[openssl/openssl] 1977c6: Remove support for SSLv3
0 views
Skip to first unread message
Andrew Dinh
Dec 15, 2025, 3:55:35 PM (yesterday) Dec 15
to openssl...@openssl.org
Branch: refs/heads/feature/removesslv3
Home: https://github.com/openssl/openssl
Commit: 1977c6c9c72ec3f5a6263e7181de40988236cb5d
https://github.com/openssl/openssl/commit/1977c6c9c72ec3f5a6263e7181de40988236cb5d
Author: Kurt Roeckx <ku...@roeckx.be>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/coveralls.yml
M .github/workflows/fips-checksums.yml
M .github/workflows/fuzz-checker.yml
M .github/workflows/os-zoo.yml
M .github/workflows/prov-compat-label.yml
M .github/workflows/provider-compatibility.yml
M .github/workflows/run-checker-daily.yml
M .github/workflows/static-analysis-on-prem.yml
M .github/workflows/static-analysis.yml
M .github/workflows/windows.yml
M CHANGES.md
M Configure
M apps/ciphers.c
M apps/include/opt.h
M apps/lib/s_cb.c
M apps/list.c
M apps/s_client.c
M apps/s_server.c
M apps/s_time.c
M doc/man1/openssl-ciphers.pod.in
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-s_time.pod.in
M doc/man1/openssl-sess_id.pod.in
M doc/man1/openssl.pod
M doc/man3/SSL_CONF_cmd.pod
M doc/man3/SSL_CTX_new.pod
M doc/perlvars.pm
M ssl/build.info
M ssl/methods.c
M ssl/record/methods/build.info
M ssl/record/methods/recmethod_local.h
R ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls_common.c
M ssl/s3_enc.c
M ssl/s3_lib.c
M ssl/s3_msg.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/ssl_sess.c
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
M ssl/t1_trce.c
M test/README.ssltest.md
M test/helpers/ssl_test_ctx.c
M test/recipes/70-test_asyncio.t
M test/recipes/70-test_clienthello.t
M test/recipes/70-test_recordlen.t
M test/recipes/70-test_renegotiation.t
M test/recipes/70-test_servername.t
M test/recipes/70-test_sslsessiontick.t
M test/recipes/70-test_sslsignature.t
M test/recipes/70-test_sslvertol.t
M test/recipes/80-test_ssl_new.t
M test/recipes/80-test_ssl_old.t
M test/recipes/90-test_fatalerr.t
M test/recipes/90-test_sslapi.t
M test/ssl-tests/02-protocol-version.cnf
M test/ssl-tests/04-client_auth.cnf.in
M test/ssl-tests/protocol_version.pm
M test/ssl_ctx_test.c
M test/ssl_old_test.c
M test/sslapitest.c
Log Message:
-----------
Remove support for SSLv3
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28390)
Commit: 0c38e433ed95aef5baf4c6b491d9238004e353e6
https://github.com/openssl/openssl/commit/0c38e433ed95aef5baf4c6b491d9238004e353e6
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M crypto/err/openssl.txt
M crypto/rsa/rsa_err.c
M crypto/ssl_err.c
M include/openssl/rsaerr.h
M include/openssl/ssl.h.in
M include/openssl/sslerr.h
M ssl/ssl_ciph.c
Log Message:
-----------
Remove unused SSLv3 specific error codes
Also remove the SSL_TXT_SSLV3 name.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28443)
Commit: 40b454de546ca9d0378a16b21d046dd925f35f54
https://github.com/openssl/openssl/commit/40b454de546ca9d0378a16b21d046dd925f35f54
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Address SSLv3 removal nits
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28442)
Commit: 67c33ab7cd15eed4659356031e93f1f2746b1438
https://github.com/openssl/openssl/commit/67c33ab7cd15eed4659356031e93f1f2746b1438
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/ssl_err.c
M include/openssl/sslerr.h
M include/openssl/sslerr_legacy.h
M ssl/s3_lib.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/t1_lib.c
Log Message:
-----------
Rename SSL3 error codes to TLS equivalents
Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28549)
Commit: 591e59ac5f511122de930bc27f229deae277705e
https://github.com/openssl/openssl/commit/591e59ac5f511122de930bc27f229deae277705e
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M Configure
Log Message:
-----------
Deprecate SSL3 Configure flags
Show a deprecated warning if users attempt to run Configure script with
no-ssl3, no-ssl, or no-ssl3-method. Also adds a fix to the Configure
script preventing users from enabling deprecated flags.
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28559)
Commit: f0de14daa44864da38d812be2584d826c8abfee0
https://github.com/openssl/openssl/commit/f0de14daa44864da38d812be2584d826c8abfee0
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M Configure
Log Message:
-----------
Allow enabling deprecated flags that haven't been removed yet
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28559)
Commit: 0aff93a4dfccb27839f2129c6d6d4ae2a016b2ab
https://github.com/openssl/openssl/commit/0aff93a4dfccb27839f2129c6d6d4ae2a016b2ab
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M INSTALL.md
M NOTES-NONSTOP.md
M fuzz/README.md
M test/README.ssltest.md
Log Message:
-----------
Update documentation using enable-ssl3 Configure flags
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28637)
Commit: b9f3d2977fdf0ee48926ca86ef2d0405b606bf49
https://github.com/openssl/openssl/commit/b9f3d2977fdf0ee48926ca86ef2d0405b606bf49
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/os-zoo.yml
Log Message:
-----------
Remove sslv3 flags from x86 CI jobs
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29362)
Commit: 1063038c39533e8658759460e751e474a43453b4
https://github.com/openssl/openssl/commit/1063038c39533e8658759460e751e474a43453b4
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add entry to CHANGES.md
Explain the changes to configure
Reviewed-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29386)
Compare: https://github.com/openssl/openssl/compare/d433455150a6...1063038c3953
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 1977c6c9c72ec3f5a6263e7181de40988236cb5d
https://github.com/openssl/openssl/commit/1977c6c9c72ec3f5a6263e7181de40988236cb5d
Author: Kurt Roeckx <ku...@roeckx.be>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/coveralls.yml
M .github/workflows/fips-checksums.yml
M .github/workflows/fuzz-checker.yml
M .github/workflows/os-zoo.yml
M .github/workflows/prov-compat-label.yml
M .github/workflows/provider-compatibility.yml
M .github/workflows/run-checker-daily.yml
M .github/workflows/static-analysis-on-prem.yml
M .github/workflows/static-analysis.yml
M .github/workflows/windows.yml
M CHANGES.md
M Configure
M apps/ciphers.c
M apps/include/opt.h
M apps/lib/s_cb.c
M apps/list.c
M apps/s_client.c
M apps/s_server.c
M apps/s_time.c
M doc/man1/openssl-ciphers.pod.in
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-s_time.pod.in
M doc/man1/openssl-sess_id.pod.in
M doc/man1/openssl.pod
M doc/man3/SSL_CONF_cmd.pod
M doc/man3/SSL_CTX_new.pod
M doc/perlvars.pm
M ssl/build.info
M ssl/methods.c
M ssl/record/methods/build.info
M ssl/record/methods/recmethod_local.h
R ssl/record/methods/ssl3_meth.c
M ssl/record/methods/tls_common.c
M ssl/s3_enc.c
M ssl/s3_lib.c
M ssl/s3_msg.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/ssl_sess.c
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_srvr.c
M ssl/t1_trce.c
M test/README.ssltest.md
M test/helpers/ssl_test_ctx.c
M test/recipes/70-test_asyncio.t
M test/recipes/70-test_clienthello.t
M test/recipes/70-test_recordlen.t
M test/recipes/70-test_renegotiation.t
M test/recipes/70-test_servername.t
M test/recipes/70-test_sslsessiontick.t
M test/recipes/70-test_sslsignature.t
M test/recipes/70-test_sslvertol.t
M test/recipes/80-test_ssl_new.t
M test/recipes/80-test_ssl_old.t
M test/recipes/90-test_fatalerr.t
M test/recipes/90-test_sslapi.t
M test/ssl-tests/02-protocol-version.cnf
M test/ssl-tests/04-client_auth.cnf.in
M test/ssl-tests/protocol_version.pm
M test/ssl_ctx_test.c
M test/ssl_old_test.c
M test/sslapitest.c
Log Message:
-----------
