On Thu, Jun 18, 2026 at 2:06 PM Daniel Gustafsson <[email protected]> wrote: > The entire OpenSSL 3.x line will be down to just 3.5 LTS by the time we ship > v20.
Yeah. Though RH have been apparently shipping breaking updates to OpenSSL in RHEL 9+, so the conversation may look completely different when we get to those EOLs. > One complicating factor when it comes to OpenSSL is that we need the 1.1.1 API > support in order to keep LibreSSL supported. True -- but I think that even if your split didn't land, surrounding the necessary code with `#ifdef LIBRESSL_VERSION_NUMBER` would be a big maintainability upgrade compared to "all code paths must support both OpenSSL 1.1.1 _and_ LibreSSL which is kind-of-not-really-the-same". --Jacob
