Hello,
I just installed Rocky Linux 9.6 and noticed that it comes with OpenSSL version 3.2.2.
As far as I know, this version is scheduled to reach EoL on November 23rd.
Do you know when Rocky Linux is expected to include OpenSSL 3.5?
While browsing the forums, I came across a comment from back in 2021 that said:
“Remember, Rocky 8 is just a rebuild of upstream RedHat 8. So the official version of OpenSSL will always be what RedHat provides in their distro.
There may be additional repos that offer OpenSSL 3, but the core OS will always match RedHat.”
Is this still accurate today?
Should I be asking about OpenSSL 3.5 support on the Red Hat forums instead?
Or is there any chance that Rocky Linux itself might include OpenSSL 3.5 in a future release independently of Red Hat?
Thank you in advance…
Rocky Linux 9.7 and 10.1 will have openssl 3.5.0, which would be in November.
Rocky Linux remains an Enterprise Linux derivative, and thus, follows close to upstream as much as possible. The only time a newer openssl would ever show up in Rocky Linux is in our LookAhead variant (which mostly just follows CentOS Stream and is only used for internal testing).
CentOS Stream 9 and 10 have OpenSSL 3.5.0 right now. Which means it will land in all stable Enterprise Linux derivative releases in the fall.
1 Like
That is a red herring. Basically everything (that is open source) in RHEL is a fork. The upstream has its branches, which may die, but if Red Hat is committed to maintain their branch for RHEL, then they do so. (Just look at Python 2.7 or kernel in RHEL 7 – both upstreams did EoL years before RHEL 7.) Naturally, backporting (security) fixes from upstream becomes more costly if there is no upstream any more.
With new features (up to 2027 for RHEL 9) Red Hat has two options:
- backport to the branch they have in RHEL
- rebase the RHEL branch to more recent point in upstream
The backporting has its cost, but so does rebase too. RH has to ensure that the rebase does not break existing systems. (Such a thing has happened in past RHEL. Not pretty.)
Enterprise Linux aims to be “stable” as in “I installed a server and it will function a decade with regular dnf up”. Every so often you see a thread here on “my app is so nitpicky that any update will break it”. That is not supposed to happen on EL – either the fear is unfounded, or the app has questionable dependencies.