Security library end-of-life is the highest-severity EOL category. When a cryptography library or security component loses support, every system that depends on it for encryption, authentication, or secure communication becomes vulnerable to attacks against the cryptographic layer itself.
OpenSSL, OpenSSH, and similar security libraries sit beneath almost every secure network connection, encrypted data store, and authenticated system call in modern infrastructure. A vulnerability in an EOL version of OpenSSL is not a vulnerability in an application — it is a vulnerability in the cryptographic foundation that the application trusts.
OpenSSL 1.1.1 reached end of life in September 2023. It remains one of the most widely deployed OpenSSL versions globally, particularly in systems that have not been updated since before the EOL date. The Heartbleed vulnerability — disclosed in 2014 — affected OpenSSL and took years to fully remediate across the ecosystem. An EOL OpenSSL version is permanently exposed to any equivalent future disclosure.
Security library upgrades should be treated as the highest priority in any EOL remediation program. The blast radius of a compromised cryptographic layer extends to every system and data asset it protects.