Contents...
OpenSSL is an open source tools for using the Secure Socket Layer (SSL) Transport Layer Security (TLS) protocol for web authentication. It provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web server, MySQL, Email and many more.
In this tutorial I will describe how you can upgrade OpenSSL on RHEL and CentOS systems.
Verify Current Installed OpenSSL Version
Follow the below command to get the current version of your system’s OpenSSL version.
# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
OR, Alternatively you can also check the available version in the vendors directory too using below command
# yum info openssl Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.ratiokontakt.de * epel: mirrors.n-ix.net * extras: mirror.de.leaseweb.net * updates: mirror.softaculous.com Installed Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 51.el7_2.1 Size : 1.5 M Repo : installed From repo : updates Summary : Utilities from the general purpose cryptography library with TLS : implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications : between machines. OpenSSL includes a certificate management tool : and shared libraries which provide various cryptographic : algorithms and protocols. Available Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 51.el7_2.2 Size : 711 k Repo : updates/7/x86_64 Summary : Utilities from the general purpose cryptography library with TLS : implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications : between machines. OpenSSL includes a certificate management tool : and shared libraries which provide various cryptographic : algorithms and protocols.
Download Latest OpenSSL Version
Follow the below command to download the latest OpenSSL.
# cd /usr/local/src # wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz # tar -zxf openssl-1.0.2-latest.tar.gz
Compile And Install/Upgrade OpenSSL
Follow the below command to manually compile OpenSSL and install/upgrade it.
# cd openssl-1.0.2a # ./config # make # make test # make install
Fix a local setting warning from Perl
Warning:
perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").
Add the following lines to your bashrc or bash_profile file on the host machine:
export LC_CTYPE=en_US.UTF-8 export LC_ALL=en_US.UTF-8
# source ~/.bashrc # source ~/.bash_profile
Now again run the make commands verify the installation if you get same old version, please make a copy of OpenSSL bin file like below.
# mv /usr/bin/openssl /root/ # ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Or if don’t found openssl binary in above path please also check this path /usr/local/bin/
ln -s /usr/local/bin/openssl /usr/bin/openssl
Now verify OpenSSL version again.
# openssl version OpenSSL 1.0.2e 3 Dec 2015
Fix this below error if you faced.
# openssl version openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
In my case I solved just exporting LD_LIBRARY_PATH before compile it again.
# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
Now run this below command that should keep saved the path also after rebooting machine.
# sudo ldconfig
That’s it.
Note : Compiling OpenSSL major version it may be corrupt other system binaries. Please be careful.
I hope this article will help to upgrade OpenSSL version on RHEL and CentOS systems. If you have any queries and problem please comment in comment section.
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
How to enable TLS V1.2 support on above openssl?
How should I enable it to support TLS v1.2 version?
openssl version gives me “OpenSSL 1.0.2t 10 Sep 2019″
but
yum info openssl gives me
”
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.2k
Release : 19.el7
Size : 814 k
Repo : installed
From repo : base
“
this won’t upgrade the SSL itself it’s just the openssl but not the mod_ssl to be used in the apache.