We have a need to upgrade the OpenSSL on our machine from 1.0.2j to 1.1.0 (we are running Apache 2.4.25 VC14) - are there plans to build an upgrade for this? Or does anyone know of a way to do it?
Thanks,
Brian
Well, there is no plan to upgrade to 1.1.0 until Apache is modified to use it. 1.1.0 has a drastic API change so it's not like prior versions that one can simply just start building with instead (like 1.0.0, 1.0.1 & 1.0.2).
So once Apache has been modified to deal with it (in the works), we'll be upgrading to it.
As a side note, the last few high severity bugs in OpenSSL have been only in 1.1.0.
https://www.openssl.org/news/vulnerabilities.html#y2016