OpenSSL 1.1 has been disabled because it is not supported upstream!

Published by Moncef Belyamani on
Updated on

As of October 24, 2024, if you try to install OpenSSL 1.1 with Homebrew, or if you use a Ruby version manager (such as rvm) that tries to install it for you, you will get this error:

Error: openssl@1.1 has been disabled because it is not supported upstream!
It was disabled on 2024-10-24.

That’s because OpenSSL 1.1 reached end of life on September 11, 2023, and Homebrew gave people over a year to update their projects to use the more secure OpenSSL 3.x.

What does this mean for you?

First, I recommend double checking that you do indeed need OpenSSL 1.1. If you’re trying to work on a Ruby project, you will only need OpenSSL 1.1 for Ruby versions older than 3.1. Check my OpenSSL and Ruby Compatibility Table for more details.

It’s also possible that some of your other dev tools depend on OpenSSL 1.1. For the tools that were installed with Homebrew, you can check if any of them depend on OpenSSL 1.1 by running this command:

brew uses --installed openssl@1.1

If you don’t think you will ever need Ruby versions less than 3.1, then you shouldn’t be trying to install OpenSSL 1.1. You will need OpenSSL 3, which you can install with brew install openssl@3. Otherwise, if you have projects that are currently using older Ruby versions, or if you think you might one day work on a legacy project, here are your options:

  • Update your project to at least Ruby 3.1.7. This will let you use OpenSSL3. Then, I recommend updating to at least Ruby 3.2.9 because 3.1.x reached end of life on March 31, 2025. I wrote a detailed step-by-step guide for updating the Ruby version in your project.
  • Use a version manager that installs OpenSSL for you, separately from Homebrew. Examples include asdf and rbenv (they both use ruby-build to install Ruby). One of the downsides is that this slows down the Ruby installation because they download and compile OpenSSL from scratch each time you install any Ruby version. Another downside is that you won’t be able to install Ruby 3.0.x with these version managers if you have Xcode/Command Line Tools version 16 or higher. You can check which version you have by running brew config.
  • Buy Ruby on Mac Ultimate, which can install OpenSSL 1.1 for you, and supports Ruby 3.0.x, even on Sequoia or other macOS versions using Xcode/Command Line Tools 16+. Once OpenSSL is installed, any subsequent Ruby installations will use it. This means that Ruby on Mac Ultimate installs Ruby twice as fast as asdf and rbenv. The best part is that Ruby on Mac Ultimate works with all version managers. So, if you have a strong preference for mise, asdf, chruby, frum, rbenv, or rvm, you can still use them to switch between Rubies, set the global and local version, etc, while taking advantage of Ruby on Mac’s faster and more reliable installation.