[Breaking change]: .NET 10 requires OpenSSL 1.1.1 or later on Unix

[vcsjones]

Description

For platforms where .NET uses OpenSSL for cryptography such as Linux, OpenSSL 1.1.1 or later is required.

.NET 10 on macOS does not use OpenSSL and is not impacted.

Version

.NET 10 GA

Previous behavior

.NET applications supported OpenSSL prior to 1.1.1, such as 1.0.2 or 1.1.0.

New behavior

.NET applications require OpenSSL 1.1.1 or later. If OpenSSL 1.1.1 is not available on a platform that requires it, the application will fail to start.

Type of breaking change

• Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
• Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
• Behavioral change: Existing binaries might behave differently at run time.

Reason for change

OpenSSL prior to OpenSSL 1.1.1 is outdated and not supported by mainstream Linux or Unix distributions. Supporting these out-of-date OpenSSL increases complexity of maintenance where that effort is better made on supporting modern versions of OpenSSL.

Recommended action

Use a distribution of Unix or Linux that includes OpenSSL 1.1.1 or later.

Feature area

Cryptography

Affected APIs

No response

---

Associated WorkItem - 503001

[vcsjones]

This needs 👍 from @bartonjs for review.

[bartonjs]

Oh, right, this is more "it's exploding, and we're going to not fix it" than "we deleted all the remaining supporting code in main".

Yeah, LGTM.