Skip to content

openssl: bump minimum OpenSSL version to 3.0.0 #18330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vszakats wants to merge 1 commit into from
Closed

openssl: bump minimum OpenSSL version to 3.0.0 #18330

vszakats wants to merge 1 commit into from

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Aug 20, 2025
edited
Loading

It also means that all supported OpenSSL versions and forks support
TLSv1.3 after this patch.

It reduces openssl.c size by more than 10%, or 400 LOC.

Ref: #18822

@github-actions github-actions bot added the CI Continuous Integration label Aug 20, 2025
@vszakats vszakats added TLS and removed CI Continuous Integration labels Aug 20, 2025
@vszakats vszakats changed the title openssl: require 1.1.1 or upper openssl: require 1.1.1 or upper (or maybe 3.0.0) Aug 21, 2025
@github-actions github-actions bot added the CI Continuous Integration label Aug 21, 2025
@vszakats vszakats changed the title openssl: require 1.1.1 or upper (or maybe 3.0.0) openssl: require 1.1.1 or upper → try 3.0.0 or upper Aug 21, 2025
@vszakats vszakats marked this pull request as draft August 21, 2025 08:40
@vszakats

This comment was marked as resolved.

Sign in to view
@vszakats

This comment was marked as resolved.

Sign in to view
@vszakats vszakats mentioned this pull request Aug 21, 2025
Closed
@vszakats

This comment was marked as resolved.

Sign in to view
This was referenced Aug 21, 2025
Closed
Closed
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
openssl: drop redundant version check
1d7fddd 
It had a typo, but it wasn't causing an issue, because `TLS1_3_VERSION`
is enough to detect this feature and the version check remained unused.

Follow-up to 0d3b593 #16477
Cherry-picked from #18330
Closes #18333
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
appveyor: test openssl with clang-cl
b3167ef 
Cherry-picked from #18330
Closes #18334
This was referenced Aug 21, 2025
Closed
Closed
vszakats added a commit to vszakats/curl that referenced this pull request Aug 21, 2025
@vszakats
GHA/non-native: drop MS-DOS jobs, requires OpenSSL 1.0.2
e1e6a54 
Cherry-picked from curl#18330
@vszakats vszakats mentioned this pull request Aug 21, 2025
Closed
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
GHA/non-native: drop MS-DOS jobs, requires OpenSSL 1.0.2
0630e66 
Cherry-picked from #18330
Closes #18338
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
appveyor: drop testing with OpenSSL 1.0.2
12a10ca 
Cherry-picked from #18330
Closes #18337
@vszakats vszakats mentioned this pull request Aug 21, 2025
Closed
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
gnutls: fix building with older supported GnuTLS versions
7956a2a 
Also:
- GHA/linux-old: switch jobs from OpenSSL 1.0.2 to GnuTLS 3.5.8.

Ref: https://gitlab.com/gnutls/gnutls/blob/master/NEWS
Follow-up to fa0ccd9 #15774
Follow-up to 68bd759 #15667
Cherry-picked from #18330
Closes #18335
vszakats added a commit that referenced this pull request Aug 21, 2025
@vszakats
appveyor: drop testing with OpenSSL 1.1.0
7d5f535 
Replace with 1.1.1.

Follow-up to 12a10ca #18337
Cherry-picked from #18330
Closes #18341
@vszakats vszakats mentioned this pull request Aug 22, 2025
Closed
3 tasks
@vszakats vszakats force-pushed the osslb branch 2 times, most recently from 2e6be13 to 3c4e38c Compare August 22, 2025 14:03
@vszakats vszakats changed the title openssl: bump minimum OpenSSL version to 1.1.1 openssl: bump minimum OpenSSL version to 1.1.0 Aug 27, 2025
@vszakats vszakats force-pushed the osslb branch 2 times, most recently from dae8acd to e18cd50 Compare September 12, 2025 12:16
@vszakats vszakats force-pushed the osslb branch 2 times, most recently from a552041 to 14e8842 Compare September 22, 2025 21:49
@vszakats vszakats force-pushed the osslb branch 2 times, most recently from 58ce666 to e4e1795 Compare October 2, 2025 22:19
@vszakats vszakats changed the title openssl: bump minimum OpenSSL version to 1.1.0 openssl: bump minimum OpenSSL version to 3.0.0 Oct 2, 2025
@vszakats vszakats force-pushed the osslb branch 5 times, most recently from c1a7488 to 6846277 Compare October 10, 2025 23:27
@vszakats vszakats mentioned this pull request Nov 11, 2025
Closed
@vszakats vszakats closed this in 69c89bf Nov 15, 2025
@vszakats vszakats deleted the osslb branch November 15, 2025 15:01
vszakats added a commit to vszakats/curl that referenced this pull request Nov 15, 2025
@vszakats
DEPRECATE.md: move OpenSSL to past removals
7d32f03 
Follow-up to 69c89bf curl#18330
@vszakats vszakats mentioned this pull request Nov 15, 2025
Closed
vszakats added a commit that referenced this pull request Nov 15, 2025
@vszakats
DEPRECATE.md: move OpenSSL to past removals
bb213bd 
Follow-up to 69c89bf #18330

Closes #19542
vszakats added a commit to vszakats/curl that referenced this pull request Nov 15, 2025
@vszakats
CI: bump Circle CI jobs to to Ubuntu 22.04 runners for OpenSSL 3
a4ab219 
Ref: https://packages.ubuntu.com/jammy/libssl-dev

Follow-up to 69c89bf curl#18330
@vszakats vszakats mentioned this pull request Nov 15, 2025
Closed
vszakats added a commit that referenced this pull request Nov 15, 2025
@vszakats
CI: bump Circle CI jobs to Ubuntu 22.04 runners for OpenSSL 3
8ba10a7 
Ref: https://packages.ubuntu.com/jammy/libssl-dev

Follow-up to 69c89bf #18330

Closes #19546
@davidben davidben mentioned this pull request Nov 20, 2025
Open
vszakats added a commit to vszakats/curl that referenced this pull request Dec 4, 2025
@vszakats
openssl: simplify HAVE_KEYLOG_CALLBACK guard
44ffc16 
non-LibreSSL always includes BoringSSL and AWS-LC, no need to check for
them explicitly.

Follow-up to 69c89bf curl#18330
@vszakats vszakats mentioned this pull request Dec 4, 2025
Closed
vszakats added a commit that referenced this pull request Dec 4, 2025
@vszakats
openssl: simplify HAVE_KEYLOG_CALLBACK guard
6d04227 
non-LibreSSL always includes BoringSSL and AWS-LC, no need to check for
them explicitly.

Follow-up to 69c89bf #18330
Closes #19843
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CI Continuous Integration feature-window A merge of this requires an open feature window TLS

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vszakats