24

I want to use OpenSSL1.1.1 version for my code development. Currently I am working with Openssl 1.1.0g on Ubuntu 18.04 machine.

If I download the package with the command sudo apt install libssl-dev, then I get OpenSSL 1.1.0g version,

If I download the package with the command sudo apt install libssl1.0-dev, then I get OpenSSL 1.0.2n version,

How do I download the OpenSSL 1.1.0 and libssl package?

Note: I don't want to download OpenSSL package separately and build it externally. I am supposed to download using an Ubuntu package.

Kevin Bowen
  • 19,615
  • 55
  • 79
  • 83
Karma Yogi
  • 425
  • 1
  • 5
  • 13
  • 2
    Openssl 1.1.1-1ubuntu1 source package in Ubuntu has tar file openssl_1.1.1.orig.tar.gz of size 8.0 Mib, using which you can install Openssl_1.1.1. You try this @Siddalinga Swamy and let me know the result. – Marmayogi Mar 19 '19 at 10:54
  • 1
    I hope @Siddalinga Swamy, you know to how to untar a tar file. However here is the sample extract command: $ sudo tar xfvz openssl_1.1.1.orig.tar.gz --directory /opt/openssl. I assumed that you are going to extract tar file into /opt/openssl/ directory. Good luck! – Marmayogi Mar 19 '19 at 11:07
  • One more point @Siddalinga Swamy. If you want to reach me, then address me as @Marmayogi – Marmayogi Mar 19 '19 at 12:01
  • @Marmayogi, Hi Thanks for your answer. The way you suggested is installing openssl1.1.1 externally. But i want download package from ubuntu through commands directly, i dont want build it externally. Also i want libssl package for openssl 1.1.1 version. For example, sudo apt install libssl-dev will install openssl1.1.0g in Ubunutu 18.04. Similarly i want openssl1.1.1 – Karma Yogi Mar 20 '19 at 08:23
  • hi. @SiddalingaSwamy above in the launchpad link Marmayogi helpfully gave, you can see that it is a release for "cosmic" AKA : ubuntu 18.10. which is a non-LTS release but definitely not a beta. it is much more stable than 18.04 and what many ubuntu users including myself prefer. would you consider switching to ubuntu 18.10? in that case sudo apt install libssl would work. Also keep in mind 18.10 is basically just ubuntu 19.04 and ubuntu 19.04 is right around the corner. If you wait a couple more days you can upgrade to that and the same will work. – tatsu Mar 22 '19 at 12:23
  • related, possible duplicate: https://askubuntu.com/questions/1102803/upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04 – Kevin Bowen Mar 23 '19 at 03:03

4 Answers4

32

In fact your question was duplicate and the same question already appeared in Upgrade openssl 1.1.0 to 1.1.1 in Ubuntu 18.04.

As already answered by @Kevin Bowen, openssl 1.1.1 is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.

The same thing I too suggested in the beginning in comments section. My favorite is always to install in /opt, so I suggested that too in comments section.

If you don't want to do, then you will be stuck for ever!

What is OpenSSL?

OpenSSL is a command line cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

Most network communication apps and tools that use TLS / SSL protocols may have some OpenSSL tools installed in them. If you’re going to be using applications and packages that depend on the latest versions of OpenSSL, you may have to manually install it on Ubuntu systems.

OpenSSL relies on two important libraries that are part of the OpenSSL project:

  • libssl provides the client and server-side implementations for SSLv3 and TLS.
  • libcrypto provides general cryptographic and X.509 support needed by SSL/TLS but not logically part of it

The default toolket of OpenSSL that comes with Ubuntu isn’t the latest. To get the latest, you must download it yourself and install.

Guide to install the latest version of openssl 1.1.1b on Ubuntu 18.04.

Step 1 : Download openssl 1.1.1b

Download the latest openssl 1.1.1b release from from Ubuntu source package….

OpenSSL Cryptography and SSL/TLS Toolkit

enter image description here Figure-1: Download openssl 1.1.1b

You can also easily install openssl 1.1.1b package by running the commands below…

wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz

Step 2 : Install Openssl from the tar.gb package

Now create /opt/openssl directory:

$ sudo mkdir /opt/openssl enter image description here Figure-2: Create folder for openssl under /opt directory.

Now that you’ve downloaded the correct archive package for your system into ~/Downloads folder, run the following commands to install Openssl.

