OpenSSL 1.0.2 EOL 12/31/2019

I was looking at OpenSSL and found the version Haiku is using, 1.0.2 series, is within 2 months of being EOL. Has there been any discussion about updating openSSL to keep it a supported version?

Here is the pertinent quote from the openSSL website.

Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023. Our previous LTS version (1.0.2 series) will continue to be supported until 31st December 2019 (security fixes only during the last year of support). The 1.1.0 series is currently only receiving security fixes and will go out of support on 11th September 2019. All users of 1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as possible.

There’s a recipe for 1.1 in Haikuports but it’s marked as untested, I suppose nobody had the time.
I created an issue at HP.

Apparently 1.1 comes with a different soname so the libs should be able to live side by side. IIRC this didn’t quite work with the recipes last time I tried them, but maybe they were fixed since.

We need a reset of haiku core package set to use it for haiku itself, in any case, and probably we need the new recipe to be renamed openssl11 or something?

Considering CentOS 7 is still using OpenSSL < 1.1, I think we can be assured there will be security patches for it still.

Probably beginning the migration process after beta2 sounds like a good idea, though.