OpenSSL v3
OpenSSL should preferably be installed through the systems package manager. All recent versions of the major distributions offer a packaged version.
- From Package Manager
- From Source
Debian
In Debian 12 and Ubuntu 22.04 or newer OpenSSL 3 is available from the official package archive.
sudo apt install openssl
Red Hat
In Red Hat Enterprise Linux 9, CentOs 9, and Fedora 38 or newer OpenSSL 3 is available from the official package archive.
sudo dnf install openssl
SUSE
In SUSE-15 SP4 or new OpenSSL 3 is available from the official package archive.
sudo zypper install openssl-3
Build from source
On some systems you have to build OpenSSL 3 yourself.
- Debian/Ubuntu
- RHEL
- Container
Install build dependency with apt-get
On Debian/Ubuntu based distribution the following dependencies have to be installed
apt-get -q update;
apt-get -yq install perl autoconf-archive automake libtool make gcc curl tar gzip;
Install dependencies with yum
On RHEL based distribution the following dependencies have to be installed
yum install -y --skip-broken perl-core autoconf automake libtool make gcc curl tar gzip;
It is possible to build OpenSSL 3 for your target system inside a docker container. Most Linux distributions offer an official docker image.
You can download the script to build OpenSSL 3 in a docker container here:
In the script the code shown in [Build OpenSSL][#build-openssl] below is executed inside a container. The command used in the script to create the container is this:
docker run --rm \
--env IUSER="$(id -u)" \
--env IGRP="$(id -g)" \
--env OPENSSL_VERSION \
--volume "$(pwd)/openssl-${OPENSSL_VERSION}-bin:/tmp/out" \
"${DISTRO_IMAGE_NAME}" bash -ce \
...
A docker container using the image ${DISTRO_IMAGE_NAME}
this
variable is set near the top of the script. This can be changed to use
a container image that fits best your target system. The following
images have been successfully tested (on 2024-02-05):
-
With the Debian script: "debian:10", "debian:11", "ubuntu:18.04", "ubuntu:20.04"
-
With the RHEL script: "centos:7" "rockylinux:8" "redhat/ubi8" "fedora:37"
The script creates a new directory openssl-${OPENSSL_VERSION}-bin. It is mounted as a volume inside the container. The output will be placed in that directory. In order to fix the ownership of the produced file, the uid and gid of the current user are passed to the container as well.
Build OpenSSL
The script below creates binaries with their openssldir set to /opt/openssl-${OPENSSL_VERSION}/ssl. This means, that the default openssl configuration is /opt/openssl-${OPENSSL_VERSION}/ssl/openssl.cnf.
This is necessary to avoid collisions with the OpenSSL version distributed the package manager.
OPENSSL_VERSION=3.2.1;
TMPDIR=$(realpath "${TMPDIR:-/tmp}");
echo "-- Downloading openssl-${OPENSSL_VERSION}";
curl "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" -o "${TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz";
cd "${TMPDIR}";
echo "-- Extracting openssl-${OPENSSL_VERSION}";
tar xf "openssl-${OPENSSL_VERSION}.tar.gz";
mkdir -p "${TMPDIR}/build" "${TMPDIR}/inst";
cd "${TMPDIR}/build";
echo "-- Configuring openssl-${OPENSSL_VERSION}";
"../openssl-${OPENSSL_VERSION}/Configure" --libdir=lib --prefix="/opt/openssl-${OPENSSL_VERSION}" --openssldir="/opt/openssl-${OPENSSL_VERSION}/ssl";
echo "-- Compiling openssl-${OPENSSL_VERSION} (this may take a while)";
p="$(getconf _NPROCESSORS_ONLN)";
make --silent -j "${p}" -l "${p}" build_sw;
make --silent -j "${p}" -l "${p}" test;
make --silent -j "${p}" -l "${p}" install_sw install_ssldirs DESTDIR="${TMPDIR}/inst";
echo "-- Zipping binary openssl-${OPENSSL_VERSION}";
cd "${TMPDIR}/inst/opt/";
tar czf "${TMPDIR}/out/openssl-${OPENSSL_VERSION}.bin.tgz" .;
chown "${IUSER}:${IGRP}" "${TMPDIR}/out/openssl-${OPENSSL_VERSION}.bin.tgz";
echo "-- Build complete";
echo "-- To install OpenSSL on this system execute:";
echo "$ sudo tar -C /opt/ -xf \"${TMPDIR}/out/openssl-${OPENSSL_VERSION}.bin.tgz\"";
Remember to add /opt/openssl-${OPENSSL_VERSION}/lib
to the
LD_LIBRARY_PATH
. Otherwise the applications try to use the system
libraries.