Removal of SSL v3
Paul Dale Mon 28 Jul 2025 10:05PMPublicSeen by 13Some comments from the academic community for the foundation: https://openssl-communities.org/d/VF7No4lz/removal-of-sslv3
Randall BeckerThu 21 Aug 2025 2:39PM
Moved by Randall Becker, Seconded by James Bourne on 21 Aug 2025:
Whereas no objections (or any other comments for that matter) have been received on inquiries to the either of the communities we represent, be it hereby decided that the SSLv3 feature shall be removed for the next major OpenSSL LTS release. This shall be referred to the Technical Advisory Board for action.
Randall BeckerMon 25 Aug 2025 8:08PM
Not the next major, and advice only.
Randall BeckerMon 25 Aug 2025 8:10PM
Replaced with: BAC recommend the removal of SSLv3 in the 3.6 release.
Recommend: BAC recommend the removal of SSLv3 in the 3.6 release.
poll by Paul Dale Closed Mon 25 Aug 2025 9:00PM
The consensus across communities is to remove SSLv3 at the earliest opportunity, ideally in version 3.6. If that is not feasible, removal should occur as soon as practical, potentially in version 4.0.
Results
| Results | Option | % of points | Voters | |||
|---|---|---|---|---|---|---|
| Yes | 100 | 5 |   | |||
| No | 0 | 0 | ||||
| Undecided | 1 |  |
5 of 6 votes cast (83% participation)
Paul DaleTue 26 Aug 2025 9:18PM
The consensus here is to remove SSLv3 in version 3.6. This is is not represented in the raised vote which, as worded, slates SSLv3 removal in 4.0.
Jeff JohnsonThu 28 Aug 2025 1:55PM
I probably misunderstood at the latest BAC meeting. I thought the commit window for 3.6 had passed and therefore the earliest release for removal would be 4.0. If I misunderstood that, I apologize.
Paul Dale ·Mon 28 Jul 2025 10:05PM