OpenSSL 1.0, 1.1 EOL

[ShamrockLee]

OpenSSL 1.0 is already deprecated, an 1.1 is going to hit its end of life at 2023-09-11. Upgrade OpenSSL to at least 1.2 is necessary as a security-oriented software project.

[wakearray]

All versions of OpenSSL prior to OpenSSL 3.0 LTS are EOL. OpenSSL 3.0 LTS will be supported till 07 Sep 2026 or we could go with 3.1 and it will be supported till 14 Mar 2025 at which point we will need to upgrade to whatever version replaces it.

Currently, the most recent FIPS-validated release is 3.0.8, but as this isn't an application certified for government, medical, or financial use, it's probably best to just go with the most recent LTS release, currently 3.0.12.

There's quite a significant amount of changes between 1.x and 3.x so before even looking at the specific encryption implementation (I'm very new to Rust), I can say this may not be a quick and easy upgrade.

Breaking changes between OpenSSL 1.0.2 and 1.1.1 can be found here: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes

Breaking changes between OpenSSL 1.1.1 and 3.0/3.1 can be found here: https://www.openssl.org/docs/man3.1/man7/migration_guide.html#Upgrading-from-OpenSSL-1.1.1