[openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

Matt Caswell matt at openssl.org
Wed Jan 13 00:01:54 UTC 2016

On 12/01/16 22:43, Joe Flowers wrote:
> Hello OpenSSL Developers,
> I understand through your previous announcements that OpenSSL 0.9.8 is no longer "supported", and no more "security fixes", nor "security updates" will be provided by OpenSSL.org.
> Does this mean that we can expect no more CVEs to be generated or listed for OpenSSL 0.9.8 also?

Not supported means we will no longer being doing work on the 0.9.8 or
1.0.0 branches. This includes any analysis which may lead to a CVE


More information about the openssl-users mailing list