Removal of SSL v3
Paul Dale
Public
Seen by 11
Some comments from the academic community for the foundation: https://openssl-communities.org/d/VF7No4lz/removal-of-sslv3
Randall Becker Thu 21 Aug 2025 2:39PM
Moved by Randall Becker, Seconded by James Bourne on 21 Aug 2025:
Whereas no objections (or any other comments for that matter) have been received on inquiries to the either of the communities we represent, be it hereby decided that the SSLv3 feature shall be removed for the next major OpenSSL LTS release. This shall be referred to the Technical Advisory Board for action.
Randall Becker Mon 25 Aug 2025 8:08PM
Not the next major, and advice only.
Randall Becker Mon 25 Aug 2025 8:10PM
Replaced with: BAC recommend the removal of SSLv3 in the 3.6 release.
Poll Created Mon 25 Aug 2025 8:13PM
Recommend: BAC recommend the removal of SSLv3 in the 3.6 release. Closed Mon 25 Aug 2025 9:00PM
The consensus across communities is to remove SSLv3 at the earliest opportunity, ideally in version 3.6. If that is not feasible, removal should occur as soon as practical, potentially in version 4.0.
Results
| Results | Option | % of points | Voters | |||
|---|---|---|---|---|---|---|
|
|
Yes | 100.0% | 5 |
|
||
| No | 0.0% | 0 | ||||
| Undecided | 0% | 1 |
|
5 of 6 people have participated (83%)
Paul Dale Tue 26 Aug 2025 9:18PM
The consensus here is to remove SSLv3 in version 3.6. This is is not represented in the raised vote which, as worded, slates SSLv3 removal in 4.0.
Jeff Johnson Thu 28 Aug 2025 1:55PM
I probably misunderstood at the latest BAC meeting. I thought the commit window for 3.6 had passed and therefore the earliest release for removal would be 4.0. If I misunderstood that, I apologize.
Paul Dale · Mon 28 Jul 2025 10:05PM