[v22.x] Update to OpenSSL 3.5 by richardlau · Pull Request #59859 · nodejs/node
and others added 5 commits
September 11, 2025 16:35
Node.js 22 was released with OpenSSL 3.0 which had a default security level of 1. OpenSSL 3.2 bumped this to 2, but we need to fix this at 1 to minimize disruption to users of Node.js 22.x.
PR-URL: nodejs#59234 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
PR-URL: nodejs#59234 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
PR-URL: nodejs#59371 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
PR-URL: nodejs#59371 Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
richardlau
added
openssl
labels
Sep 11, 2025richardlau added a commit that referenced this pull request
Sep 16, 2025
Node.js 22 was released with OpenSSL 3.0 which had a default security level of 1. OpenSSL 3.2 bumped this to 2, but we need to fix this at 1 to minimize disruption to users of Node.js 22.x. PR-URL: #59859 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
richardlau pushed a commit that referenced this pull request
Sep 16, 2025
PR-URL: #59234 Backport-PR-URL: #59859 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
richardlau pushed a commit that referenced this pull request
Sep 16, 2025
PR-URL: #59234 Backport-PR-URL: #59859 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
richardlau pushed a commit that referenced this pull request
Sep 16, 2025richardlau pushed a commit that referenced this pull request
Sep 16, 2025richardlau pushed a commit that referenced this pull request
Sep 22, 2025
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 deps: * fix OpenSSL security level at 1 (Richard Lau) #59859 * upgrade openssl sources to openssl-3.5.2 (Node.js GitHub Bot) #59371 doc: * stabilize --disable-sigusr1 (Rafael Gonzaga) #59707 * mark `path.matchesGlob` as stable (Aviv Keller) #59572 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 inspector: * add http2 tracking support (Darshan Sen) #59611 sea: * (SEMVER-MINOR) implement execArgvExtension (Joyee Cheung) #59560 * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 test_runner: * (SEMVER-MINOR) support object property mocking (Idan Goshen) #58438 worker: * (SEMVER-MINOR) add cpu profile APIs for worker (theanarkh) #59428 PR-URL: #59973
richardlau pushed a commit that referenced this pull request
Sep 24, 2025
Notable changes: crypto: * update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 deps: * fix OpenSSL security level at 1 (Richard Lau) #59859 * upgrade openssl sources to openssl-3.5.2 (Node.js GitHub Bot) #59371 doc: * stabilize --disable-sigusr1 (Rafael Gonzaga) #59707 * mark `path.matchesGlob` as stable (Aviv Keller) #59572 http: * (SEMVER-MINOR) add Agent.agentKeepAliveTimeoutBuffer option (Haram Jeong) #59315 http2: * (SEMVER-MINOR) add support for raw header arrays in h2Stream.respond() (Tim Perry) #59455 inspector: * add http2 tracking support (Darshan Sen) #59611 sea: * (SEMVER-MINOR) implement execArgvExtension (Joyee Cheung) #59560 * (SEMVER-MINOR) support execArgv in sea config (Joyee Cheung) #59314 stream: * (SEMVER-MINOR) add brotli support to CompressionStream and DecompressionStream (Matthew Aitken) #59464 test_runner: * (SEMVER-MINOR) support object property mocking (Idan Goshen) #58438 worker: * (SEMVER-MINOR) add cpu profile APIs for worker (theanarkh) #59428 PR-URL: #59973
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters