Wiki Link: https://fedoraproject.org/wiki/Changes/RemoveOpensslCompat
Discussion.fpo Link: https://discussion.fedoraproject.org/t/f40-change-proposal-removing-openssl-...
== Summary == We are going to remove the openssl1.1 package from Fedora 40.
== Owner == * Name: [[User:DmitryBelyavskiy| Dmitry Belyavskiy]] * Email: dbelyavs@redhat.com
== Detailed Description == In Fedora 36 we switched to OpenSSL 3.0 branch. This is a brand new version with new architecture. We left the openssl1.1 package for the applications that were unable to switch to the new API/architecture, 3rd-party applications, etc. The package was marked as deprecated in F37.
OpenSSL 1.1.1 has reached EOL in September 2023. We want to remove it from Fedora.
== Feedback ==
== Benefit to Fedora == This proposal ensures than no new packages in Fedora will use the deprecated OpenSSL version that will cause an overall increase of security/stability.
It will also reduce the maintenance burden for the OpenSSL maintainers, especially when new CVEs are published.
== Scope == * Proposal owners: provide assistance in migration to other developers.
* Other developers: Patch their packages to work with OpenSSL 3.0.
* Release engineering: This feature doesn't require coordination with release engineering.
* Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Trademark approval: N/A (not needed for this Change)
* Alignment with Community Initiatives:
== Upgrade/compatibility impact == 3rd-party packages depending on OpenSSL 1.1.1 should be replaced with new versions using new OpenSSL 3.0+.
== How To Test == OpenSSL 1.1 should not be available to install from Fedora repository. No packages should depend on OpenSSL 1.1.1.
== User Experience == Shouldn't be affected.
== Dependencies == We have found at least the following packages depending on OpenSSL 1.1: * gloo-0.5.0^git20230824.01a0c81-6.fc40.src.rpm * opensmtpd-6.8.0p2-12.fc39.src.rpm * python3.6-3.6.15-20.fc39.src.rpm
== Contingency Plan == None.
* Contingency mechanism: (What to do? Who will do it?) Package owners should update their packages to remove the dependency * Contingency deadline: beta freeze * Blocks release? Yes
== Documentation == Should be mentioned in Release Notes.
== Release Notes ==
openssl1.1 package is removed and should not be used by any packages.