OpenSSL 1.0.2 for trusty

I strongly doubt there will be an official effort to backport OpenSSL 1.0.2 for 14.04 LTS; it would not be feasible to replace the existing 1.0.1f-derived packages with 1.0.2-derived packages, and duplicating packages would add to the maintenance burden.

16.04 LTS's openssl package is based on a 1.0.2g starting point. If running 16.04 LTS is not an option then perhaps the backportpackage command from the ubuntu-dev-tools package could help you.

Thanks

From https://www.openssl.org/policies/releasestrat.html

Support for version 1.0.1 will cease on 2016-12-31. No further releases of 1.0.1 will be made after that date. Security fixes only will be applied to 1.0.1 until then.

How is Ubuntu going to deal with that? Both Precise and Trusty currently have 1.0.1 versions, and both Ubuntu releases have a target life time beyond that date.

Ubuntu doesn't typically update to newer software versions. Like most other Linux distros, we backport security patches to the versions of software we ship, whether or not there is still upstream support for it.

But you do realize that all versions prior to 1.0.2 are PITA to code developers?

I.e. the hostname validation, the very basic feature, needs to be implemented with creepy hacks for OpenSSL before 1.0.2.

https://wiki.openssl.org/index.php/Hostname_validation