End-of-life for OpenSSL

awright · September 18, 2023, 3:00pm

OpenSSL 1.0.2 (LTS) has been end-of-life since 31 Dec 2019, and OpenSSL 1.1.0 since 11 Sep 2019, and now OpenSSL 1.1.1 (LTS) has also reached end-of-life (OpenSSL 1.1.1 End of Life - OpenSSL Blog).

Erlang OTP 24.3 (Erlang OTP 24.3 is released - Erlang/OTP) was released 10 Mar 2023 with the crypto app updated to allow being “compiled, linked, and used with OpenSSL 3.0 cryptlib”.

When might confd-8.0.x get updated to use the updated Erlang OTP to continue to support OpenSSL usage with the OpenSSL 3.x now being the only active codebase, before it gets to the EOM milestone. The 8.0.4 was packaged with Erlang/OTP version: 22.3.4.17.

jlawitzke · October 11, 2023, 4:38pm

ConfD 8.0.x is the last branch of ConfD which is being released. There are no plans to release OpenSSL 3.0 support for ConfD.

sbarvick · August 28, 2024, 7:16pm

With the announcement of Ductus now offering support to ConfD users and the continuing questions about the ability to support OpenSSL 3.0, it seems appropriate to say that Ductus will be supporting the necessary upgrades of OTP to work best with OpenSSL 3.0. While there are other moving parts and probably ways to make it work, it is also true that OTP versions 25 and later are using the supported crypto APIs (ref: Erlang/OTP 25 Highlights - Erlang/OTP).