OpenSSL 1.0.2* end of life

Latest response


OpenSSL 1.0.2 is going end-of-life at the end of 2019. 1.0.2k is the latest release available in the RHEL repositories. When can we expect an update to 1.1.1 ?


Hi Ben,

Just for your information ... OpenSSL 1.1.1 is already available for RHEL 8 :

I think it won't take too much time until it's available for RHEL 7 as well. :)


Thanks Christian

You're welcome, Ben ! :)

Hi - please can you reconfirm the support status of OpenSSL v1.0.2 (in this case on RHEL 7.6 EUS)?

With OpenSSL v1.0.2 going EOL end of 2019, how does this affect support if at all please? Is there an EOL support date from RedHat on OpenSSL v1.0.2?

Thank you.

I'll provide our Python after 2020 page which provides a similar answer to a similar question, and I'll paste the important points below:

  • [An upstream project's] decision about which version of their project to support and develop is a separate choice to Red Hat's business decision about the level of technical support and software development offered on packages within Red Hat products such as RHEL and its derivatives.

  • Just because the [upstream] consider the software "unsupported" does not mean that [software] is "unsupported" within RHEL.

  • This difference between an "upstream project decision" and a "Red Hat product decision" is an important value provided by the RHEL subscription.

To answer your question directly, OpenSSL within RHEL7 remains supported for the entire lifecycle of RHEL7 as per the RHEL Product Lifecycle.

The version does not matter. We ship it, we support it.

Thank you very much for the prompt and clear response Jamie. Insightful and useful.

Much appreciated.

Now that openssl-1.0.2 no longer works with the recently expired Trust Chain Path A (AddTrust External CA Root) certificate, what's the plan?

We are using RHEL 7.7 with openssl-1..0.2.k-19 package and got this vulnerability It says that this is not fixed on 1.0.2k package. What is the plan?

Hi Gourav,

It might be a good idea to open a support case.

I know Jamie Bainbridge is a very active Red Hatter on this form, but opening a support case helps to get a broader awareness with in Red Hat for this issue.


Jan Gerrit Kootstra

The Red Hat CVE database has this information for CVE-2020-1968.

Hello, I currently have openssl-libs-1.0.2k-21.el7_9.s390x, openssl-1.0.2k-21.el7_9.s390x, openssl-ibmca-2.0.0-2.el7.s390x installed and need to update, do you know if a s390x architecture update will be available?

Another question is the s390x architecture affected by the vulnerability?

That's the latest package version in RHEL7, it's very unlikely to be updated further.

The CVE page also linked above suggests you can mitigate that by disabling static DH ciphersuites and shows how to identify vulnerable ciphers. You can get cipher names with openssl ciphers as described on man ciphers.

Exactly where to configure those depends on the application which uses OpenSSL.