$ sudo tar xfvz ~/Downloads/openssl-1.1.1b.tar.gz --directory /opt/openssl

enter image description here Figure-3: Extraction into /opt/openssl is complete.

$ perl --version enter image description here Figure-4: Perl version.

Export LD_LIBRARY_PATH environment variable with the following value:

$ export LD_LIBRARY_PATH=/opt/openssl/lib

Verify that LD_LIBRARY_PATH is set with correct value by this command:

$ echo $LD_LIBRARY_PATH

enter image description here Figure-5: Value of environment variable LD_LIBRARY_PATH is /opt/openssl/lib.

Issue the config commands:

 $ cd /opt/openssl/openssl-1.1.1b
 $ sudo ./config --prefix=/opt/openssl --openssldir=/opt/openssl/ssl

enter image description here Figure-6: config command

Next, issue make command:

$ sudo make

Issue make test command to check for possible errors:

$ sudo make test

enter image description here Figure-7: Bingo! All tests successful.

Issue make install commands:

$ sudo make install

Where is openssl binary being located?

Issue the following commands:

$ sudo updatedb                              # rebuild library cache
$ locate openssl | grep /opt/openssl/bin

enter image description here Figure-8: Locate openssl binary.

The directory /usr/bin also has openssl binary which is an earler version. The presence of this unwanted openssl binary /usr/bin/openssl is going to cause us trouble, so we have to check this out!

Issue the following commands in order to tackle /usr/bin/openssl binary:

$ cd /usr/bin
$ ls -l openssl
$ sudo mv openssl openssl.old       # rename earlier version openssl to openssl.old

enter image description here Figure-9: Rename earlier version of openssl binary to openssl.old.

Step 3 : Setup PATH environment variable

Openssl needs to set PATH environment variables which is to be set as shown below.

Create a file called openssl.sh under /etc/profile.d/ directory.

$ sudo touch /etc/profile.d/openssl.sh
$ sudo vi /etc/profile.d/openssl.sh

Add the following contents:

#!/bin/sh
export PATH=/opt/openssl/bin:${PATH}
export LD_LIBRARY_PATH=/opt/openssl/lib:${LD_LIBRARY_PATH}

Save and close the file. Make it executable using the following command.

$ sudo chmod +x /etc/profile.d/openssl.sh

Then, set the environment variables permanently by running the following command:

 $ source /etc/profile.d/openssl.sh

Log out or reboot your system.

Now, check the PATH environment variable:

$ echo $PATH

enter image description here Figure-10: PATH envirnement variable having /opt/openssl/bin directory

$ which openssl enter image description here Figure-11: The binary 'openssl' is under '/opt/openssl/bin' directory

Now, check the openssl version using command:

$ openssl version

enter image description here Figure-12: openssl latest version

Now, check the openssl version using command line tool:

$ openssl

enter image description here Figure-13: Check version through 'openssl' command line.

What will happen if LD_LIBRARY_PATH is not properly set?

$ openssl

enter image description here Figure-14: Error thrown by 'openssl' command line when 'LD_LIBRARY_PATH' is not properly set.

As decribed by Step-3, you must set LD_LIBRARY_PATH to correct value which is /opt/openssl/lib

$ export LD_LIBRARY_PATH=/opt/openssl/lib:$LD_LIBRARY_PATH

Summary:

This method downloads, extracts, compiles, and installs the latest OpenSSL version 1.1.1b manually.

