How to upgrade OpenSSL in CentOS 6 5 Linux Unix from source

Question

How do I upgrade OpenSSL in CentOS 6 5   I have used these commands  but nothings happens    cd  usr src  wget http   www openssl org source openssl-1 0 1g tar gz  tar -zxf openssl-1 0 1g tar gz  cd openssl-1 0 1g    config  make  make test  make install  cd  usr src  rm -rf openssl-1 0 1g tar gz  rm -rf openssl-1 0 1g   After using this command  I get the old version  openssl version

User · Answer

You should replace the old OpenSSL binary file by the new one via a symlink:

sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`

Remember that after this procedure you should reboot the server or restart all the services related to OpenSSL.

User · Answer

config --prefix  usr --openssldir  usr local openssl shared   Try this config line instead to overwrite the default   It installs to prefix  usr local ssl by default in your setup when you leave off the prefix   You probably have   usr local ssl bin openssl  instead of overwriting  usr bin openssl   You can also use  usr local for prefix instead  but you would need to adjust your path accordingly if that is not already on your path   Here is the INSTALL documentation         config     make     make test     make install    If any of these steps fails  see section Installation in Detail below    This will build and install OpenSSL in the default location  which is  for historical reasons   usr local ssl  If you want to install it anywhere else  run config like this         config --prefix  usr local --openssldir  usr local openssl   https   github com openssl openssl blob master INSTALL http   heartbleed com

User · Answer

To manually compile OpenSSL  do as follows     cd  usr src    wget https   www openssl org source openssl-1 0 1g tar gz -O openssl-1 0 1g tar gz    tar -zxf openssl-1 0 1g tar gz    cd openssl-1 0 1g      config    make    make test    make install    openssl version   If it shows the old version  do the steps below     mv  usr bin openssl  root     ln -s  usr local ssl bin openssl  usr bin openssl openssl version OpenSSL 1 0 1g 7 Apr 2014   http   olaitanmayowa com heartbleed-how-to-upgrade-openssl-in-centos

User · Answer

The fix for the heartbleed vulnerability has been backported to 1 0 1e-16 by Red Hat for Enterprise Linux see  and this is therefore the official fix that CentOS ships   Replacing OpenSSL with the latest version from upstream  i e  1 0 1g  runs the risk of introducing functionality changes which may break compatibility with applications clients in unpredictable ways  causes your system to diverge from RHEL  and puts you on the hook for personally maintaining future updates to that package  By replacing openssl using a simple make config  amp  amp  make  amp  amp  make install means that you also lose the ability to use rpm to manage that package and perform queries on it  e g  verifying all the files are present and haven t been modified or had permissions changed without also updating the RPM database    I d also caution that crypto software can be extremely sensitive to seemingly minor things like compiler options  and if you don t know what you re doing  you could introduce vulnerabilities in your local installation

User · Answer

You can also check the local changelog to verify whether or not OpenSSL is patched against the vulnerability with the following command   rpm -q --changelog openssl   grep CVE-2014-0224   If a result is not returned  then you must patch OpenSSL   http   www liquidweb com kb update-and-patch-openssl-for-the-ccs-injection-vulnerability

User · Answer

sudo yum update openssl is all you need   This will bring you up to openssl-1 0 1e-16 el6 5 7   You need to restart Apache after the update  Or better yet  reboot the box if possible  so that all applications that use OpenSSL will load the new version

User · Answer

The only thing you have to do is perform an yum update     It will automatically download and update a backported version of openssl-1 0 1e-16 el6 5 7 which has been patched by RedHat with heartbeat disabled   To verify the update simply check the changelog    rpm -q --changelog openssl-1 0 1e   grep -B 1 CVE-2014-0160 you should see the following    Mon Apr 07 2014 Tom     Mr  z  lt tmraz redhat com gt  1 0 1e-16 7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension  Make sure you reboot the server because important services such as Apache and SSH use openSSL

User · Answer

rpm -qa openssl yum clean all  amp  amp  yum update  openssl   lsof -n   grep ssl   grep DEL cd  usr src wget http   www openssl org source openssl-1 0 1g tar gz tar -zxf openssl-1 0 1g tar gz cd openssl-1 0 1g   config --prefix  usr --openssldir  usr local openssl shared   config make make test make install cd  usr src rm -rf openssl-1 0 1g tar gz rm -rf openssl-1 0 1g  and   openssl version

User · Answer

it is easy  you are downloading the binary file    download the rpm latest package   openssl-1 0 1e-30 el6 x86 64  check what was the current version using rpm -q openssl  if this is older then do rpm -U openssl-1 0 1e-30 el6 x86 64   if yum is configured updated this package in the repo and do yum update openssl if your repo in RHN do simply yum update  openssl-1 0 1g is very old and valnuarable

User · Answer

I agree that in 95  of cases  all you need is sudo yum update openssl  However  if you need a specific version of openssl or specific functionality  which is not in CentOS repository   you probably need to compile from source   The other answers here were incomplete   Below is what worked  CentOS 6 9   although this may introduce incompatibilities with installed software  and will not auto-update the openssl     Choose openssl version from https   www openssl org source    At the time of this writing July 1  2017  the needed version was dated 2017-May-25 13 09 51  openssl-1 1 0f tar gz Copy the desired link  and use below  in our case   https   www openssl org source openssl-1 1 0f tar gz     Log-in as root   cd  usr local src     OPTIONALLY CHANGE openssl-1 1 0f tar gz to the version which you want wget https   www openssl org source openssl-1 1 0f tar gz  sha256sum openssl-1 1 0f tar gz   confirm this matches the published hash  tar -zxf openssl-1 1 0f tar gz  cd  usr local src openssl-1 1 0f    config --prefix  usr local --openssldir  usr local openssl make make test make install  export LD LIBRARY PATH  usr local lib64   make export permanent echo  export LD LIBRARY PATH  usr local lib64   gt   etc profile d ld library path sh chmod ugo x  etc profile d ld library path sh  openssl version   confirm it works   recommended reboot here  openssl version   confirm it works after reboot

User · Answer

My approach was   openssl version OpenSSL 1 0 1e 11 Feb 2013  wget https   www openssl org source openssl-1 0 2a tar gz wget http   www linuxfromscratch org patches blfs svn openssl-1 0 2a-fix parallel build-1 patch tar xzf openssl-1 0 2a tar gz cd openssl-1 0 2a patch -Np1 -i    openssl-1 0 2a-fix parallel build-1 patch   config --prefix  usr --openssldir  etc ssl --libdir lib shared zlib-dynamic make make install  openssl version OpenSSL 1 0 2a 19 Mar 2015

[linux] How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?

Examples related to linux

Examples related to security

Examples related to ssl

Examples related to openssl

Examples related to centos