Feature or enhancement

We currently use OpenSSL 1.1.1 series in our Windows and macOS binary builds.

Perhttps://www.openssl.org/source/, that is only supported through September of 2023.

Thus we need to switch to a supported version of OpenSSL before 3.12 is released.(And likely consider moving 3.11 to use it if deemed feasible)

There are a pile of bugs related to OpenSSL 3 that may or may not be blockers:

• Windows support for OpenSSL 3.0 #90728
• python 3.11 test_ssl failure with OpenSSL 3.0 on Windows #101401
• FIPS usedforsecurity flag is no longer functional with OpenSSL 3.0.0 #90307
• ssl module with OpenSSL 3.0 does not throw SSLEOFError on unclean shutdown #95494
• ... edit this list to link to others ...

We have a longer term desire to not be so beholden to OpenSSL at all. But this issue is being filed as a practical response to untangling that not being likely feasible before 3.12beta1.

Linked PRs

• gh-99079: Update Windows build to use OpenSSL 3.0.9 #106649
• [3.12] gh-99079: Update Windows build to use OpenSSL 3.0.9 (GH-106649) #106680
• [3.11] gh-99079: Update Windows build to use OpenSSL 3.0.9 (GH-106649) #106761
• [3.12] gh-99079: Update macOS installer to use OpenSSL 3.0.9. #107472
• gh-99079: Update macOS installer to use OpenSSL 3.0.9. #107474
• [3.11] gh-99079: Update macOS installer to use OpenSSL 3.0.9. #107476
• [3.12] gh-99079: add What's New item #107481
• [3.11] gh-99079: add What's New item #107482