OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
Provides
Requires
License
Apache-2.0
Changelog
* Tue Jan 27 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.5-1
- Rebase to OpenSSL 3.5.5
Resolves: RHEL-136895
Resolves: RHEL-142004
Resolves: RHEL-142012
Resolves: RHEL-142020
Resolves: RHEL-142024
Resolves: RHEL-142028
Resolves: RHEL-142032
Resolves: RHEL-142036
Resolves: RHEL-142040
Resolves: RHEL-142044
Resolves: RHEL-142048
Resolves: RHEL-142052
Resolves: RHEL-142056
* Thu Oct 23 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
- Fix CVE-2025-9230
Resolves: RHEL-115928
* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
- Fix globally disabled LTO
Related: RHEL-111633
* Thu Aug 28 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-4
- Make openssl speed test signatures without errors
Resolves: RHEL-95502
- Build tests in check and without LTO
Resolves: RHEL-111633
* Thu Jul 17 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
- Add custom define to disable symbol versioning in downstream patched code
Also add stricter Suggests for openssl-fips-provider
Resolves: RHEL-104236
- Fix Requires/Provider to fix default install of fips providers
Resolves: RHEL-104856
* Wed Jul 16 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-2
- Move fips.so to a seprate subpackage
Reverts FIPS self test for SLH-DSA
Add Suggests to try to prefer the openssl-fips-provider package
over the fips-provider-next package by default
Revolves: RHEL-102408
Related: RHEL-80854
* Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1
- Rebasing to OpenSSL 3.5.1
Resolves: RHEL-97797
Resolves: RHEL-98723
Resolves: RHEL-99352
* Mon Jun 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-4
- Compact patches for better maintainability
Related: RHEL-80854
- Make hybrid MLKEM work with our FIPS provider (3.0.7)
Resolves: RHEL-95239
* Thu May 22 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-3
- Fix regressions caused by rebase to OpenSSL 3.5
Related: RHEL-80854
* Fri May 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
- OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
Resolves: RHEL-88910
- PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
Resolves: RHEL-88912
- Fix `openssl speed` running in FIPS mode
Resolves: RHEL-89860
- pkeyutl ecdsa signature with sha1 shouldn't work by default
Resolves: RHEL-89861
- Expose settable params for EVP_SKEY
Resolves: RHEL-89862
- Restore RHEL9-style indicators defines
Resolves: RHEL-89859
- Enable sslkeylog support
Resolves: RHEL-90854
* Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
- Rebasing OpenSSL to 3.5
Resolves: RHEL-80854
Resolves: RHEL-50208
Resolves: RHEL-50210
Resolves: RHEL-50211
Resolves: RHEL-85954
* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
- RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
Resolves: RHEL-76756
* Thu Sep 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
- rebuilt
Related: RHEL-55339
* Wed Sep 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-5
- Fix CVE-2024-6119: Possible denial of service in X.509 name checks
Resolves: RHEL-55339
* Wed Aug 21 2024 Clemens Lang <cllang@redhat.com> - 1:3.2.2-4
- Fix CVE-2024-5535: SSL_select_next_proto buffer overread
Resolves: RHEL-45657
* Sat Jun 22 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
- Replace HKDF backward compatibility patch with the official one
Related: RHEL-40823
* Wed Jun 12 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-2
- Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
Resolves: RHEL-40823
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
- Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741,
and Minerva attack.
Resolves: RHEL-32148
Resolves: RHEL-36792
Resolves: R