How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?












5















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question




















  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59
















5















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question




















  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59














5












5








5


2






I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question
















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?







18.04 upgrade openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 6 mins ago









Kevin Bowen

14.7k155970




14.7k155970










asked Dec 18 '18 at 11:34









dollardollar

13214




13214








  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59














  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59








2




2





FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

– LiveWireBT
Dec 19 '18 at 4:33





FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

– LiveWireBT
Dec 19 '18 at 4:33




1




1





Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

– Thomas Ward
Jan 24 at 19:42





Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

– Thomas Ward
Jan 24 at 19:42




1




1





finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

– Tino
Feb 28 at 12:59





finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

– Tino
Feb 28 at 12:59










1 Answer
1






active

oldest

votes


















6














According to the OpenSSL website:




The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



Below are the instructions to follow:




  1. Open a terminal (Ctrl+Alt+t).

  2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

  3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

  4. Issue the command ./config.

  5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

  6. Run make test to check for possible errors.

  7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

  8. Issue the command sudo make install.

  9. Create symbolic link from newly install binary to the default location:

    sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


  10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.


Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



Again, from the terminal issue the command:



openssl version


Your output should be as follows:



OpenSSL 1.1.1a  20 Nov 2018





share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    According to the OpenSSL website:




    The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




    Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



    Below are the instructions to follow:




    1. Open a terminal (Ctrl+Alt+t).

    2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

    3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

    4. Issue the command ./config.

    5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

    6. Run make test to check for possible errors.

    7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

    8. Issue the command sudo make install.

    9. Create symbolic link from newly install binary to the default location:

      sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


    10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.


    Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



    Again, from the terminal issue the command:



    openssl version


    Your output should be as follows:



    OpenSSL 1.1.1a  20 Nov 2018





    share|improve this answer






























      6














      According to the OpenSSL website:




      The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




      Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



      Below are the instructions to follow:




      1. Open a terminal (Ctrl+Alt+t).

      2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

      3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

      4. Issue the command ./config.

      5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

      6. Run make test to check for possible errors.

      7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

      8. Issue the command sudo make install.

      9. Create symbolic link from newly install binary to the default location:

        sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


      10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.


      Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



      Again, from the terminal issue the command:



      openssl version


      Your output should be as follows:



      OpenSSL 1.1.1a  20 Nov 2018





      share|improve this answer




























        6












        6








        6







        According to the OpenSSL website:




        The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




        Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



        Below are the instructions to follow:




        1. Open a terminal (Ctrl+Alt+t).

        2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

        3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

        4. Issue the command ./config.

        5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

        6. Run make test to check for possible errors.

        7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

        8. Issue the command sudo make install.

        9. Create symbolic link from newly install binary to the default location:

          sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


        10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.


        Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



        Again, from the terminal issue the command:



        openssl version


        Your output should be as follows:



        OpenSSL 1.1.1a  20 Nov 2018





        share|improve this answer















        According to the OpenSSL website:




        The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




        Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



        Below are the instructions to follow:




        1. Open a terminal (Ctrl+Alt+t).

        2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

        3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

        4. Issue the command ./config.

        5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

        6. Run make test to check for possible errors.

        7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

        8. Issue the command sudo make install.

        9. Create symbolic link from newly install binary to the default location:

          sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


        10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.


        Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



        Again, from the terminal issue the command:



        openssl version


        Your output should be as follows:



        OpenSSL 1.1.1a  20 Nov 2018






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 15 mins ago

























        answered Dec 18 '18 at 23:34









        Kevin BowenKevin Bowen

        14.7k155970




        14.7k155970






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            GameSpot

            日野市

            Tu-95轟炸機