How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?
I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2
protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3
protocol only.
As Ubuntu 18 is shipped with OpenSSL version 1.1.0
, and to make server support TLS v1.3
I have to upgrade OpenSSL to version 1.1.1
which is the latest one.
As this is a production server running nginx
server, I don't want to directly try anything on the server.
root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
18.04 upgrade openssl
add a comment |
I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2
protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3
protocol only.
As Ubuntu 18 is shipped with OpenSSL version 1.1.0
, and to make server support TLS v1.3
I have to upgrade OpenSSL to version 1.1.1
which is the latest one.
As this is a production server running nginx
server, I don't want to directly try anything on the server.
root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
18.04 upgrade openssl
2
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
1
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
1
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59
add a comment |
I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2
protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3
protocol only.
As Ubuntu 18 is shipped with OpenSSL version 1.1.0
, and to make server support TLS v1.3
I have to upgrade OpenSSL to version 1.1.1
which is the latest one.
As this is a production server running nginx
server, I don't want to directly try anything on the server.
root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
18.04 upgrade openssl
I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2
protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3
protocol only.
As Ubuntu 18 is shipped with OpenSSL version 1.1.0
, and to make server support TLS v1.3
I have to upgrade OpenSSL to version 1.1.1
which is the latest one.
As this is a production server running nginx
server, I don't want to directly try anything on the server.
root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
18.04 upgrade openssl
18.04 upgrade openssl
edited 6 mins ago
Kevin Bowen
14.7k155970
14.7k155970
asked Dec 18 '18 at 11:34
dollardollar
13214
13214
2
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
1
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
1
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59
add a comment |
2
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
1
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
1
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59
2
2
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
1
1
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
1
1
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59
add a comment |
1 Answer
1
active
oldest
votes
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1a 20 Nov 2018
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1a 20 Nov 2018
add a comment |
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1a 20 Nov 2018
add a comment |
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1a 20 Nov 2018
According to the OpenSSL website:
The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
- Open a terminal (Ctrl+Alt+t).
- Fetch the tarball:
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
- Unpack the tarball with
tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
- Issue the command
./config
. - Issue the command
make
(You may need to runsudo apt install make gcc
before running this command successfully). - Run
make test
to check for possible errors. - Backup current openssl binary:
sudo mv /usr/bin/openssl ~/tmp
- Issue the command
sudo make install
. - Create symbolic link from newly install binary to the default location:
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
- Run the command
sudo ldconfig
to update symlinks and rebuild the library cache.
Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
openssl version
Your output should be as follows:
OpenSSL 1.1.1a 20 Nov 2018
edited 15 mins ago
answered Dec 18 '18 at 23:34
Kevin BowenKevin Bowen
14.7k155970
14.7k155970
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
– LiveWireBT
Dec 19 '18 at 4:33
1
Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
– Thomas Ward♦
Jan 24 at 19:42
1
finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
– Tino
Feb 28 at 12:59