Recently, OpenSSL proposed the deprecation of TLS 1.0/1.1 and solicited community feedback on the idea.

Feedback on the proposal was generally split down the middle, with half of the respondents indicating immediate depreciation with near-term removal was acceptable, while the remainder of the respondents with affirmative opinions noted that they represent, or know of products whose environment disallowed updating to TLS1.2 or later, and would need to re-enable the deprecated features for the foreseeable future.

Given this feedback, OpenSSL would like to propose deprecation of these protocol versions (allowing for build time re-enablement) in OpenSSL 3.5. This build time configuration option would disable the building of code supporting TLS1.0/1.1 entirely, preventing runtime enablement. Enabling the build time variable would compile the code in, but leave it runtime disabled unless the security level was reduced to 0 (as with previous releases). A complete removal of the TLS 1.0/1.1 code would follow in a future major release.

OpenSSL is looking for further feedback on that proposed action. A thread will be available in our GitHub discussions space.

Please take a moment to register your opinion on the plan in that space.