I am using netty-tcnative-boringssl-static <2.0.34.Final> with OpenSSL 1.0.2k-fips. Now I am planning to upgrade OpenSSL to 3.x version as part of security upgrade. I have a few questions:
- What would be the impact of this upgrade?
- Would everything work as usual for the current version of netty-tcnative-boringssl-static?
- How to know netty-tcnative-boringssl-static is based(forked) out of which OpenSSL version?
- Do I need to upgrade netty-tcnative-boringssl-static to be compatible with OpenSSL 3.x ?
Any help/suggestions are appreciated.
While BoringSSL is OpenSSL API compatible, you can think of them as different projects when it comes to security updates. BoringSSL is constantly receiving updates and netty-tcnative is pulling those updates in. See my answer on How is openssl 1.1.1 EOL going to affect boringssl / netty-tcnative-boringssl-static? for more details.
As far as I'm aware, BoringSSL is not doing anything in response to OpenSSL's v3 development. It is still largely API compatible for the common interfaces.