Here's the next iteration of our favorite behemoth. It's the LTS set to
replace 3.0 and it will be supported until 2030. I expect we'll want to
keep this while we watch OpenSSL 4.0 being inflicted on humanity.

I am going to switch the default openssl to 3.4 in the 7.7 cycle and,
per usual, 3.5 will become the default during the 7.8 cycle. We'll
probably stop there and pause for a while.

PQ + QUIC improvements and a BoringSSL-incompatible QUIC API for using
3rd party QUIC stacks because compatibility would have meant work for
OpenSSL themselves rather than for all the downstreams. You'll easily
find ads on what other greatness this includes.

As far as I'm concerned, the best news is that our asm patches are now
finally fully merged upstream. Thanks to sashan for doing the work.

I tested this on amd64 with IBT, on aarch64 (no BTI) and sparc64.

I'd appreciate a 'make test' on a BTI-capable aarch64 machine. riscv64
would be nice as well. Tarball to be extracted from security/openssl.

• openssl-3.5.tgz (39K)