-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Use Case
As a... user running mongodb-client-encryption on a system where Node.js links against OpenSSL 4 library
I want... he driver to use native OpenSSL crypto hooks
So that... I get the same performance and code path as users on OpenSSL 3 systems, rather than silently falling back to 5x slower JS-based crypto hooks.
Note: OpenSSL 4.0 is not an LTS release but 4.2 in April 2027 will be, we should strive to be compatible with this new major before then.
unsigned long openssl_version = version_num_fn(); // 0xMNN00PP0L
// Check that OpenSSL version is in [3.0.0, 4.0.0)
if (openssl_version < 0x30000000L || openssl_version >= 0x40000000L)
return {};
User Experience
- Users on systems with OpenSSL 4 (e.g., distros that have upgraded their system packages) currently get a silent fallback to JS-based crypto.
- Once implemented, those users will use native OpenSSL 4 hooks with the same performance characteristics as OpenSSL 3 users.
Dependencies
- None
Risks/Unknowns
- OpenSSL deprecations / removals may impact the code and flagging based on version or other compile / runtime detection logic may need to be implemented to support both versions.
Acceptance Criteria
Implementation Requirements
- If all symbols are compatible: update the upper bound from 0x40000000L to 0x50000000L and update the comment.
Testing Requirements
- Add a CI task that builds and runs the test suite against a Node.js version with OpenSSL 4
Documentation Requirements
- None
Follow Up Requirements
- None
- related to
-
NODE-5875 Enable use of native crypto in libmongocrypt bindings
-
- Closed
-