OpenSSL 1.1.1 has ended their support for version 1.1.1 (https://www.openssl.org/blog/blog/2023/06/15/1.1.1-EOL-Reminder/) on sept 11 2023. OPNsense is on 1.1.1 and I think it's because of FreeBSD stable is still stuck on 1.1.1 (https://wiki.freebsd.org/OpenSSL). There are packages on ports for OpenSSL 3+ though...
There are people warning for this for some time now. When is the switch to 3.0 or 3.1 planned? Is it posible OPNSense goes ahead with it before FreeBSD does, or is that too complex? Couldn't find info on this subject, except that FreeBSD is planning it fot 14.x somwhere in 2026! Shouldn't it be quite soon, because official support for 1.1.1 upstream has now come to an end?
It is what it is. I could be wrong but I doubt FreeBSD 13 will ever move to OpenSSL 3.
I'm planning to see of the build based on the ports will work, but not before the business edition was branched for 23.10 and I still see a steady stream of third party updates fixing OpenSSL 3 support. It's LibreSSL-class problems all over again ;)
Cheers,
Franco
I always wonder why people make such a fuss about such things. If the FreeBSD project delivers a supported release with OpenSSL 1.1.1 in the base system, of course that is supported. What upstream does is irrelevant in this context. FreeBSD will get security fixes for this OpenSSL version as long as the base OS is supported.
https://www.openssl.org/news/vulnerabilities-3.0.html
2023: 14
2022: 15
2021: 2
Total: 31
https://www.openssl.org/news/vulnerabilities-1.1.1.html
2023: 9
2022: 6
2021: 7
Total: 22
https://www.freebsd.org/security/advisories/