Upstream has issued an advisory today (February 26):
It contains this note:
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support
for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th
September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
Both OpenSSL versions in Cauldron will be EOL this year. We should drop the compat-openssl10 package and migrate the openssl package to 1.1.1.
Assigning to neoclust, because he is the registered maintainer of compat-openssl10 and there's no registered maintainer of openssl
Source rpm list for packages still using oldest 1.0.x:
There might be more pkgs BR'ing openssl 1.0.x, but mentioned pkgs uses the libs from it.
Python 2.7.16 is compatible with OpenSSL 1.1.x:
Just a reminder that nothing has been done with this yet.