OpenSSL 1.1.1 End Of Life
We are now less than 6 months away from the End Of Life (EOL) date for the OpenSSL 1.1.1 series. Users of OpenSSL 1.1.1 should consider their options and plan any actions they might need to take.
OpenSSL 1.1.1 is a Long Term Support (LTS) release. Our policy is to support LTS releases for a period of 5 years. During the last year of that we typically only backport security fixes to a release.
OpenSSL 1.1.1 was released on 11th September 2018, and so it will be considered EOL on 11th September 2023. It will no longer be receiving publicly available security fixes after that date.
If you got your copy of OpenSSL 1.1.1 from your Operating System vendor (e.g. via .rpm or .deb packages) or some other third party then the support periods that you can expect from them may differ to those provided by the OpenSSL Project itself. You should check with your OS vendor/other third party what support for OpenSSL you might expect from them.
If you downloaded your copy of OpenSSL direct from the OpenSSL project then we would strongly encourage you to plan an upgrade to a more recent version before 1.1.1 reaches its EOL date. Our most recent version is OpenSSL 3.1 which will be supported until 14th March 2025. Also available is OpenSSL 3.0 which is an LTS release and will be supported until 7th September 2026. Our migration guide provides some useful information on the issues you should be considering when upgrading.
Another option is to purchase a premium support contract which offers extended support (i.e. ongoing access to security fixes) for 1.1.1 beyond its public EOL date. There is no defined end date for this extended support and we intend to continue to provide it for as long as it remains commercially viable for us to do so (i.e. for the foreseeable future). Further information is available on our support contracts page. You can also send an email to osf-contact@openssl.org for further information.