How can I downgrade openssl via apt-get?
Solution 1
I do not believe that a downgrade will solve your problem. But you asked:
The package openssl=1.0.1-4ubuntu5.31
isn't longer in the Precise repositories, because the latest version is now 1.0.1-4ubuntu5.32
. But the package is still available in the PPA of the “Ubuntu Security Team” team.
For version 1.0.1-4ubuntu5.31
wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/7531893/+files/openssl_1.0.1-4ubuntu5.31_amd64.deb
sudo dpkg -i openssl_1.0.1-4ubuntu5.31_amd64.deb
But I suspect that you have to downgrade other packages listed here.
The downgrade is temporary. After a
sudo apt-get upgrade
or for a better feeling a
sudo apt-get dist-upgrade
the latest version will we installed again.
Solution 2
According to https://launchpad.net/ubuntu/+source/openssl, there is no version 1.0.1-4ubuntu5.31
of the package openssl
in any 12.04 (Precise Pangolin) repository any more.
The only available versions of openssl
for 12.04 as of today (2015-12-30) are:
-
1.0.1-4ubuntu5.32
from themain
repository'supdates
andsecurity
channel (2015-12-07) -
1.0.1-4ubuntu3
from themain
repository'srelease
channel (2012-04-19)
The 1.0.1-4ubuntu5.31
version you want to downgrade to was replaced and is no longer available. You can only downgrade to 1.0.1-4ubuntu3
, if you don't mind a 3 years old version (which probably contains a few serious bugs and security holes!) or find a PPA hosting a not that outdated version of openssl
.
Related videos on Youtube
Eric
Updated on September 18, 2022Comments
-
Eric over 1 year
After a recent upgrade, I am having some SSL connection problems. I would like to downgrade openssl temporarily to see if the issues go away.
The current version of
openssl
installed is1.0.1-4ubuntu5.32
and the previous version was5.31
. However, when I try:apt-get install openssl=1.0.1-4ubuntu5.31
I get:
E: Version '1.0.1-4ubuntu5.31' for 'openssl' was not found
I thought this was the correct procedure for installation a specific version?
-
Byte Commander over 8 yearsWhich is your Ubuntu release version? (e.g. 14.04)
-
Alex over 8 yearsI'd suggest you simply don't do it. Download the version you want from OpenSSL's website and compile it (or get a binary from somewhere you trust, I don't think OpenSSL provides binaries).
-
Braiam over 8 yearsIs there a good reason why would you dowgrade openssl? That version fix 2 moderated and one low non breaking issue
-
-
LittleByBlue over 8 yearsand this will leave his installation in a complete mess.... just saying.
-
A.B. over 8 years@LittleByBlue Pretend you can much. Maybe you should be more specific. Either the package can be installed or not. And after that, a simple
sudo apt-get upgrade
will install the latest versions again. -
LittleByBlue over 8 yearsI just dried to do a
downgrade
. this let to a new installation.... Btw:sudo apt-get update
will definitly not install the newest version.sudo apt-get dist-upgrade
would maybe, but as you aredpkg
forcing to hold the old package, most likelyapt
would leave you with your mess. -
A.B. over 8 yearsNo.
sudo apt-get dist-upgrade
installs new major versions.1.0.1-4ubuntu5.32
isn't a new major version. And there is asudo apt-get upgrade
in my comment. -
LittleByBlue over 8 yearsoops. sorry, but the part with dpkg is still true.
-
A.B. over 8 yearsAgain no.
dpkg -i
installs a package without forcing anything and doesn't set a package on hold. -
Eric over 8 years@A.B. -- thank you for this. You are correct, it did not solve my problem. But it was the only change to this server since the problem started, so it was worth a try. Fortunately, it went exactly as you said -- a "dpkg -i" downgraded the package, and an "apt-get upgrade" put the new one back.
-
Eric over 8 yearsthank you very much for this. It was fairly difficult to find the libssl1.0.0_1.0.1-4ubuntu5.31_i386.deb (fwiw, it was at launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/…) but I eventually found it.
-
A.B. over 8 years@Eric great :) than it's time to accept an answer with a click on the check mark at the left side of the best fitting answer :)
-
Eric over 8 years@A.B. -- thanks, my first post here, and I forgot to click. Now done.