Sfdwhf

Why is it that I can sometimes guess the next note?

Hero deduces identity of a killer

Open a doc from terminal, but not by its name

Mimic lecturing on blackboard, facing audience

It grows, but water kills it

How does the math work for Perception checks?

Why Shazam when there is already Superman?

Fear of getting stuck on one programming language / technology that is not used in my country

What happens if you are holding an Iron Flask with a demon inside and walk into an Antimagic Field?

Does the Linux kernel need a file system to run?

How does a computer interpret real numbers?

Why did the EU agree to delay the Brexit deadline?

Can I say "fingers" when referring to toes?

Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?

Mixing PEX brands

Plot of a tornado-shaped surface

What should you do when eye contact makes your subordinate uncomfortable?

How do you make your own symbol when Detexify fails?

How to fade a semiplane defined by line?

Angel of Condemnation - Exile creature with second ability

Do the primes contain an infinite almost arithmetic progression?

Lowest total scrabble score

Did arcade monitors have same pixel aspect ratio as TV sets?

What features enable the Su-25 Frogfoot to operate with such a wide variety of fuels?

How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?

openSSL 1.1.1 and libSSL packageUpgrade OpenSSL on Ubuntu 12.04How to upgrade OpenSSL 1.0.1f on Ubuntu Server 14.04?Ubuntu 14.04.1 LTS and OpenSSLHow to install openssl 1.0.2 with default openssl (1.1.1) on Ubuntu 16.04?Ubuntu openssl version upgradeHow to properly downgrade openssl version under Ubuntu 18.04OpenSSL in UbuntuUnable to decrypt text files with openssl on Ubuntu 18.04Ubuntu 18.04 system broken after uninstalling opensslopenSSL 1.1.1 and libSSL package

5

2

I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.

I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.

As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.

As this is a production server running nginx server, I don't want to directly try anything on the server.

root@energy-prod:~# nginx -v

nginx version: nginx/1.14.0 (Ubuntu)

What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?

18.04 upgrade openssl

share|improve this question

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
  
  – LiveWireBT
  Dec 19 '18 at 4:33
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
  
  – Thomas Ward♦
  Jan 24 at 19:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
  
  – Tino
  Feb 28 at 12:59
  

  
  
  
  

add a comment | 

5

2

I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.

I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.

As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.

As this is a production server running nginx server, I don't want to directly try anything on the server.

root@energy-prod:~# nginx -v

nginx version: nginx/1.14.0 (Ubuntu)

What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?

18.04 upgrade openssl

share|improve this question

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  FYI: »OpenSSL 1.1.1 SRU into Bionic« lists.ubuntu.com/archives/ubuntu-devel/2018-December/… In the meantime talk to the respective contact who is in charge of the firewall configuration, ask for requirements/recommendations/waivers. I doubt that you are the only one running 18.04 and having this problem nor do I think that not supporting TLS 1.3 at this point in time is the issue as it's still quite new and contrary to your statement I read that it still causes issues with some middleboxes, but you won't find out if you don't ask.
  
  – LiveWireBT
  Dec 19 '18 at 4:33
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Upgrading will not be possible until that SRU goes through. There's just too much stuff that depends on OpenSSL to do the upgrade yourself, because it could break everything.
  
  – Thomas Ward♦
  Jan 24 at 19:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  finally bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 is in Progress now
  
  – Tino
  Feb 28 at 12:59
  

  
  
  
  

add a comment | 

I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.

I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.

As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.

As this is a production server running nginx server, I don't want to directly try anything on the server.

root@energy-prod:~# nginx -v

nginx version: nginx/1.14.0 (Ubuntu)

What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?

18.04 upgrade openssl

share|improve this question

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

root@energy-prod:~# nginx -v

nginx version: nginx/1.14.0 (Ubuntu)

share|improve this question

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

share|improve this question

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

edited 6 mins ago

Kevin Bowen

14.7k155970

edited 6 mins ago

Kevin Bowen

14.7k155970

asked Dec 18 '18 at 11:34

dollardollar

13214

asked Dec 18 '18 at 11:34

dollardollar

13214

1 Answer
1

active

oldest

votes

6

According to the OpenSSL website:

The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.

Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.

Below are the instructions to follow:

1. Open a terminal (Ctrl+Alt+t).


2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
   


3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
   


4. Issue the command ./config.


5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).


6. Run make test to check for possible errors.


7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp
   


8. Issue the command sudo make install.


9. Create symbolic link from newly install binary to the default location:
   
   

   sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
   
   

   
   


10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.

Again, from the terminal issue the command:

openssl version

Your output should be as follows:

OpenSSL 1.1.1a  20 Nov 2018

share|improve this answer

edited 15 mins ago

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102803%2fhow-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

6

According to the OpenSSL website:

The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.

Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.

Below are the instructions to follow:

1. Open a terminal (Ctrl+Alt+t).


2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
   


3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
   


4. Issue the command ./config.


5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).


6. Run make test to check for possible errors.


7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp
   


8. Issue the command sudo make install.


9. Create symbolic link from newly install binary to the default location:
   
   

   sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
   
   

   
   


10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.

Again, from the terminal issue the command:

openssl version

Your output should be as follows:

OpenSSL 1.1.1a  20 Nov 2018

share|improve this answer

edited 15 mins ago

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

add a comment | 

6

According to the OpenSSL website:

The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.

Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.

Below are the instructions to follow:

1. Open a terminal (Ctrl+Alt+t).


2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
   


3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
   


4. Issue the command ./config.


5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).


6. Run make test to check for possible errors.


7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp
   


8. Issue the command sudo make install.


9. Create symbolic link from newly install binary to the default location:
   
   

   sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
   
   

   
   


10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.

Again, from the terminal issue the command:

openssl version

Your output should be as follows:

OpenSSL 1.1.1a  20 Nov 2018

share|improve this answer

edited 15 mins ago

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

add a comment | 

According to the OpenSSL website:

The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.

Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.

Below are the instructions to follow:

1. Open a terminal (Ctrl+Alt+t).


2. Fetch the tarball: wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
   


3. Unpack the tarball with tar -zxf openssl-1.1.1a.tar.gz && cd openssl-1.1.1a
   


4. Issue the command ./config.


5. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).


6. Run make test to check for possible errors.


7. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp
   


8. Issue the command sudo make install.


9. Create symbolic link from newly install binary to the default location:
   
   

   sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
   
   

   
   


10. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.

Again, from the terminal issue the command:

openssl version

Your output should be as follows:

OpenSSL 1.1.1a  20 Nov 2018

share|improve this answer

edited 15 mins ago

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

openssl version

OpenSSL 1.1.1a  20 Nov 2018

share|improve this answer

edited 15 mins ago

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970

answered Dec 18 '18 at 23:34

Kevin BowenKevin Bowen

14.7k155970