Drop support for OpenSSL 1.0.2 and 1.1.0

[rhenium]

I would like to drop support for OpenSSL 1.1.0 or earlier, and require OpenSSL 1.1.1 as the minimum version. OpenSSL 1.0.2 and 1.1.0 series reached EOL in 2019-12. I intend to increase the minimum supported version for LibreSSL, too, to currently maintained branch (3.9 or later).

The last time we raised the minimum requirement was in 2020 (#396). At that time, although OpenSSL 1.0.2 and 1.1.0 had already reached EOL, we chose to maintain compatibility because they were still widely used, and distributions were still providing security fixes. All relevant distributions have now reached their EOL:

Distributions with OpenSSL 1.0.2:

• RHEL 7: EOL 2024-06
• Ubuntu 16.04 LTS: EOL 2021-04
• Amazon Linux 2: EOL 2026-06 - OpenSSL 1.1.1c can be installed via the openssl11{,-devel} package

Distributions with OpenSSL 1.1.0:

• Debian 9: EOL 2022-06
• Ubuntu 18.04 LTS: EOL 2023-04

Dropping these versions allows us to:

• Remove most of extconf.rb checks and the compatibility macros in openssl_missing.h
• Use TLS 1.3, X25519, Ed25519, etc. in test cases without very carefully writing omit/pend

At this time, I plan to keep OpenSSL 1.1.1. While it has also reached EOL in 2023-09, it is still widely used. Moreover, since LibreSSL (and the upcoming AWS-LC) implements API largely based on OpenSSL 1.1, dropping support for OpenSSL 1.1.1 won't reduce complexity as much.

[junaruga]

Okay. I would agree with this!

Just note that RHEL 8 is using OpenSSL 1.1.1.

[rhenium]

The following PRs are merged now:

• Require LibreSSL 3.9 or later (Drop support for 3.1-3.8) #836
• Require OpenSSL 1.1.0 or later (Drop support for 1.0.2) #839
• Require OpenSSL 1.1.1 or later (Drop support for 1.1.0) #841