OpenSSL 1.1.1 Reaches End of Life, But Extended Support Available for a Price
OpenSSL 1.1.1, launched in 2018 as a Long Term Support (LTS) version of the open-source secure communication library, has reached its end of life. This means users must transition to a newer version unless they are willing to pay for extended support. For those not prepared to shift to the next LTS version, OpenSSL 3.0, which is expected to be supported until 2026, a $50,000 annual support contract is available. This contract is somewhat indefinite, with OpenSSL stating it offers extended support for LTS releases beyond the public EOL date as long as it remains commercially viable. Transitioning to OpenSSL 3.0 or the latest 3.1 version is essential for ongoing support, though the latter will only have permission until 2025. The OpenSSL project acknowledges potential challenges in migration, noting that most applications would need at least recompilation to function with the new version. The retirement’s implications are significant, especially for components hardcoded to expect OpenSSL services, like specific IoT devices.
The article is “OpenSSL 1.1.1 reaches the end of life for all but the well-heeled.“