OpenSSL 3.0 support?

While I'm not a developer and no ties with Netgear other than being an admin using their products, I've spent some years in this area where I think that I can express doubts this would happen on a released product such as the M4300. I can give you some reasons based on which I doubt this will happend...

OpenSSL 3.0 is not simply a drop-in replacement for 1.1. Even some long-time open source developers expressed their concerns about adding support for 3.0 for their project. See what one of the FreeRADIUS core developers wrote about:

OpenSSL3 was *unnecessarily* different from OpenSSL1.  And it was difficult to add support for OpenSSL3 without breaking OpenSSL1.

There are many things on a Linux-based OS such as the M4300's that rely on OpenSSL, so they would all need to be adapted and revalidated to work with OpenSSL 3.0, that's no easy task. Server-oriented Linux distributions like Debian and Red Hat do not simply introduce a new OpenSSL major release outside of major version upgrades. There are however backported bugfixes and security fixes.

Also: Like many other network equipment manufacturers Netgear also uses merchant silicon in this case from Broadcom. Usually this not only involves just the chips but software components usually in binary-only form under NDA. With that, companies like Netgear can integrate support into their own OS or build an OS around it.

These binary-only components can have tight dependencies, so without updates from the SoC vendor, it might not even be technically or legally possible for Netgear. For example there are likely valid reasons as to why M4300 ships with a technically ancient Linux kernel 3.6.5.

I could rather imagine OpenSSL 3.0 becoming part of a next-generation switching platform from Netgear somewhere in the future, but not the M4300 to be honest. Let's see what someon from Netgear might (be legally able) to add. 🙂