Remove support for SSLv3
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28390)
Commit: 0c38e433ed95aef5baf4c6b491d9238004e353e6
https://github.com/openssl/openssl/commit/0c38e433ed95aef5baf4c6b491d9238004e353e6
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M crypto/err/openssl.txt
M crypto/rsa/rsa_err.c
M crypto/ssl_err.c
M include/openssl/rsaerr.h
M include/openssl/ssl.h.in
M include/openssl/sslerr.h
M ssl/ssl_ciph.c
Log Message:
-----------
Remove unused SSLv3 specific error codes
Also remove the SSL_TXT_SSLV3 name.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28443)
Commit: 40b454de546ca9d0378a16b21d046dd925f35f54
https://github.com/openssl/openssl/commit/40b454de546ca9d0378a16b21d046dd925f35f54
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
Address SSLv3 removal nits
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28442)
Commit: 67c33ab7cd15eed4659356031e93f1f2746b1438
https://github.com/openssl/openssl/commit/67c33ab7cd15eed4659356031e93f1f2746b1438
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/ssl_err.c
M include/openssl/sslerr.h
M include/openssl/sslerr_legacy.h
M ssl/s3_lib.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/statem/statem_clnt.c
M ssl/t1_lib.c
Log Message:
-----------
Rename SSL3 error codes to TLS equivalents
Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28549)
Commit: 591e59ac5f511122de930bc27f229deae277705e
https://github.com/openssl/openssl/commit/591e59ac5f511122de930bc27f229deae277705e
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M Configure
Log Message:
-----------
Deprecate SSL3 Configure flags
Show a deprecated warning if users attempt to run Configure script with
no-ssl3, no-ssl, or no-ssl3-method. Also adds a fix to the Configure
script preventing users from enabling deprecated flags.
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28559)
Commit: f0de14daa44864da38d812be2584d826c8abfee0
https://github.com/openssl/openssl/commit/f0de14daa44864da38d812be2584d826c8abfee0
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M Configure
Log Message:
-----------
Allow enabling deprecated flags that haven't been removed yet
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28559)
Commit: 0aff93a4dfccb27839f2129c6d6d4ae2a016b2ab
https://github.com/openssl/openssl/commit/0aff93a4dfccb27839f2129c6d6d4ae2a016b2ab
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M INSTALL.md
M NOTES-NONSTOP.md
M fuzz/README.md
M test/README.ssltest.md
Log Message:
-----------
Update documentation using enable-ssl3 Configure flags
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28637)
Commit: b9f3d2977fdf0ee48926ca86ef2d0405b606bf49
https://github.com/openssl/openssl/commit/b9f3d2977fdf0ee48926ca86ef2d0405b606bf49
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/os-zoo.yml
Log Message:
-----------
Remove sslv3 flags from x86 CI jobs
Reviewed-by: Neil Horman <nho...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29362)
Commit: 1063038c39533e8658759460e751e474a43453b4
https://github.com/openssl/openssl/commit/1063038c39533e8658759460e751e474a43453b4
Author: Andrew Dinh <and...@openssl.org>
Date: 2025-12-15 (Mon, 15 Dec 2025)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add entry to CHANGES.md
Explain the changes to configure
Reviewed-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
Reviewed-by: Neil Horman <nho...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29386)
Compare: https://github.com/openssl/openssl/compare/d433455150a6...1063038c3953
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages