OpenSSL 3.0.7 SHA1 Bug/Problems Rocky 9

I currently run a Rocky Linux 9 server that hosts many WordPress sites. Recently we had a need to install and backup one of the sites, this backup plugin did not work. After going through support, it seems that there is a bug in OpenSSL 3.0.7 with SHA1 hashing which is preventing this backup plugin from functioning.

How can I get a pulse on how soon OpenSSL 3.0.8 will be released for Rocky 9? Is there any way for me to get a rough understanding of how long it will take for an updated package to be released for Rocky?

If there is any contribution efforts that I could do to help this cause I would love to support that.

It is unlikely to happen. Upgrading openssl, regardless of how minor it is, can cause problems throughout the rest of the distribution’s packages. I would report the issue here. Additionally, the backup plugin maintainers should be made aware that SHA1 should be changed to another hashing algorithm.

reference 1
reference 2

Is it correct to state that the only reason OpenSSL would be updated in RockyLinux is if RHEL packages up a higher version than RockyLinux? I am trying to find at what point packages are updated in RockyLinux?

We attempt to match RHEL 1:1. If Red Hat decides to rebase packages in a future release, we would also do so.

Majority of packages get rebases or major upgrades during minor releases (e.g. 9.3, when it is released, will receive several package upgrades and rebases). There are other packages that will receive several updates and patches that are not a rebase or upgrade. Between now and November for 9.2 you normally would not see any version changes, except for patches to fix a bug or security issue.


  • Current sssd version is 2.8.2-2, next will likely be in the 2.9.X range (see here) - This is a rebase
  • Current openssl version is 3.0.7-16, there version stays the same but many patches will come in down the road (see here).

Thank you, this gives me great insight into how the release system works for RHEL/Rocky. This also gives me a general timeframe to anticipate updates to OS. I am reaching out to the backup vendor to plead the case of upgrading from SHA1 to another hashing algorithm.