I am writing to get your opinion on the version of OpenSSL in Ubuntu 26.04 LTS.
OpenSSL 3.5 is the current version in Resolute Raccoon release pocket.
From now on, only bug fixes and security patches will be applied to
3.5
It is an LTS release, it will be supported by upstream until
2030-04-08. There is a good overlap with 26.04 End of Standard Support
until 2031-04.
OpenSSL 3.6 is the current upstream release
(https://github.com/openssl/openssl/releases/tag/openssl-3.6.0). It is
a Non-LTS release, and it will be full supported for 13 months
(2026-11)
OpenSSL 4.0 is the next upstream release. It is also a Non-LTS, and It
will introduce API/ABI incompatible changes.
26.04 Timeline
- Oct 1, 2025 OpenSSL 3.6 release
- February 19, 2026 Ubuntu Feature Freeze
- March 25, 2026 OpenSSL 4.0 Beta release (estimated)
- April 7, 2026 OpenSSL 4.0 Final release
- April 16, 2026 Ubuntu Final Freeze
I am ruling out 4.0 since it will not be Feature Complete before
Ubuntu Feature Freeze, there isn't enough time for reverse dependences
to adapt to the breaking API/ABI changes, and we want to avoid a major
version bump just before an LTS. You can find a preview of 4.0
breaking changes under milestone
https://github.com/openssl/openssl/milestone/24.
My proposal is to stay on 3.5 for 26.04 LTS to take advantage of the
upstream LTS, and move to 4.0 directly in 26.10. To make sure we are
not falling behind, I plan to do a test rebuild of 3.6 in a PPA.
The downside is missing out on latest features from 3.6. Please let me
know what you think.
References:
https://openssl-library.org/policies/releasestrat/index.html
https://openssl-library.org/roadmap/index.html
https://discourse.ubuntu.com/t/resolute-raccoon-release-schedule/47198
Regards
Ravi
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
