Let's keep users@ in the loop, since this change impacts users. The release date of ATS 11 does matter, but v1.1.1 was already EOL when we released ATS 10.0. If people still use v3.4 or older, requiring v3.5 is too much, in my opinion. I don't see big reasons to disallow using ATS with v3.0.
Masakazu On Wed, Jan 14, 2026 at 10:39 AM Brian Neradt <[email protected]> wrote: > That's interesting concerning those LTS releases and 3.0. > > This is good to discuss now, but clearly we will need to circle back on > this as we get closer to the ATS 11 release and see the state of things > then. As Leif says, since 3.0 will be EOL by September, I'm guessing once > we get to our ATS 11 release date, we will find that doing at least 3.2 > will be acceptable. I can't imagine anyone uses 3.0 in production - from > our internal experience, its performance/locking issues were a non-starter. > > The other thing to keep in mind is whether there is an effective difference > between making the cutoff 3.2 versus 3.0. If there's not significant > openssl API changes between the two, maybe supporting 3.0 is "free" from a > source code perspective for ATS if we're supporting 3.2 anyway. > > On Wed, Jan 14, 2026 at 11:21 AM Bryan Call <[email protected]> wrote: > > > I had Claude make a plan for 3.0.x vs 3.5.x. There aren’t a lot of > > operating systems that support 3.5.x at this moment. I suggest > supporting > > 3.0.x, but recommending people use 3.5.x or newer. > > > > ATS 11.x OpenSSL Minimum Version - Two Options > > =============================================== > > > > PLAN A: Minimum OpenSSL 3.0.x (Recommended) > > ------------------------------------------- > > > > Supported Platforms: > > • Ubuntu 22.04 LTS (OpenSSL 3.0.x) - supported until Apr 2027 > > • Ubuntu 24.04 LTS (OpenSSL 3.0.x) - supported until Apr 2029 > > • Debian 12 Bookworm (OpenSSL 3.0.x) - supported until Jun 2028 > > • RHEL/Rocky/Alma 9.x (OpenSSL 3.0.x) - supported until May 2032 > > • Fedora 40+ (OpenSSL 3.2+) > > • FreeBSD 14.x (OpenSSL 3.0.x) > > • macOS via Homebrew > > > > Dropped Platforms: > > • Ubuntu 20.04 LTS (OpenSSL 1.1.1) - EOL Apr 2025 > > • Debian 11 Bullseye (OpenSSL 1.1.1) - EOL Aug 2026 > > • RHEL/Rocky 8.x (OpenSSL 1.1.1) - maintenance mode > > • FreeBSD 13.x (OpenSSL 1.1.1) - EOL Jan 2026 > > > > Pros: > > ✓ Broad compatibility - covers most current enterprise distros > > ✓ Users already on these platforms, no forced upgrades > > ✓ Can keep existing OpenSSL 3.0 compatibility code > > > > Cons: > > ⚠ OpenSSL 3.0 EOL Sept 2026 - may need to bump minimum in ATS 11.1 or > 11.2 > > ⚠ Miss out on OpenSSL 3.5 improvements > > > > > > PLAN B: Minimum OpenSSL 3.5.x (Forward-Looking) > > ----------------------------------------------- > > > > Supported Platforms (once they adopt 3.5): > > • Ubuntu 26.04 LTS (expected Apr 2026) > > • Debian 13 Trixie (expected 2025-2026) > > • RHEL/Rocky 10 (expected late 2026) > > • Fedora 42+ > > • FreeBSD 15.x > > • macOS via Homebrew (available now) > > > > Dropped Platforms: > > • Ubuntu 22.04/24.04 LTS (OpenSSL 3.0.x) - SIGNIFICANT impact > > • Debian 12 (OpenSSL 3.0.x) > > • RHEL/Rocky 9.x (OpenSSL 3.0.x) - SIGNIFICANT impact > > • FreeBSD 14.x (OpenSSL 3.0.x) > > > > Pros: > > ✓ 5-year LTS support (until Apr 2030) > > ✓ Clean codebase - no legacy workarounds > > ✓ Latest security features and performance > > > > Cons: > > ✗ Drops Ubuntu 22.04/24.04 LTS - huge user base > > ✗ Drops RHEL 9 / Rocky 9 - major enterprise platform > > ✗ May delay ATS 11.x adoption until 2027 > > > > > > SUMMARY > > ------- > > > > Plan A (3.0.x) Plan B (3.5.x) > > User base at launch: Large Small > > Enterprise support: RHEL 9, Ubuntu RHEL 10, Ubuntu 26 > > 22/24 > > OpenSSL EOL risk: Sept 2026 Apr 2030 > > Adoption timeline: Immediate 2027+ for most > > > > > > RECOMMENDATION > > -------------- > > > > Plan A (3.0.x minimum) for ATS 11.0, with a documented plan to: > > 1. Raise minimum to 3.5 in ATS 11.2 or 12.0 > > 2. Add deprecation warnings for 3.0.x in ATS 11.1 > > > > This balances compatibility with a clear forward path. > > > > > > -Bryan > > > > > On Jan 13, 2026, at 5:56 PM, Leif Hedstrom <[email protected]> wrote: > > > > > > > > > > > >> On Jan 13, 2026, at 3:59 PM, Masakazu Kitajo <[email protected]> > wrote: > > >> > > >> I'm thinking of bumping the minimum OpenSSL version that we support on > > ATS > > >> 11.0. > > >> > > >> TLDR, I suggest bumping it to 3.0 (in other words, dropping the > support > > for > > >> 1.1.1) > > >> > > >> The version 1.1.1 is already too old. Curl recently dropped the > > support. I > > >> suppose everybody is fine with dropping the support. This would allow > > us to > > >> clean up our code. > > >> > > >> Do we want to keep the support for OpenSSL 3.0? > > >> The 3.0 is an LTS release, and the EOL is Sep 2026. A newer LTS is > 3.5. > > It > > >> was released in Apr 2025, and the EOL is Apr 2030. I feel like > dropping > > the > > >> support for 3.0 is a little too aggressive for minor benefit in terms > of > > >> code clean up, but I personally don't mind. > > >> https://openssl-library.org/roadmap/index.html > > > > > > > > > Gut feeling would be that we ought to bump it to v3.5, seeing that v3.0 > > will be EOL before we make a v11 release. > > > > > > Cheers, > > > > > > — Leif > > > > > > -- > "Come to Me, all who are weary and heavy-laden, and I will > give you rest. Take My yoke upon you and learn from Me, for > I am gentle and humble in heart, and you will find rest for > your souls. For My yoke is easy and My burden is light." > > ~ Matthew 11:28-30 >
