On Wed, 20 Aug 2025, Daniel Stenberg via curl-library wrote:
The OpenSSL project themselves doesn't support any version before 3.0, so presumably there are also no security updates for older versions anymore etc. That makes them insecure options to use.
Sorry, their page also says: "Extended support for 1.1.1 and 1.0.2 to gain access to security fixes for those versions is available." Presumably they are paying customers of OpenSSL. Not sure that changes anything.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
