Install and Update OpenSSL on CentOS 6 / CentOS 7

1. Get the current version with “openssl version” and “yum info openssl” command :

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: centos.netonboard.com
 * epel: ftp.cuhk.edu.hk
 * extras: centos.netonboard.com
 * updates: ossm.utm.my
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

2. To download the latest version of OpenSSL, do as follows:

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

3. To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

4. If the old version is still displayed or installed before, please make acopy of openssl bin file :

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

5. Verify the OpenSSL version :

# openssl version

Output :

OpenSSL 1.0.2a 19 Mar 2015


There are known bugs in older OpenSSL and NSS versions leading to misbehaviour in combination with remote hosts using SNI. A technology used by most of the HTTPS websites. To ensure that ownCloud will work properly you need to update OpenSSL to at least 1.0.2b or 1.0.1d. For NSS the patch version depends on your distribution and an heuristic is running the test which actually reproduces the bug. There are distributions such as RHEL/CentOS which have this backport still pending.

Reference

Reference

 

 

Add a Comment

Your email address will not be published. Required fields are marked *

five × two =