To establish an encrypted connection, a client connects to the server requesting a secure connection. The server then sends the client a digital certificate which includes information on the server including the public key and the certificate authority. The client validates the certificate and starts an encrypted session with the server.
This tutorial explains how to install OpenSSL from source in Linux systems. At the end, Debian based Linux distribution users can find instructions on how to install OpenSSL from repositories.
Red Hat Linux users may find it useful to install OpenSSL from source to add features left out since Red Hat replaced OpenSSL with a pre-installed limited version, according to the OpenSSL website.
NOTE: Red Hat users must not overwrite the current OpenSSL installation located in /usr/bin.
How to install OpenSSL from Source
Before starting, make sure you remove the old OpenSSL version by running the following command in your terminal:
You can download OpenSSL sources from https://www.openssl.org/source/. Make sure you download the correct version. For demonstration, I will download the current version (3) using wget as shown in the example below:
Extract the downloaded tar.gz by running the following command:
Enter the extracted directory with the cd (Change directory) command and give the configuration file execution permissions as shown in the screenshot below:
$ chmod +x ./config
Run the configuration script as shown below (Pay attention to the capital c).
Now you can start compiling Openssl using the script make:
Run make test as shown below:
And finally run make install:
Update links and caches:
In my case, it was installed under /usr/local/bin/openssl. So, I linked it to /usr/bin. If that’s your case too, run a similar command according to your situation. Otherwise, you can check if OpenSSL is properly installed by executing openssl version as shown in the screenshot below.
$ openssl version
As you can see, OpenSSL was correctly installed from source.
How to Install OpenSSL in Debian-based Linux Distributions
Installing OpenSSL in Debian-based Linux distributions is easier using apt as shown below:
$ sudo apt install openssl
OpenSSL is installed.
Cryptographic Algorithms Supported by OpenSSL:
- RC2, RC4, RC5
- Triple DES
- GOST 28147-89
- SM3, SM4
- MD5, MD4, MD2
- SHA-1, SHA-2, SHA-3
- GOST R 34.11-94
- Diffie–Hellman key exchange
- Elliptic curve
- X25519, X448
- Ed25519, Ed448
OpenSSL is licensed under OpenSSL (Apache License 1.0) and SSLeay permissive licenses. Anyone can use or redistribute OpenSSL both for personal and commercial use. OpenSSL licensing is not compatible with GNU GPL license. This fact encouraged the development of GnuTLS.
It was forked from OpenSSL aiming to clean the code and improve security. Known for being more secure, some OpenSSL vulnerabilities didn’t affect LibreSSL. LibreSSL was developed by an OpenBSD developer and replaced OpenSSL for that OS which was considered the most secure.
Another open-source option. It is currently the largest certificate issuer in the world. It is the easiest alternative to install and configure with a process fully automated.
GnuTLS is used by software like GNOME, OpenLDAP, CenterIM, Exim, Mutt, Slrn, Lynx, CUPS, etc. This cryptography library was developed by the Free Software Foundation, and also allows the implementation of SSL, TLS and DTLS. It was developed because of the incompatibility of OpenSSL with GNU GPL licenses.
Installing OpenSSL from source is a 10 minute easy task. Any inexperienced user can do it by following the instructions above. However, benefits range from security to the ability to run TLS/SSL dependent applications like OAuth. Securing a website with TLS/SSL will improve the site before search engines which prioritize secured websites (https) over insecure sites (http) in search results.
OpenSSL supports Unix-like operating systems (including Linux, BSD, and macOS) and Microsoft Windows.
OpenSSL’s advantages over competitors include sources availability, friendly licensing terms and platform independence. However, historical bugs have exposed important vulnerabilities like plaintext recovery attack, Heartbleed, CCS injection, key recovery attack, OCSP stapling, etc. Security incidents breaking OpenSSL security encouraged the development of the alternative LibreSSL, included in OpenBSD (the safest OS).
I hope this OpenSSL tutorial was useful. Keep following Linux Hint for more Linux tips and tutorials.