Wiki: https://fedoraproject.org/wiki/Changes/OpenSSL40
Discussion Thread: https://discussion.fedoraproject.org/t/f45-change-proposal-openssl40-systemwide/163965 **This is a proposed Change for Fedora Linux.** This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == OpenSSL 4.0 is going to land in April 2026. It is a major release with many significant changes, and we should start preparing to it. == Owner == * Name: [[User:dbelyavs| Dmitry Belyavskiy]] * Email: dbely...@redhat.com == Detailed Description == OpenSSL upstream has started development of the version OpenSSL 4.0 It will imply soname bump, removing ENGINE support, etc. As OpenSSL uses time-based release planning, the release would happen in April 2026. If I'm not mistaken, this change could land only in Fedora 45, but I think it's worth considering the transition already. We definitely would need an openssl3-compat package(s) including the one with engine support but I would better avoid being a primary maintainer of it. == Feedback == == Benefit to Fedora == Fedora would get the latest stable version of OpenSSL, a corner-stone crypto toolkit used in a gazillion of projects. We also get rid of engine support which is currently slowly degrading because of being superseded by providers. == Scope == * Proposal owners: rebasing OpenSSL to 4.0, and building OpenSSH and maybe some other crucial components to provide the system in an accessible state. Maintaining the openssl3-compat package (but I would prefer offloading it to someone else) Rebuild their components against new version of OpenSSL (probably implying mass rebuild). Mass rebuild is required. * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: yes == Upgrade/compatibility impact == It depends on the compat package presence. If it is present, previous packages would continue working. If not, the 3rd-party packages and packages using engines and deprecated API removed in 4.0 will be broken. == Early Testing (Optional) == == How To Test == All the components relying on OpenSSL should be rebuilt with the new version and pass the regular tests. If the compat package is provided, the spec files for the packages not switching to the new version should be updated. == User Experience == There should not be any major UX changes. == Dependencies == A lot of them. == Contingency Plan == Providing the compat package for OpenSSL 3. == Documentation == No upstream documentation yet == Release Notes == OpenSSL is rebased to 4.0, and there are a lot of changes...
-- _______________________________________________ devel-announce mailing list -- devel-annou...@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-annou...@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
