Basically, you if you are using LWP, and want to communicate with sites over SSL/TLS, you should declare a dependency on LWP::Protocol::https. That will pull in whatever you need to be able to communicate with web sites over SSL/TLS. You shouldn’t have an explicit dependency on the underlying plumbing being used, unless there is a specific, well-thought out reason for that.
Currently, IO::Socket::SSL is much more complete than Crypt::SSLeay. Upgrading to a recent release of
Crypt::SSLeay ensures that
IO::Socket::SSL is used instead of
Crypt::SSLeay unless you have specifically overridden the choice of plumbing, without you having to lift a finger.
So, regarding RT #95663, I would recommend not changing anything because users who just want to be able to communicate with web sites over SSL/TLS do end up having the better module used anyway. But, if they have build systems, declared dependencies on
Crypt::SSLeay or some component therein, their builds don’t break, especially given the improvements in