How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?openSSL 1.1.1 and libSSL packageUpgrade OpenSSL on Ubuntu 12.04How to upgrade OpenSSL 1.0.1f on Ubuntu Server 14.04?Ubuntu 14.04.1 LTS and OpenSSLUpdating OpenSSLHow to install openssl 1.0.2 with default openssl (1.1.1) on Ubuntu 16.04?Ubuntu openssl version upgradeHow to properly downgrade openssl version under Ubuntu 18.04OpenSSL in UbuntuUnable to decrypt text files with openssl on Ubuntu 18.04Ubuntu 18.04 system broken after uninstalling openssl

Why is so much work done on numerical verification of the Riemann Hypothesis?

What happens if you are holding an Iron Flask with a demon inside and walk into an Antimagic Field?

Is aluminum electrical wire used on aircraft?

Multiplicative persistence

Can a College of Swords bard use a Blade Flourish option on an opportunity attack provoked by their own Dissonant Whispers spell?

Why did the EU agree to delay the Brexit deadline?

How should I respond when I lied about my education and the company finds out through background check?

Can I still be respawned if I die by falling off the map?

Angel of Condemnation - Exile creature with second ability

What is the highest possible scrabble score for placing a single tile

Keeping a ball lost forever

Fear of getting stuck on one programming language / technology that is not used in my country

Mixing PEX brands

Quoting Keynes in a lecture

Why is it that I can sometimes guess the next note?

Open a doc from terminal, but not by its name

Terse Method to Swap Lowest for Highest?

How can I write humor as character trait?

What is the evidence for the "tyranny of the majority problem" in a direct democracy context?

Creepy dinosaur pc game identification

15% tax on $7.5k earnings. Is that right?

Limits and Infinite Integration by Parts

Unexpected behavior of the procedure `Area` on the object 'Polygon'

Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?



How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?


openSSL 1.1.1 and libSSL packageUpgrade OpenSSL on Ubuntu 12.04How to upgrade OpenSSL 1.0.1f on Ubuntu Server 14.04?Ubuntu 14.04.1 LTS and OpenSSLUpdating OpenSSLHow to install openssl 1.0.2 with default openssl (1.1.1) on Ubuntu 16.04?Ubuntu openssl version upgradeHow to properly downgrade openssl version under Ubuntu 18.04OpenSSL in UbuntuUnable to decrypt text files with openssl on Ubuntu 18.04Ubuntu 18.04 system broken after uninstalling openssl













5















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question



















  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59















5















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question



















  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59













5












5








5


2






I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?










share|improve this question
















I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.



I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.



As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.



As this is a production server running nginx server, I don't want to directly try anything on the server.



root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)


What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?







18.04 upgrade openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 8 mins ago









Kevin Bowen

14.7k155970




14.7k155970










asked Dec 18 '18 at 11:34









dollardollar

13214




13214







  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59












  • 2





    FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

    – LiveWireBT
    Dec 19 '18 at 4:33






  • 1





    Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

    – Thomas Ward
    Jan 24 at 19:42






  • 1





    finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

    – Tino
    Feb 28 at 12:59







2




2





FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

– LiveWireBT
Dec 19 '18 at 4:33





FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.

– LiveWireBT
Dec 19 '18 at 4:33




1




1





Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

– Thomas Ward
Jan 24 at 19:42





Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.

– Thomas Ward
Jan 24 at 19:42




1




1





finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

– Tino
Feb 28 at 12:59





finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now

– Tino
Feb 28 at 12:59










1 Answer
1






active

oldest

votes


















6














According to the OpenSSL website:




The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



Below are the instructions to follow:



  1. Open a terminal (Ctrl+Alt+t).

  2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

  3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

  4. Issue the command ./config.

  5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

  6. Run make test to check for possible errors.

  7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

  8. Issue the command sudo make install.

  9. Create symbolic link from newly install binary to the default location:

    sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


  10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



Again, from the terminal issue the command:



openssl version


Your output should be as follows:



OpenSSL 1.1.1a 20 Nov 2018





share|improve this answer
























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    According to the OpenSSL website:




    The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




    Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



    Below are the instructions to follow:



    1. Open a terminal (Ctrl+Alt+t).

    2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

    3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

    4. Issue the command ./config.

    5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

    6. Run make test to check for possible errors.

    7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

    8. Issue the command sudo make install.

    9. Create symbolic link from newly install binary to the default location:

      sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


    10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

    Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



    Again, from the terminal issue the command:



    openssl version


    Your output should be as follows:



    OpenSSL 1.1.1a 20 Nov 2018





    share|improve this answer





























      6














      According to the OpenSSL website:




      The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




      Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



      Below are the instructions to follow:



      1. Open a terminal (Ctrl+Alt+t).

      2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

      3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

      4. Issue the command ./config.

      5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

      6. Run make test to check for possible errors.

      7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

      8. Issue the command sudo make install.

      9. Create symbolic link from newly install binary to the default location:

        sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


      10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

      Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



      Again, from the terminal issue the command:



      openssl version


      Your output should be as follows:



      OpenSSL 1.1.1a 20 Nov 2018





      share|improve this answer



























        6












        6








        6







        According to the OpenSSL website:




        The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




        Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



        Below are the instructions to follow:



        1. Open a terminal (Ctrl+Alt+t).

        2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

        3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

        4. Issue the command ./config.

        5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

        6. Run make test to check for possible errors.

        7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

        8. Issue the command sudo make install.

        9. Create symbolic link from newly install binary to the default location:

          sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


        10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

        Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



        Again, from the terminal issue the command:



        openssl version


        Your output should be as follows:



        OpenSSL 1.1.1a 20 Nov 2018





        share|improve this answer















        According to the OpenSSL website:




        The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.




        Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.



        Below are the instructions to follow:



        1. Open a terminal (Ctrl+Alt+t).

        2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz

        3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a

        4. Issue the command ./config.

        5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).

        6. Run make test to check for possible errors.

        7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp

        8. Issue the command sudo make install.

        9. Create symbolic link from newly install binary to the default location:

          sudo ln -s /usr/local/bin/openssl /usr/bin/openssl


        10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

        Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.



        Again, from the terminal issue the command:



        openssl version


        Your output should be as follows:



        OpenSSL 1.1.1a 20 Nov 2018






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 17 mins ago

























        answered Dec 18 '18 at 23:34









        Kevin BowenKevin Bowen

        14.7k155970




        14.7k155970



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

            Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

            Torre de la Isleta Índice Véase también Referencias Bibliografía Enlaces externos Menú de navegación38°25′58″N 0°23′02″O / 38.43277778, -0.3838888938°25′58″N 0°23′02″O / 38.43277778, -0.38388889Torre de la Illeta de l’Horta o Torre Saleta. Base de datos de bienes inmuebles. Patrimonio Cultural. Secretaría de Estado de CulturaFicha BIC Torre de la Illeta de l’Horta. Dirección General de Patrimonio Cultural. Generalitat ValencianaLugares de interés. Ayuntamiento del CampelloTorre de la Isleta en CastillosNet.org