Updating openssl

After deploying new centos 7 distro, I checked version of openssl and it appeared to be very old (2013!!). To check openssl version, you can use this command:

openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

or this:

yum info openssl
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 60.el7_3.1

Then if you want to update it, simply run:

sudo yum update openssl

And if you check it again, it will show updated version:

openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

So this should include all security fixes and you're good to go.

But if you still want to install newer openssl alongside with the current one, below I will show how.

Install openssql 1.1.0 from sources

1. Download and extract:

cd ~
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar -xzf openssl-1.1.0f.tar.gz

2. Compile and install:

cd openssl-1.1.0f
./config
make
sudo make install

Now if you try to run openssl, you will get this error:

/usr/local/bin/openssl version
/usr/local/bin/openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

To fix it, we need to do the next step.

3. Create links to libssl:

sudo ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
sudo ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

4. Finally create link to new openssl

sudo ln -s /usr/local/bin/openssl /usr/bin/openssl_latest

Here I called it 'openssl_latest', you can change it to whatever you want.

5. Now let's check version of our 'openssl_latest', which should be '1.1.0f' at the time of writing:

openssl_latest version
OpenSSL 1.1.0f  25 May 2017