OSA413
  • 105
Marmayogi
  • 2,488
  • 1
    well done! maybe something's up with the linking because of previous apt install, but the last screenshot shows 1.1.0 – tatsu Mar 22 '19 at 12:26
  • 1
    Thank you @tatsu for pointing out version error. This has been corrected. – Marmayogi Mar 22 '19 at 17:38
  • Have you taken any decision @Karma Yogi, whether to wait until openssl 1.1.1b is available in current Ubuntu repositories or go ahead and install manually by yourself? You have not directly answered. I just want to know your ideas out of curiosity! – Marmayogi Mar 27 '19 at 04:16
  • @Marmayogi I was just doing analysis of openssl migration and some documentation corresponding to it. But now i have decided to continue with openssl 1.0.2 and will not upgrade openssl till ubuntu comes up with openssl 1.1.1 in ubuntu 18.04 – Karma Yogi Mar 27 '19 at 06:11
  • @Marmayogi There is one problem with this: If someone is using PHP, then fopen might stop working for https URLs with the following error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed. This is because OPENSSDIR is set to /opt/openssl/ssl. To fix it, I went to /opt/openssl/ssl deleted the empty certs folder and create a link to the Ubuntu default folder for certificates '/etc/ssl/certs', with this command: ln -s /etc/ssl/certs /opt/openssl/ssl/ – Valentin May 11 '20 at 20:46
  • @Marmayogi, Awesome 'explaining it with crayons'. Sometimes that is what needs to happen. I have been able to follow this same process above while installing OpenSSL 1.1.1g into Debian 10. I have even put it into a shell script with step-by-step comments so I can change it later on if needed. Please continue 'draw with crayons' for those of us (like me) that need it. – Energetic Pixels Sep 05 '20 at 18:53
  • This answser is just gold!! – Babacar Cissé DIA Nov 14 '21 at 17:34
  • Openssl1.1.1 offically available on ubuntu20.04 onwards – shashank arora May 24 '22 at 06:41
  • I followed this guide, but for the 1.1.1q version and it worked perfectly. The only issue I had was that the sudo make command failed becaused it needs a file called limits.sh. But I fixed it with this two firsts commands and then continue with the remaining steps: https://askubuntu.com/a/1120102 Now I can complie .NET Core 3.1 solutions in Linux Mint without any problem, which previosly I couldn't. Thanks :) – ivan0590 Aug 27 '22 at 17:38
  • I followed the guide and it worked before the reboot on Ubuntu 22.04.1 LTS. Upon reboot the PATH variable doesn't contain the /opt/openssl/bin path and the LD_LIBRARY_PATH is empty. Looks like it's not sticking despite creating the /etc/profile.d/openssl.sh and making it executable. Any thoughts please? – hoz Aug 23 '23 at 18:49
2

Do it on Ubuntu 22.04, please. I solved the identical problem by issuing these commands.

#wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
#dpkg -i libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb 
1

On Ubuntu 20.04, I wanted to upgrade from 1.1.1g to 1.1.1l but it's not available in their official repo yet. Along the way I got stuck on a snag with an error about openssl being unable to verify the issuer's authority, when trying to use wget after upgrading.

Eventually I got it all to work, here are the commands.

cd ~; mkdir /opt/openssl; mkdir /opt/openssl/ssl; sudo ln -s /etc/ssl/certs /opt/openssl/ssl/certs;
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz;
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz.sha256;
tar -zxf openssl-1.1.1l.tar.gz --directory /opt/openssl;
cd /opt/openssl/openssl-1.1.1l;
./config --prefix=/opt/openssl --openssldir=/opt/openssl/ssl;
make;
make test;
sudo make install;
mv /usr/bin/openssl /usr/bin/openssl-1.1.1g;
ln -s /usr/local/bin/openssl /usr/bin/openssl;
ldconfig;

touch /etc/profile.d/openssl.sh; echo '#!/bin/sh' > /etc/profile.d/openssl.sh; echo 'export PATH=/opt/openssl/bin:${PATH}' >> /etc/profile.d/openssl.sh; echo 'export LD_LIBRARY_PATH=/opt/openssl/lib:${LD_LIBRARY_PATH}' >> /etc/profile.d/openssl.sh;

chmod +x /etc/profile.d/openssl.sh; source /etc/profile.d/openssl.sh; sudo updatedb; openssl version;

Then to test it out and make sure you don't get any errors:

wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz.sha256
0

Attempting to achieve this on Ubuntu 22.04 as I'm installing a package that needs openssl1.1.1. Ubuntu 22.04 comes with openssl3.x. I was seeing errors that libcrypto.so.1.1 and libssl.so.1.1 were not found.

I followed the steps mentioned in the accepted answer, but the path wasn't sticking upon reboot. I solved this by going through the steps in the accepted answer - How to install OpenSSL 1.1.1 and libSSL package?, then combining it with the solution here - https://stackoverflow.com/questions/8501163/error-while-loading-shared-libraries-libpcre-so-0-cannot-open-shared-object-f#answer-69936048

Follow the steps as above, then;

  • Symlink the libssl.so.1.1 and libcrypto.so.1.1 in the default path alongside libssl.so.3 and libcrypto.so.3
  • ln -s /opt/openssl/lib/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
  • ln -s /opt/openssl/lib/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
hoz
  • 119