How to upgrade OpenSSL from 1.0.2g to 1.1.0g in Ubuntu and let python recognize the new OpenSSL
Solution 1
Why you couldn't get OpenSSL 1.1.0g working on Ubuntu 16.04 by just updating:
Your Ubuntu 18
has OpenSSL 1.1.0g
because the version that is available on its repositories. Sometimes, it has more than one version of a package available on the repository system. But, it looks like Ubuntu 16.04
does not have the version you need available at all. That is why you weren't and you won't be able to get OpenSSL 1.1.0g
working on Ubuntu 16.04
by just updating. The version available on the repositories is different.
And how to do it:
You either will need to install it manually or find a repository for Ubuntu 16.04
that make OpenSSL 1.1.0g
available on the system. I am not sure there is a repository available, so if you want to install it manually do as it follows:
wget https://www.openssl.org/source/old/1.1.0/openssl-1.1.0g.tar.gz
tar xzvf openssl-1.1.0g.tar.gz
cd openssl-1.1.0g
./config
make
sudo make install
openssl version -a
That is it!
Warning.: By installing a new version of OpenSSL that is not available in the system, by default, you introduced a version that is not compatible with the updates made available by the maintenance of the system. You will need to take care of it yourself. Maybe, depending on your scenario, it is worth your while just use Ubuntu 18
that has the version of OpenSSL you need by default. It is the easiest and safest way to go.
Hope everything goes well. Good luck!
Solution 2
Here is how I installed the latest version of openssl from source code.
# Install make and packages required to compile the source code
apt-get install -y libfindbin-libs-perl build-essential
# Download source code
wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1k.tar.gz -O openssl.tar.gz
# Extract source code
tar -xf openssl.tar.gz
# Go to the source code folder
cd openssl-OpenSSL_1_1_1k
# Configure to compile it
./config --libdir=/usr/local/lib
# Compile with 4 parelel jobs
make -j 4
# Install compiled code
sudo make install
# Move older executable
sudo mv /usr/bin/openssl /usr/bin/openssl-1.0.2g
# Create soft symbolic link to the newer version of openssl
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
# Make visible the new libraries installed at /usr/local/lib
sudo ldconfig
user9371654
Updated on May 19, 2021Comments
-
user9371654 almost 3 years
I have
Ubuntu 16.04
. It hasOpenSSL 1.0.2g
. I need to useOpenSSL 1.1.0g
. Note that OpenSSL 1.1.0g is installed in my other machineUbuntu 18
. But I need to run a python program inUbuntu 16.04
but I need the specificOpenSSL 1.1.0g
. I did:sudo apt-get upgrade sudo apt-get update
But
OpenSSL
in my Ubuntu machine did not get updated. How can I update it?I use python
socket, ssl
modules to make TLS connection in port 443. Will python automatically recognizesOpenSSL 1.1.0g
if I updated the oldOpenSSL 1.0.2g
toOpenSSL 1.1.0g
?The reason for upgrading
OpenSSL
is I need to run python program ssl socket but I need the program to useOpenSSL 1.1.0g
.When I tried:
sudo apt-get install openssl
and checks the OpenSSL version via:
openssl version -a
I get the old versionOpenSSL 1.0.2g
How to get the new version
OpenSSL 1.1.0g
in myUbuntu 14.06
machine please? -
user9371654 almost 6 yearsThanks a lot for taking the time to answer. I did follow the steps you mentioned to install it form the repository. The installation seems successful. But again, when I check the version, the old one is what shows. I gave up from OpenSSL and formatted my device to Ubuntu 18.
-
user2677034 about 5 yearsThanks, it worked! though obviously the best advice is to upgrade to Ubuntu 18
-
ywu over 4 yearsThank you edson. BTW, after all the make/install if you see this as I did with my Ubuntu 16.04.6 x86_64,
$ openssl version -a openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
then use ldconfig or simply type this line:export LD_LIBRARY_PATH=/usr/local/lib/
-
edson.a.soares about 4 yearsYou're very welcome @ywu. Thank you for your contribution.
-
Rogerio Brito Soares over 3 years@edson.a.soares It didn't work to me, from this command
make
on. Mine is Ubuntu 16.04 LTS. -
Peter Dowdy over 3 yearsIf this didn't work for you, make sure that make install is putting it in the right place. For example, on my system, openssl was in /usr/bin, but the makefile defaults to /usr/local/bin. You can change this by running
./config --prefix /usr
-
Andrew Henle about 3 years
ln -s /usr/local/bin/openssl /usr/bin/openssl
?!?!? Good heavens NO!!!! Never, ever muck around with the OS-supplied binary. What do you think is going to happen the next time you update your OS and theopenssl
binary is part of that update? -
Andrew Henle almost 3 years@PeterDowdy You can change this by running
./config --prefix /usr
No. Don't do that. You overwrite the OS -maintained copy of OpenSSL, meaning you no longer get fixes or patches to address exploitable bugs. Are you spending your time keeping up on CVEs so you know when you need to rebuild OpenSSL again? And then again a week later? You're also likely to break some dependent packages, so you now have to maintain those. Unless you want to put your system in the "My system is insecure as hell because I don't know how to maintain a secure OS installation" realm... -
Peter Dowdy almost 3 years@AndrewHenle You're generally right, although in my case I was working on a system that didn't receive OS updates, so it was this is nothing. That system was pretty unfortunate.
-
jayaprakash R about 2 yearsI followed it but it didn't change the inbuilt OpenSSL version of nginx. what to do for that