How long Legacy providers supported?

Tomas Mraz tomas at
Mon Jul 24 07:59:20 UTC 2023

If you're talking about the algorithms in the legacy provider (and not
the deprecated legacy API support) then there are no definitive plans
when algorithms that are placed in that provider will be removed

The legacy provider itself is not going away at all as more algorithms
will be moved to it in future (I assume DSA and SHA1 would be one of
those). However eventually some algorithms that are in it currently
might be completely dropped.

Every removals of algorithms provided by a particular provider (i.e.,
default in case of migration of for example DSA to the legacy provider,
or legacy in case we remove for example MD2 from it) can happen only on
a major version boundary. So 4.0 would be the earliest possible time.
However it does not mean that it must happen at 4.0 and not 5.0 or any
time later.

We also do not have any timeframe for the 4.0 release so the only
answer I can give you is that the removals of existing legacy
algorithms won't happen any time soon (like 1-2 years from now).

Tomas Mraz, OpenSSL

On Mon, 2023-07-24 at 12:47 +0530, Ishani wrote:
> Hi ,
>     I'm aware that in future legacy providers will not be supported
> and we must plan to migrate .
> but I would like to know how long Legacy providers will be supported
> to plan our migration work ?

Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list