How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Install and Update OpenSSL

I have CentOS 6 server and still running with OpenSSL 1.0.1e (openssl-1.0.1e-30) that vulnerable to a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL. OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers (nginx web server, Apache web server) and MySQL database server.

OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQL databases and email applications.

I have tried to perform command “yum update openssl” but I receive “No Packages marked for Update” even though the latest version of tar version has been published.

See also  How to Search for Available PHP5 Modules on Fedora 16

The following steps describe how to install and update OpenSSL on CentOS 6 and CentOS 7.

Install and Update OpenSSL on CentOS 6 / CentOS 7

1. Get the current version with “openssl version” and “yum info openssl” command :

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: centos.netonboard.com
 * epel: ftp.cuhk.edu.hk
 * extras: centos.netonboard.com
 * updates: ossm.utm.my
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

2. To download the latest version of OpenSSL, do as follows:

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

3. To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

4. If the old version is still displayed or installed before, please make acopy of openssl bin file :

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

5. Verify the OpenSSL version :

# openssl version

Output :

OpenSSL 1.0.2a 19 Mar 2015

 

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7/CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7/CentOS 7

This article will explain the steps to reset a lost root password or to reset forgotten root password on Linux RHEL 7 or CentOS 7. Basically, the steps will adding...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

11 Comments

  • Avatar for Kris Armstrong Kris Armstrong says:

    I followed your article. which seemed to work great. My next step was to install FreeRadius V3.0.8. And I receive the following message after compiling and installing

    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev – 1.0.1f release)

    Security advisory CVE-2014-0160 (Heartbleed)

    For more information see http://heartbleed.com

    Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = ‘CVE-2014-0160′

    So based on this its still pointed to the old version since hte new one is installed. I thought ok its probably a library issue.

    So I did the following:

    ./configure –with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ –with-openssl-include-dir=/usr/src/openssl-1.0.2c/

    Which produces the following error message:

    checking for OpenSSL version >= 0.9.7… yes

    checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no

    configure: error: in `/usr/src/freeradius-server-3.0.8′:

    configure: error: OpenSSL library version does not match header version

    See `config.log’ for more details

    [root@freeradius freeradius-server-3.0.8]#

    So I’m not sure if i’m pointing to the right libraries and or headers or not. And why does the system still believe the 1.0.1 is still there.

    Suggestions ideas?
    Should I remove openssl and openssl-develop? and redo the process above again?

    Oh and i’m running CentOS7.1

  • Avatar for Kris Armstrong Kris Armstrong says:

    checking for OpenSSL version >= 0.9.7… yes

    checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no

    configure: error: in `/usr/src/freeradius-server-3.0.8′:

    configure: error: OpenSSL library version does not match header version

    See `config.log’ for more details

    [root@freeradius freeradius-server-3.0.8]#

  • Avatar for sidgrafix sidgrafix says:

    This works but is incomplete in making it stick!

    Apache needs to be rebuilt after with openSSL in order for it to be active in PHP. Problem is the openSSL gets reverted to the rpm distributed with cPanel and or CloudLinux when rebuilding apache for those of us that use either, in turn overriding anything you just did!

    As the log shows:
    –!! Warning: ‘openssl-devel’ has been modified, reinstalling… !!
    Loaded plugins: fastestmirror, rhnplugin
    Setting up Install Process
    Loading mirror speeds from cached hostfile
    * cloudlinux-x86_64-server-6: xmlrpc.cln.cloudlinux.com
    Resolving Dependencies
    –> Running transaction check
    —> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be installed
    –> Finished Dependency Resolution

    Total download size: 1.2 M
    Installed size: 0
    Downloading Packages:
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction

    Installing : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1

    Verifying : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1

    Complete!
    !! Done reinstalling ‘openssl-devel’ !!
    ============================================================

    Do you have a solution for that?

    I haven’t been able to find one!

  • Avatar for Navd Navd says:

    hi,

    I followed the steps , it installed the latest version. Even moved the old openssl to other directory and created a link to the new installed version.

    when I run the openssl version command , still shows older version :

    Description: Red Hat Enterprise Linux Server release 6.7 (Santiago)
    Release: 6.7
    Codename: Santiago

    openssl version
    OpenSSL 0.9.8zf-fips 19 Mar 2015

    can you please help in this regards ?

    Thanks

  • Avatar for Kevin Siji Kevin Siji says:

    Thanks

  • Avatar for John John says:

    I have followed all steps but but for the 4th step openssl directory is not found. Can you please suggest what i need to check for?
    # mv /usr/bin/openssl /root/
    # ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

    I’m using centos 7 version.

    If i skip this step and run openssl version then it is gives error of no command found.

  • Avatar for Robert Robert says:

    On step 3 for me it was:
    cd openssl-1.0.2k instead of cd openssl-1.0.2a
    cd openssl-1.0.2a doesn’t exist.

  • Avatar for Sandra Sandra says:

    Thanks so much

  • Avatar for vigneshwaran vigneshwaran says:

    Even after installing the latest version “sudo yum info openssl” shows same old version as output

    Installed Packages
    Name : openssl
    Arch : x86_64
    Epoch : 1
    Version : 1.0.1e
    Release : 60.el7_3.1
    Size : 1.5 M
    Repo : installed
    From repo : updates
    Summary : Utilities from the general purpose cryptography library with TLS implementation
    URL : http://www.openssl.org/
    License : OpenSSL
    Description : The OpenSSL toolkit provides support for secure communications between
    : machines. OpenSSL includes a certificate management tool and shared
    : libraries which provide various cryptographic algorithms and
    : protocols.

    but “#openssl version” shows
    OpenSSL 1.0.2l 25 May 2017″

  • Avatar for Javier Ruiz Javier Ruiz says:

    Hello i have installed update OpenSSL with yours instructions.

    In command line the version showed is the new, but in phpinfo and yum info openssl it show old version

    How can i repair it ??

    thakns

Leave a Reply

Your email address will not be published. Required fields are marked *