Is Turris OS providing an outdated version of OpenSSL?

As an alternative to the outdated Nextcloud version provided with Turris-OS, I installed “Lighttpd” using the instructions on github.com/stokito referred by a post here on the Turris forum.

Everything works fine. Nevertheless, during installation I am notified that SSL:openssl library version is outdated and has reached end-of-life. As of 11 Sep 2023, only openssl 3.0.0 and later continue to receive security patches from openssl.org. When checking the ‘Software’ section in LuCI, the version number of the OpenSSL package (openssl-util) provided with Turris-OS is 1.1.1w-1, In the Lighttpd Secure HTTP instructions it is explicitly stated that openssl 1.1.1 is deprecated, has reached end-of-life and is unsafe.

Am I right? Is Turris-OS indeed providing an outdated (and unsafe) version of OpenSSL? And if so, is there a way to update the package to the current version (or at least version 3)?

1 Like

See

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.