On Mon, Dec 05, 2022 at 11:14:56PM +0100, Volker Schlecht wrote: > That's switching as in "They bundle OpenSSL 3.07 + QUIC Patch and that's > what they develop against".
They also support BoringSSL which does not yet provide any OpenSSL 3 API. > Also the project would rather have switched to OpenSSL 3.0 for the previous > LTS release already: > > https://nodejs.org/en/blog/announcements/nodejs16-eol/ > > So while it might build against OpenSSL 1.1.1 (full disclosure: I didn't > even try) I'm reasonably sure that any issues arising from that will be ours > to fix. > > You seem to be critical about having the dependency on 3.0 ... any reasons I > should be aware of? OpenSSL 1.1 is well tested and a more or less known beast. OpenSSL 3 on the other hand... not so much. I don't care deeply if OpenSSL 3 is used for this, I just wanted to make sure the switch wasn't made blindly since newer is better (which in this case it probably isn't).
