Thomas Munro <thomas.munro@gmail.com> writes:
> I was reminded of this thread by ambient security paranoia. As it
> stands, we require 1.0.2 (but we very much hope that package
> maintainers and others in control of builds don't decide to use it).
> Should we skip 1.1.1 and move to requiring 3 for v17?
I'd be kind of sad if I couldn't test SSL stuff anymore on my
primary workstation, which has
$ rpm -q openssl
openssl-1.1.1k-12.el8_9.x86_64
I think it's probably true that <=1.0.2 is not in any distro that
we still need to pay attention to, but I reject the contention
that RHEL8 is not in that set.
regards, tom lane