+1, we don't want to bundle and maintain and monkey-patch 1.1.1 ourselves for 14.4 months, which I guess would be the alternative.
On Wed, 18 Jan 2023 at 13:20, Christoph M. Becker <cmbecke...@gmx.de> wrote: > > Hi all! > > While the official builds for PHP 8.2 already use OpenSSL 3.0, the PHP > 8.1 builds are still using OpenSSL 1.1.1. However, OpenSSL 1.1.1 is > only supported till 2023-09-11[1], while PHP 8.1 is supported till > 2024-11-25[2]. Although I don't like bumping the OpenSSL version in the > middle of PHP 8.1's lifetime, I suppose it is necessary to avoid falling > behind security support. And if we do that bump, we better do it sooner > than later. > > So, if there are no unforeseen problems, I suggest to build PHP > 8.1.16RC1 with OpenSSL 3.0 (PHP 8.1.15RC1 has already been built with > OpenSSL 1.1.1). > > Thoughts? Objections? > > [1] <https://www.openssl.org/policies/releasestrat.html> > [2] <https://www.php.net/supported-versions.php> > > -- > Christoph M. Becker > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
