How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?
NOTE: As of ~August 2019, openSSL 1.1.1 should be available for installation via normal package upgrades/installations for 18.04. Or, you can download the .deb package directly from here.
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1g.tar.gz && cd openssl-1.1.1g
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1g 21 Apr 2020
Related videos on Youtube
Kevin Bowen
I route the packets that make the Internet sing. Contributor to Xfce Desktop Environment(DE) documentation: https://docs.xfce.org I have been a casual Linux user since Slackware 3.0 (Hello Walnut Creek!) and an Ubuntu user since around version 6.06 or 6.10. My primary professional skill set has been focused on the design, implementation, operation, and daily management of enterprise networks. This includes the configuration and operation of network hardware as well as the care and feeding involved in the network monitoring systems supporting them. The hardware includes routers, switches, firewalls, wan-optimizers, and occasionally load balancers (mostly Cisco, Riverbed, and f5 systems). Launchpad twitter
Updated on September 18, 2022Comments
-
Kevin Bowen over 1 year
I have been running a production server with Ubuntu 18 installed. Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at
TLSv1.0, TLSv1.1, TLSv1.2
protocols, I assume that the firewall setting is allowing communication with the server onTLSv1.3
protocol only.As Ubuntu 18 is shipped with
OpenSSL version 1.1.0
, and to make server supportTLS v1.3
I have to upgrade OpenSSL toversion 1.1.1
which is the latest one.As this is a production server running
nginx
server, I don't want to directly try anything on the server.root@energy-prod:~# nginx -v nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
-
Admin over 5 yearsFYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
-
Admin over 5 yearsUpgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
-
Admin about 5 yearsfinally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
-
-
logidelic almost 5 yearsRegarding "As of ~June 2019, openSSL 1.1.1 should be available for installation via normal package upgrades/installations": Just not note that this does not appear to be the case on Ubuntu 18.04 (at least on the two machines I tried on)...
-
Kevin Bowen almost 5 years@logidelic Interesting. Thanks for pointing that out. I'll make a note of that. My main systems are 19.04 and I have a couple of derivatives(Mint) based off of bionic(18.04) that have already received backports. Apparently, launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.4 it may still only be 'proposed'', or available as source in 18.04. I'm not really sure of the status.
-
Rudolf Vavruch over 4 yearsWorked on Debian Jessie as well. Used 1.1.1c as this is the same version in Buster.
-
thebiggestlebowski about 4 yearsI don't have enough points to post an answer. Here's what I did on ubuntu 18.04: 1. sudo apt-get upgrade openssl 2. export LD_LIBRARY_PATH="/usr/local/lib". After this, things worked. In fact, the export may be all that I needed to do.
-
Valentin almost 4 years@Marmayogi There is one problem with this: If someone is using PHP, then fopen might stop working for https URLs with the following error:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
This is because OPENSSDIR is set to/usr/local/ssl
. To fix it, I went to /usr/local/ssl deleted the emptycerts
folder and create a link to the Ubuntu default folder for certificates '/etc/ssl/certs', with this command:ln -s /etc/ssl/certs /usr/local/ssl/
-
Etoneja over 3 yearsCaution: This solution overwrites
/etc/ssl/openssl.cnf
. So, I recommend making a backup of it. -
Zimba over 3 yearsI'm getting error:
openssl-1.1.1g.tar.gz: Permission denied
-
EsmaeelE over 3 yearsExactly works on debian 8.