Be careful with trusting LLM output -- while I agree with the conclusions here, it's worth noting that RHEL 10 maintains OpenSSL 3.2.x ABI compatibility but backports 3.5.x fixes and PQC cipher suites. Requiring 3.5 will fail builds regardless. I also support the 3.0.x (or 3.2.x) minimum here.
--Jered ----- On Jan 14, 2026, at 12:19 PM, Bryan Call [email protected] wrote: > I had Claude make a plan for 3.0.x vs 3.5.x. There aren’t a lot of operating > systems that support 3.5.x at this moment. I suggest supporting 3.0.x, but > recommending people use 3.5.x or newer. > > ATS 11.x OpenSSL Minimum Version - Two Options > =============================================== > > PLAN A: Minimum OpenSSL 3.0.x (Recommended) > ------------------------------------------- > > Supported Platforms: > • Ubuntu 22.04 LTS (OpenSSL 3.0.x) - supported until Apr 2027 > • Ubuntu 24.04 LTS (OpenSSL 3.0.x) - supported until Apr 2029 > • Debian 12 Bookworm (OpenSSL 3.0.x) - supported until Jun 2028 > • RHEL/Rocky/Alma 9.x (OpenSSL 3.0.x) - supported until May 2032 > • Fedora 40+ (OpenSSL 3.2+) > • FreeBSD 14.x (OpenSSL 3.0.x) > • macOS via Homebrew > > Dropped Platforms: > • Ubuntu 20.04 LTS (OpenSSL 1.1.1) - EOL Apr 2025 > • Debian 11 Bullseye (OpenSSL 1.1.1) - EOL Aug 2026 > • RHEL/Rocky 8.x (OpenSSL 1.1.1) - maintenance mode > • FreeBSD 13.x (OpenSSL 1.1.1) - EOL Jan 2026 > > Pros: > ✓ Broad compatibility - covers most current enterprise distros > ✓ Users already on these platforms, no forced upgrades > ✓ Can keep existing OpenSSL 3.0 compatibility code > > Cons: > ⚠ OpenSSL 3.0 EOL Sept 2026 - may need to bump minimum in ATS 11.1 or 11.2 > ⚠ Miss out on OpenSSL 3.5 improvements > > > PLAN B: Minimum OpenSSL 3.5.x (Forward-Looking) > ----------------------------------------------- > > Supported Platforms (once they adopt 3.5): > • Ubuntu 26.04 LTS (expected Apr 2026) > • Debian 13 Trixie (expected 2025-2026) > • RHEL/Rocky 10 (expected late 2026) > • Fedora 42+ > • FreeBSD 15.x > • macOS via Homebrew (available now) > > Dropped Platforms: > • Ubuntu 22.04/24.04 LTS (OpenSSL 3.0.x) - SIGNIFICANT impact > • Debian 12 (OpenSSL 3.0.x) > • RHEL/Rocky 9.x (OpenSSL 3.0.x) - SIGNIFICANT impact > • FreeBSD 14.x (OpenSSL 3.0.x) > > Pros: > ✓ 5-year LTS support (until Apr 2030) > ✓ Clean codebase - no legacy workarounds > ✓ Latest security features and performance > > Cons: > ✗ Drops Ubuntu 22.04/24.04 LTS - huge user base > ✗ Drops RHEL 9 / Rocky 9 - major enterprise platform > ✗ May delay ATS 11.x adoption until 2027 > > > SUMMARY > ------- > > Plan A (3.0.x) Plan B (3.5.x) > User base at launch: Large Small > Enterprise support: RHEL 9, Ubuntu RHEL 10, Ubuntu 26 > 22/24 > OpenSSL EOL risk: Sept 2026 Apr 2030 > Adoption timeline: Immediate 2027+ for most > > > RECOMMENDATION > -------------- > > Plan A (3.0.x minimum) for ATS 11.0, with a documented plan to: > 1. Raise minimum to 3.5 in ATS 11.2 or 12.0 > 2. Add deprecation warnings for 3.0.x in ATS 11.1 > > This balances compatibility with a clear forward path. > > > -Bryan > >> On Jan 13, 2026, at 5:56 PM, Leif Hedstrom <[email protected]> wrote: >> >> >> >>> On Jan 13, 2026, at 3:59 PM, Masakazu Kitajo <[email protected]> wrote: >>> >>> I'm thinking of bumping the minimum OpenSSL version that we support on ATS >>> 11.0. >>> >>> TLDR, I suggest bumping it to 3.0 (in other words, dropping the support for >>> 1.1.1) >>> >>> The version 1.1.1 is already too old. Curl recently dropped the support. I >>> suppose everybody is fine with dropping the support. This would allow us to >>> clean up our code. >>> >>> Do we want to keep the support for OpenSSL 3.0? >>> The 3.0 is an LTS release, and the EOL is Sep 2026. A newer LTS is 3.5. It >>> was released in Apr 2025, and the EOL is Apr 2030. I feel like dropping the >>> support for 3.0 is a little too aggressive for minor benefit in terms of >>> code clean up, but I personally don't mind. >>> https://openssl-library.org/roadmap/index.html >> >> >> Gut feeling would be that we ought to bump it to v3.5, seeing that v3.0 will >> be >> EOL before we make a v11 release. >> >> Cheers, >> > > — Leif
