Why is Apple Deprecating OpenSSL in MacOS 10.7 (Lion)? [closed]

Question

Apple has marked most (but not all) of the OpenSSL API as "deprecated" in MacOS 10.7. Has Apple made any statements explaining why they are moving from OpenSSL to Common Crypto?

Answer 1

Because OpenSSL doesn’t offer API compatibility between versions

This means that Apple can't provide security updates without breaking existing apps.

http://rentzsch.tumblr.com/post/33696323211/wherein-i-write-apples-technote-about-openssl-on-os-x

Answer 2

Apple is migrating from OpenSSL to Common Crypto (which Apple develops).

Some docs: http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/CC_crypto.3cc.html

Info on WHY Apple is doing this: http://adcdownload.apple.com/wwdc_2011/adc_on_itunes__wwdc11_sessions__pdf/212_nextgeneration_cryptographic_services.pdf

If the above link fails (it probably will), here are navigation instructions:

• Logon to http://developer.apple.com
• Scroll to bottom, click on 'Development Videos'
• On the next page, click 'Learn more' under WWDC 2011
• Scroll down about half-way (or search) until you see 'Next Generation Cryptographic Services', and click it
• You have now reached the buried treasure, download the 'Presentation Slides'

Answer 3

The dylib openssl is deprecated because of binary compatibility issues across versions (eg: causes problems like Why does the OpenSSL test suite fail on MacOS X? ).

See joet3ch's answer for what Apple suggests to do about it.

However, you're free/encouraged to get openssl from openssl.org and link statically.