Upgrade OpenSSL on Ubuntu 12.04
Solution 1
NOTICE: this question and answer pre-date the OpenSSL bug, Heartbleed.
First you need to completely remove the old installation: (this will break most systems! Be careful! Most people will regret this) apt-get purge openssl
You may want to clean house by running:
apt-get autoremove && apt-get autoclean
Then you should download and compile the version you want (full list)
wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
Solution 2
Install the development package!
1.0.1 is part of Ubuntu 12.04 at the time of writing. However, in order to compile against it, you also have to install the development package (libssl-dev
)!
First do an update of the package listing
sudo apt-get update
Then install the development package and upgrade the library itself in one go:
sudo apt-get install openssl libssl-dev
You can see here 1.0.1 is part of 12.04: http://packages.ubuntu.com/precise-updates/openssl
In case your system still installs 1.0.0, you have some other repository set up or something else in your package management is changed to cause this error. In that case, inspect what is causing it to pin on 1.0.0 still by running
apt-cache policy openssl libssl-dev
Solution 3
Try downloading the latest version of libssl
and openssl
from http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/ and install both.
Warning: This will break automated security updates for OpenSSL.
KJ Saxena
Founder of Autoninja Teaches Venture Capital & Entrepreneurship at IIM Bangalore Invests in startups through Relentless VC Sometimes tames Dragons
Updated on September 18, 2022Comments
-
KJ Saxena over 1 year
I wanted to upgrade OpenSSL to 1.0.1 on an Ubuntu 12.04 system. I have noticed that an
apt-get upgrade openssl
does not end up upgrading OpenSSL. Is the newer OpenSSL supported on Ubuntu?I have also tried compiling from source. The compilation works but I cannot find out how to replace the built-in OpenSSL (1.0.0) with the newer one (1.0.1). Compiling from source gets me the newer version working along with the older version - I need to replace the older version with the newer version. My reason behind this need is to make FreeSWITCH compile with the newer version because the latest FreeSWITCH source is not compatible with OpenSSL 1.0.0 and there seems to be no make configuration in FreeSWITCH to point it towards the path for the new OpenSSL. (So it stubbornly keeps using the older version and failing to work!)
Thanks is advance. Any help would be greatly appreciated.
-
gertvdijk about 10 yearsPlease include in your question why do you want to upgrade. Ubuntu backports bugfixes including security fixes. Have a look at
apt-get changelog openssl
to see changes. It is by design Ubuntu does not upgrade packages within a release. This is how releasing in most non-Windows OSs work (freezing system libraries/packages versions). -
KJ Saxena about 10 yearsI have included the reason - I need FreeSWITCH to work on the system which needs OpenSSL 1.0.1
-
Avinash Raj about 10 yearsTry
sudo apt-get install openssl
.It would update your openssl package. -
Fakhri Zulkifli about 10 yearsjust update and upgrade
sudo apt-get update && sudo apt-get upgrade
-
Saurav Kumar about 10 years@KshitijSaxena: It seems that you have not upgraded your system for a long time. Ubuntu 12.04.2 - 12.04.4 comes with openssl 1.0.1 pre-installed. I just want you to post the output of these commands:
sudo dpkg -l | grep openssl
andlsb_release -a
. -
jnunn about 10 yearsDon't forget to restart services like apache2/nginx, ftp, mysql, etc, after upgrading.
-
Admin about 10 yearsDo not do that if you have plesk on ubuntu. You will not be able to run plesk anymore (not possible to log in). I tried it and had to reinstall !
-
-
Admin about 10 yearsYes, it installs 1.0.1 but it is still affected. On 2 or my servers, both running 12.04, running the command above installs
OpenSSL 1.0.1c
which is vulnerable -
gertvdijk about 10 years@DeanPerry No it's NOT vulnerable to Heartbleed since yesterday. Ubuntu backports fixes to the versions provided. Read the changelogs and the Ubuntu Security Advisory USN-2165-1. Just update your system and you're fine. Please don't spread fear by the first part of the version number and read up on how Ubuntu releasing works.
-
gertvdijk about 10 yearsFor all of you reading this in the context of security updates: all local services are still linked against the Ubuntu provided OpenSSL. Please don't rely on a local OpenSSL install (in
/usr/local
by default)! So just update your Ubuntu system the regular way to receive security updates! -
mschayna about 10 years@gertvdijk Changelog you referenced is related to higher version (Quantal), but 12.04 (Precise) from original answer was updated as well, see.
-
gertvdijk about 10 years@mschayna Changelog entry for precise then; here you go: launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12
-
sinaza about 10 yearsWhat kind of important DATA can be deleted ?
-
Melik Karapetyan about 10 yearsI don't know, that wasn't my edit.
-
Dracontis about 10 yearsNever thought, that 'clean house' mean removing all important packages and databases. Dunno how to restore my website now, lol.
-
Ben Clarke almost 10 yearsThe current OpenSSL version on Ubuntu Trusty reports itself as being 1.0.1f. However, the OpenSSL team claims that g is the patched version: git.openssl.org/gitweb/…. I suggest installing from source...
-
suresh about 9 years"Most people will regret this"? So am I supposed to follow this answer or not??
-
Melik Karapetyan about 9 years@JasonSwett Someone else added that to my answer. I'm not sure what it means. Please edit it out if you want.
-
mahemoff over 8 yearsMaybe because if you're on a remote connection, it will lock you out?
-
Tom Saleeba almost 6 yearsI found updating to
1.0.1f
ofopenssl
andlibssl
was new enough to stop theroutines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
error that has popped up recently.