For the record: 1. This change is for F45, if I didn't miscalculate with dates. 2. This change is inevitable and the expected outcome of this discussion is to ensure the steps that would simplify the transition to OpenSSL 4.0.
On Tue, Sep 9, 2025 at 6:43 PM Allison King via devel-announce < devel-annou...@lists.fedoraproject.org> wrote: > Wiki: https://fedoraproject.org/wiki/Changes/OpenSSL40 > > Discussion Thread: > https://discussion.fedoraproject.org/t/f45-change-proposal-openssl40-systemwide/163965 > > **This is a proposed Change for Fedora Linux.** > This document represents a proposed Change. As part of the Changes > process, proposals are publicly announced in order to receive community > feedback. This proposal will only be implemented if approved by the Fedora > Engineering Steering Committee. > > == Summary == > OpenSSL 4.0 is going to land in April 2026. It is a major release with > many significant changes, and we should start preparing to it. > > == Owner == > * Name: [[User:dbelyavs| Dmitry Belyavskiy]] > * Email: dbely...@redhat.com > > > > == Detailed Description == > OpenSSL upstream has started development of the version OpenSSL 4.0 > It will imply soname bump, removing ENGINE support, etc. As OpenSSL uses > time-based release planning, the release would happen in April 2026. > > If I'm not mistaken, this change could land only in Fedora 45, but I think > it's worth considering the transition already. > > We definitely would need an openssl3-compat package(s) including the one > with engine support but I would better avoid being a primary maintainer of > it. > > == Feedback == > > == Benefit to Fedora == > Fedora would get the latest stable version of OpenSSL, a corner-stone > crypto toolkit used in a gazillion of projects. > > We also get rid of engine support which is currently slowly degrading > because of being superseded by providers. > > > == Scope == > * Proposal owners: rebasing OpenSSL to 4.0, and building OpenSSH and maybe > some other crucial components to provide the system in an accessible state. > > Maintaining the openssl3-compat package (but I would prefer offloading it > to someone else) > > Rebuild their components against new version of OpenSSL (probably implying > mass rebuild). > > Mass rebuild is required. > > > * Trademark approval: N/A (not needed for this Change) > > * Alignment with the Fedora Strategy: yes > > == Upgrade/compatibility impact == > It depends on the compat package presence. If it is present, previous > packages would continue working. If not, the 3rd-party packages and > packages using engines and deprecated API removed in 4.0 will be broken. > > > == Early Testing (Optional) == > > > == How To Test == > All the components relying on OpenSSL should be rebuilt with the new > version and pass the regular tests. If the compat package is provided, the > spec files for the packages not switching to the new version should be > updated. > > > > == User Experience == > There should not be any major UX changes. > > == Dependencies == > A lot of them. > > > > == Contingency Plan == > Providing the compat package for OpenSSL 3. > > > == Documentation == > No upstream documentation yet > > == Release Notes == > OpenSSL is rebased to 4.0, and there are a lot of changes... > -- > _______________________________________________ > devel-announce mailing list -- devel-annou...@lists.fedoraproject.org > To unsubscribe send an email to > devel-announce-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel-annou...@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
