OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 “The Benefits of Practicing Mindfulness and Meditation” “Unlocking the Potential of Mindfulness and Meditation”

According to current plans, support for OpenSSL 1.1.1 will come to an end in September 2023. It is recommended that users either upgrade to a more recent version or opt for extended support.

The OpenSSL Project has recently reminded users of their open source cryptography and secure communication toolkit that OpenSSL 1.1.1 will reach EoL on September 11, 2023, five years after its initial release. After this date, users will no longer receive security updates unless they invest in a premium support plan, which provides extended support beyond the EoL date. Premium level support is designed for large enterprises and costs $50,000 per year.

The OpenSSL Project has stated that there is no defined end date for the extended support and that they intend to continue to provide it for as long as it is commercially viable, meaning the foreseeable future. Users who want to receive security updates without paying for a premium plan will have to upgrade to a newer version. The most recent, OpenSSL 3.1, will be supported until March 2025, while OpenSSL 3.0, which is a long term support (LTS) release, will be supported until September 2026.

Since the disclosure of the Heartbleed vulnerability back in 2014, OpenSSL has significantly improved its security. In the first two months of 2022, twenty-four vulnerabilities were found within the project, including five high-severity issues which could lead to denial-of-service (DoS) attacks or arbitrary code execution. One of them was patched in February 2023.

In conclusion, OpenSSL 1.1.1 will reach EoL in September of 2023. Users have been instructed to either upgrade to a newer version or pay for extended support to continue receiving security updates. OpenSSL has evolved significantly in terms of security since the Heartbleed vulnerability was disclosed, with twenty-four vulnerabilities having been found in the project in the first two months of 2022. The most recent version, OpenSSL 3.1, will be supported until March 2025, while OpenSSL 3.0, a long term support (LTS) release, will be supported until September 2026.

Key Points:

• OpenSSL 1.1.1 will reach EoL on September 11, 2023.
• Premium level support is designed for large enterprises and it costs $50,000 per year.
• OpenSSL 3.1 will be supported until March 2025, and OpenSSL 3.0, an LTS release, will be supported until September 2026.
• Since the disclosure of the Heartbleed vulnerability, OpenSSL has improved its security.