OpenSSL 3.0 vs. SSL 3.0

Christian Heimes christian at
Wed Feb 27 15:02:32 UTC 2019


I'm concerned about the version number of the upcoming major release of
OpenSSL. "OpenSSL 3.0" just sounds and looks way too close to "SSL 3.0".
It took us more than a decade to teach people that SSL 3.0 is bad and
should be avoided in favor of TLS. In my humble opinion, it's
problematic and confusing to use "OpenSSL 3.0" for the next major
version of OpenSSL and first release of OpenSSL with SSL 3.0 support.

You skipped version 2.0 for technical reasons, because (IIRC) 2.0 was
used / reserved for FIPS mode. May I suggest that you also skip 3.0 for
UX reasons and call the upcoming version "OpenSSL 4.0". That way you can
avoid any confusion with SSL 3.0.

Kind regards,

More information about the openssl-users mailing list