF-8 conversion (CVE-2025-69419).
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420).
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421).
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795).
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes function (CVE-2026-22796).

YuOpenSSL-3.5 v1.1.2 – 1 Oct 2025

Update to OpenSSL 3.5.4, a moderate severity security release.

Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230).
Fix Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232).
Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted signatures.

YuOpenSSL-3.5 v1.1.1 – 23 Sep 2025

Update to OpenSSL 3.5.3.

YuOpenSSL-3.5 v1.1.0 – 18 Sep 2025

Support Delphi 13 Florence Win32 and Win64.

YuOpenSSL-3.5 v1.0.0 – 18 Aug 2025

First release, based on OpenSSL 3.5.2.

Changes from OpenSSL 3.4:

Potentially significant or incompatible changes:

Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc.
The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list.
The default TLS keyshares have been changed to offer X25519MLKEM768 and X25519.
All BIO_meth_get_*() functions were deprecated.

New features:

Support for server side QUIC (RFC 9000).
Support for 3rd party QUIC stacks including 0-RTT support.
Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA).
Support added for opaque symmetric key objects (EVP_SKEY).
Support for multiple TLS keyshares and improved TLS key establishment group configurability.
API support for pipelining in provided cipher algorithms.

Yunqa • The Delphi Inspiration

Table of Contents