Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Lech Sandecki
on 26 October 2023


A few months ago, the OpenSSL Project announced the end of life of OpenSSL 1.1.1. It is used by thousands of software components included in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, with many organisations relying on version 1.1.1.

Rest assured that the Ubuntu security team will continue to maintain important security fixes in OpenSSL 1.1.1 for as long as the Ubuntu release is supported, meaning 2025 for Ubuntu 20.04 LTS with standard support. For Ubuntu Pro subscribers, Canonical offers Expanded Security Maintenance (ESM). This means getting at least 10 years of security maintenance for all software bundled in the release, including OpenSSL 1.1.1. This translates to being security maintained and supported until at least 2028 for Ubuntu 18.04 LTS and at least 2030 for Ubuntu 20.04 LTS.

You might be surprised, but this security maintenance and support level for an end-of-life OpenSSL version isn’t unprecedented. Since OpenSSL 1.0.1 and OpenSSL 1.0.2 went end of life in 2016 and 2019, respectively, Ubuntu Pro customers on Ubuntu 14.04 LTS and Ubuntu 16.04 LTS have already received many additional CVE fixes, ensuring a secure and stable environment for their production and mission-critical deployments.

Backporting and testing

Maintaining this level of support is no easy feat. As with most of the software bundled with Ubuntu, the Ubuntu security team cannot simply update to the latest release of OpenSSL.

OpenSSL 3.0 is not backwards-compatible with previous releases, and many thousands of packages included with Ubuntu would need to be modified to work with it. Instead, the security team must take each security fix published by the OpenSSL developers and carefully adapt it to work with the older version of OpenSSL.

Sometimes, the effort required for this step is trivial, but more often than not, it requires rework and adaptation. Once that is done, the next step is to extensively test the update to ensure that it fixes the security issue properly and does not cause any regression to our customers and their infrastructure.

Additional security and compliance features 

Ubuntu Pro is much more than OpenSSL security support. This same consistent promise applies to every software package bundled with Ubuntu, many of which are no longer supported by their upstream community. The list includes over 25,000 packages in the Ubuntu Universe repository, including Redis and Python 2.7. 

For customers who need to comply with NIST, HIPAA, PCI-DSS and other compliance regimes, Ubuntu Pro also provides streamlined hardening and audit, FIPS compliance, management at scale, kernel livepatch, and optional 24/7 support.

Stay secure and compliant. Learn more at ubuntu.com/pro.

Related posts


Lech Sandecki
23 October 2024

6 facts for CentOS users who are holding on

Cloud and server Article

Considering migrating to Ubuntu from other Linux platforms, such as CentOS? Find six useful facts to get started! ...


Henry Coggill
2 August 2024

How Canonical enables PCI-DSS compliance

Security Article

Anyone who deals with online payments will have heard of PCI-DSS. The Payment Card Industry Data Security Standard is a comprehensive security control framework that is designed to keep payment card data safe from hackers and misuse. Merchants who accept debit or credit card payments (and service providers who process this information) wi ...


Kris Sharma
17 October 2024

Why is Ubuntu Linux the leading choice to replace CentOS for financial services?

Financial Services Article

Financial services are powered by technology. The customer experience is increasingly driven by data, with tailoring of products and services to reflect individual behaviors and preferences. All of this rests on a foundation of secure, stable technology that can support agility and flexibility to adapt to customer needs, whilst at the sam ...