Skip to content

Bump openssl from 3.3.2 to 4.0.0 #1063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jkmassel merged 1 commit into from
Dec 16, 2025
Merged

Bump openssl from 3.3.2 to 4.0.0 #1063

jkmassel merged 1 commit into from
Dec 16, 2025
+3 −3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 15, 2025
edited
Loading

Bumps openssl from 3.3.2 to 4.0.0.

Release notes

Sourced from openssl's releases.

v4.0.0

A high-level overview is available in History.md: https://github.com/ruby/openssl/blob/master/History.md#version-400

Merged Pull Requests

... (truncated)

Changelog

Sourced from openssl's changelog.

Version 4.0.0

Compatibility

  • Ruby >= 2.7
  • OpenSSL >= 1.1.1, LibreSSL >= 3.9, and AWS-LC 1.66.0

Notable changes

  • OpenSSL::SSL
    • Reduce overhead when writing to OpenSSL::SSL::SSLSocket. #syswrite no longer creates a temporary String object. [[GitHub #831]](ruby/openssl#831)
    • Make OpenSSL::SSL::SSLContext#min_version= and #max_version= wrap the corresponding OpenSSL APIs directly, and remove the fallback to SSL options. [[GitHub #849]](ruby/openssl#849)
    • Add OpenSSL::SSL::SSLContext#sigalgs= and #client_sigalgs= for specifying signature algorithms to use for connections. [[GitHub #895]](ruby/openssl#895)
    • Rename OpenSSL::SSL::SSLContext#ecdh_curves= to #groups= following the underlying OpenSSL API rename. This method is no longer specific to ECDHE. The old method remains as an alias. [[GitHub #900]](ruby/openssl#900)
    • Add OpenSSL::SSL::SSLSocket#sigalg, #peer_sigalg, and #group for getting the signature algorithm and the key agreement group used in the current connection. [[GitHub #908]](ruby/openssl#908)
    • Enable SSL_CTX_set_dh_auto() for servers by default. [[GitHub #924]](ruby/openssl#924)
    • Improve Ractor compatibility. Note that the internal-use constant OpenSSL::SSL::SSLContext::DEFAULT_PARAMS is now frozen. [[GitHub #925]](ruby/openssl#925)
  • OpenSSL::PKey
    • Remove OpenSSL::PKey::EC::Point#mul support with array arguments. The underlying OpenSSL API has been removed, and the method has been deprecated since ruby/openssl v3.0.0. [[GitHub #843]](ruby/openssl#843)
    • OpenSSL::PKey::{RSA,DSA,DH}#params uses nil to indicate missing fields instead of the number 0. [[GitHub #774]](ruby/openssl#774)
    • Unify OpenSSL::PKey::PKeyError classes. The former subclasses OpenSSL::PKey::DHError, OpenSSL::PKey::DSAError,

... (truncated)

Commits
  • 5af1eda Ruby/OpenSSL 4.0.0
  • 5880083 Merge pull request #985 from rhenium/ky/freeze-string-constants
  • 2a6f41e Merge pull request #987 from ruby/dependabot/github_actions/step-security/har...
  • 16c58b9 Merge pull request #986 from ruby/dependabot/github_actions/actions/cache-5
  • 2b94376 build(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0
  • 8641e35 build(deps): bump actions/cache from 4 to 5
  • b0de8ba ossl.c: improve docs for constants and methods under ::OpenSSL
  • 695126f Freeze more constants for Ractor compatibility
  • 42effce Merge pull request #983 from rhenium/ky/pkcs7-init-raise-pkcs7error
  • 3c38181 Merge pull request #984 from rhenium/ky/x509cert-eq-document-wrong
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Dec 15, 2025
jkmassel
jkmassel approved these changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@jkmassel jkmassel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only for Ruby, not on the Rust side.

@dependabot
Bump openssl from 3.3.2 to 4.0.0
c2cebc9 
Bumps [openssl](https://github.com/ruby/openssl) from 3.3.2 to 4.0.0.
- [Release notes](https://github.com/ruby/openssl/releases)
- [Changelog](https://github.com/ruby/openssl/blob/master/History.md)
- [Commits](ruby/openssl@v3.3.2...v4.0.0)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/bundler/openssl-4.0.0 branch from 50ea962 to c2cebc9 Compare December 16, 2025 21:33
@jkmassel jkmassel enabled auto-merge (squash) December 16, 2025 21:33
@jkmassel jkmassel merged commit 6bcfefc into trunk Dec 16, 2025
22 checks passed
@jkmassel jkmassel deleted the dependabot/bundler/openssl-4.0.0 branch December 16, 2025 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkmassel jkmassel jkmassel approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkmassel