Skip to content

chore(deps): update dependency openssl to v4 #2164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Dec 28, 2025
Merged

chore(deps): update dependency openssl to v4 #2164

renovate merged 1 commit into from
Dec 28, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 21, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
openssl "~> 3.3.1" -> "~> 4.0.0" age confidence

Release Notes

ruby/openssl (openssl)

v4.0.0

Compare Source

=============

Compatibility

  • Ruby >= 2.7
  • OpenSSL >= 1.1.1, LibreSSL >= 3.9, and AWS-LC 1.66.0

Notable changes

  • OpenSSL::SSL
    • Reduce overhead when writing to OpenSSL::SSL::SSLSocket. #syswrite no
      longer creates a temporary String object.
      [GitHub #​831]
    • Make OpenSSL::SSL::SSLContext#min_version= and #max_version= wrap the
      corresponding OpenSSL APIs directly, and remove the fallback to SSL options.
      [GitHub #​849]
    • Add OpenSSL::SSL::SSLContext#sigalgs= and #client_sigalgs= for
      specifying signature algorithms to use for connections.
      [GitHub #​895]
    • Rename OpenSSL::SSL::SSLContext#ecdh_curves= to #groups= following
      the underlying OpenSSL API rename. This method is no longer specific to
      ECDHE. The old method remains as an alias.
      [GitHub #​900]
    • Add OpenSSL::SSL::SSLSocket#sigalg, #peer_sigalg, and #group for
      getting the signature algorithm and the key agreement group used in the
      current connection.
      [GitHub #​908]
    • Enable SSL_CTX_set_dh_auto() for servers by default.
      [GitHub #​924]
    • Improve Ractor compatibility. Note that the internal-use constant
      OpenSSL::SSL::SSLContext::DEFAULT_PARAMS is now frozen.
      [GitHub #​925]
  • OpenSSL::PKey
    • Remove OpenSSL::PKey::EC::Point#mul support with array arguments. The
      underlying OpenSSL API has been removed, and the method has been deprecated
      since ruby/openssl v3.0.0.
      [GitHub #​843]
    • OpenSSL::PKey::{RSA,DSA,DH}#params uses nil to indicate missing fields
      instead of the number 0.
      [GitHub #​774]
    • Unify OpenSSL::PKey::PKeyError classes. The former subclasses
      OpenSSL::PKey::DHError, OpenSSL::PKey::DSAError,
      OpenSSL::PKey::ECError, and OpenSSL::PKey::RSAError have been merged
      into a single class.
      [GitHub #​929]
  • OpenSSL::Cipher
    • OpenSSL::Cipher#encrypt and #decrypt no longer accept arguments.
      Passing passwords has been deprecated since Ruby 1.8.2 (released in 2004).
      [GitHub #​887]
    • OpenSSL::Cipher#final raises OpenSSL::Cipher::AuthTagError when the
      integrity check fails for AEAD ciphers. OpenSSL::Cipher::AuthTagError is a
      new subclass of OpenSSL::Cipher::CipherError, which was previously raised.
      [GitHub #​939]
    • OpenSSL::Cipher.new now raises OpenSSL::Cipher::CipherError instead of
      RuntimeError when OpenSSL does not recognize the algorithm.
      [GitHub #​958]
    • Add support for "fetched" cipher algorithms with OpenSSL 3.0 or later.
      [GitHub #​958]
  • OpenSSL::Digest
    • OpenSSL::Digest.new now raises OpenSSL::Digest::DigestError instead of
      RuntimeError when OpenSSL does not recognize the algorithm.
      [GitHub #​958]
    • Add support for "fetched" digest algorithms with OpenSSL 3.0 or later.
      [GitHub #​958]
  • OpenSSL::ASN1.decode now assumes a 1950-2049 year range for UTCTime
    according to RFC 5280. It previously used a 1969-2068 range. The encoder
    has always used the 1950-2049 range.
    [GitHub #​909]
  • OpenSSL::OpenSSLError, the base class for all ruby/openssl errors, carry
    an additional attribute #errors to keep the content of OpenSSL's error
    queue. Also, add #detailed_message for Ruby 3.2 or later.
    [GitHub #​976]
  • OpenSSL::PKCS7.new raises OpenSSL::PKCS7::PKCS7Error instead of
    ArgumentError on error to be consistent with other constructors.
    [GitHub #​983]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file major labels Dec 21, 2025
@renovate renovate bot enabled auto-merge December 21, 2025 00:07
@renovate renovate bot added this pull request to the merge queue Dec 21, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to a conflict with the base branch Dec 21, 2025
@renovate renovate bot enabled auto-merge December 28, 2025 15:34
@renovate renovate bot force-pushed the renovate/openssl-4.x branch from 7fead85 to 6a29e48 Compare December 28, 2025 15:34
@renovate renovate bot added this pull request to the merge queue Dec 28, 2025
Merged via the queue into master with commit 6612fdf Dec 28, 2025
1 check passed
@renovate renovate bot deleted the renovate/openssl-4.x branch December 28, 2025 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file major

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant