I had Claude make a plan for 3.0.x vs 3.5.x. There aren’t a lot of operating
systems that support 3.5.x at this moment. I suggest supporting 3.0.x, but
recommending people use 3.5.x or newer.
ATS 11.x OpenSSL Minimum Version - Two Options
===============================================
PLAN A: Minimum OpenSSL 3.0.x (Recommended)
-------------------------------------------
Supported Platforms:
• Ubuntu 22.04 LTS (OpenSSL 3.0.x) - supported until Apr 2027
• Ubuntu 24.04 LTS (OpenSSL 3.0.x) - supported until Apr 2029
• Debian 12 Bookworm (OpenSSL 3.0.x) - supported until Jun 2028
• RHEL/Rocky/Alma 9.x (OpenSSL 3.0.x) - supported until May 2032
• Fedora 40+ (OpenSSL 3.2+)
• FreeBSD 14.x (OpenSSL 3.0.x)
• macOS via Homebrew
Dropped Platforms:
• Ubuntu 20.04 LTS (OpenSSL 1.1.1) - EOL Apr 2025
• Debian 11 Bullseye (OpenSSL 1.1.1) - EOL Aug 2026
• RHEL/Rocky 8.x (OpenSSL 1.1.1) - maintenance mode
• FreeBSD 13.x (OpenSSL 1.1.1) - EOL Jan 2026
Pros:
✓ Broad compatibility - covers most current enterprise distros
✓ Users already on these platforms, no forced upgrades
✓ Can keep existing OpenSSL 3.0 compatibility code
Cons:
⚠ OpenSSL 3.0 EOL Sept 2026 - may need to bump minimum in ATS 11.1 or 11.2
⚠ Miss out on OpenSSL 3.5 improvements
PLAN B: Minimum OpenSSL 3.5.x (Forward-Looking)
-----------------------------------------------
Supported Platforms (once they adopt 3.5):
• Ubuntu 26.04 LTS (expected Apr 2026)
• Debian 13 Trixie (expected 2025-2026)
• RHEL/Rocky 10 (expected late 2026)
• Fedora 42+
• FreeBSD 15.x
• macOS via Homebrew (available now)
Dropped Platforms:
• Ubuntu 22.04/24.04 LTS (OpenSSL 3.0.x) - SIGNIFICANT impact
• Debian 12 (OpenSSL 3.0.x)
• RHEL/Rocky 9.x (OpenSSL 3.0.x) - SIGNIFICANT impact
• FreeBSD 14.x (OpenSSL 3.0.x)
Pros:
✓ 5-year LTS support (until Apr 2030)
✓ Clean codebase - no legacy workarounds
✓ Latest security features and performance
Cons:
✗ Drops Ubuntu 22.04/24.04 LTS - huge user base
✗ Drops RHEL 9 / Rocky 9 - major enterprise platform
✗ May delay ATS 11.x adoption until 2027
SUMMARY
-------
Plan A (3.0.x) Plan B (3.5.x)
User base at launch: Large Small
Enterprise support: RHEL 9, Ubuntu RHEL 10, Ubuntu 26
22/24
OpenSSL EOL risk: Sept 2026 Apr 2030
Adoption timeline: Immediate 2027+ for most
RECOMMENDATION
--------------
Plan A (3.0.x minimum) for ATS 11.0, with a documented plan to:
1. Raise minimum to 3.5 in ATS 11.2 or 12.0
2. Add deprecation warnings for 3.0.x in ATS 11.1
This balances compatibility with a clear forward path.
-Bryan
> On Jan 13, 2026, at 5:56 PM, Leif Hedstrom <[email protected]> wrote:
>
>
>
>> On Jan 13, 2026, at 3:59 PM, Masakazu Kitajo <[email protected]> wrote:
>>
>> I'm thinking of bumping the minimum OpenSSL version that we support on ATS
>> 11.0.
>>
>> TLDR, I suggest bumping it to 3.0 (in other words, dropping the support for
>> 1.1.1)
>>
>> The version 1.1.1 is already too old. Curl recently dropped the support. I
>> suppose everybody is fine with dropping the support. This would allow us to
>> clean up our code.
>>
>> Do we want to keep the support for OpenSSL 3.0?
>> The 3.0 is an LTS release, and the EOL is Sep 2026. A newer LTS is 3.5. It
>> was released in Apr 2025, and the EOL is Apr 2030. I feel like dropping the
>> support for 3.0 is a little too aggressive for minor benefit in terms of
>> code clean up, but I personally don't mind.
>> https://openssl-library.org/roadmap/index.html
>
>
> Gut feeling would be that we ought to bump it to v3.5, seeing that v3.0 will
> be EOL before we make a v11 release.
>
> Cheers,
>
> — Leif
