| updated | changelog | ||
|---|---|---|---|
2025-08-12 |
|
During the OpenSSL Foundation BAC meeting in July, community representatives were asked to reach out to their members to gather views on when SSLv3 should be removed from the OpenSSL codebase.
Earlier discussions had already established a clear consensus: SSLv3, as a legacy protocol, should be removed. The only question left was the timing. Two options were under consideration:
- v3.6: next minor release, planned for October 2025
- v4.0: next major release, planned for April 2026
Note
For convenience, the Release Strategy policy currently defines the following:
- MAJOR: API/ABI incompatible changes will increase this number
- MINOR: API/ABI compatible feature releases will change this
This report brings together the feedback from each community, providing the OpenSSL Foundation with a consolidated view to inform the final decision.
| Community | v3.6 | v4.0 | Votes | Notes |
|---|---|---|---|---|
| Academics | 0% | 100% | 5 | Poll |
| Committers | 50% | 50% | 10 | Poll |
| Distributions | 75% | 25% | ? | Link |
| Individuals | 100% | 0% | ? | Link |
| Large Businesses | 0% | 100% | ? | Link |
| Small Businesses | 100% | 0% | ? | Link |