SSL

Install OpenSSL 3 from Source

OpenSSL is an open-source cryptography library useful to implement TLS and SSL protocols. TLS and SSL implementation is used to provide confidence on the sender of a packet and the packet integrity. It is considered mandatory on websites, especially websites where users store sensitive information. Search engines like Google prioritize secured websites in search results.

To establish an encrypted connection, a client connects to the server requesting a secure connection. The server then sends the client a digital certificate which includes information on the server including the public key and the certificate authority. The client validates the certificate and starts an encrypted session with the server.

This tutorial explains how to install OpenSSL from source in Linux systems. At the end, Debian based Linux distribution users can find instructions on how to install OpenSSL from repositories.

Red Hat Linux users may find it useful to install OpenSSL from source to add features left out since Red Hat replaced OpenSSL with a pre-installed limited version, according to the OpenSSL website.

NOTE: Red Hat users must not overwrite the current OpenSSL installation located in /usr/bin.

How to install OpenSSL from Source

Before starting, make sure you remove the old OpenSSL version by running the following command in your terminal:

$ sudo apt remove openssl

You can download OpenSSL sources from https://www.openssl.org/source/. Make sure you download the correct version. For demonstration, I will download the current version (3) using wget as shown in the example below:

$ wget https://www.openssl.org/source/openssl-3.0.0-alpha17.tar.gz

Extract the downloaded tar.gz by running the following command:

$ tar -xvzf openssl-3.0.0-alpha17.tar.gz

Enter the extracted directory with the cd (Change directory) command and give the configuration file execution permissions as shown in the screenshot below:

$ cd openssl-3.0.0-alpha17
$ chmod +x ./config

Run the configuration script as shown below (Pay attention to the capital c).

$ ./Configure

Now you can start compiling Openssl using the script make:

$ make

Run make test as shown below:

$ make test

And finally run make install:

$ make install

Update links and caches:

$ sudo ldconfig

In my case, it was installed under /usr/local/bin/openssl. So, I linked it to /usr/bin. If that’s your case too, run a similar command according to your situation. Otherwise, you can check if OpenSSL is properly installed by executing openssl version as shown in the screenshot below.

$ ln -s /usr/local/bin/openssl /usr/bin/

$ openssl version

As you can see, OpenSSL was correctly installed from source.

$ openssl version

How to Install OpenSSL in Debian-based Linux Distributions

Installing OpenSSL in Debian-based Linux distributions is easier using apt as shown below:

$ sudo apt update

$ sudo apt install openssl

OpenSSL is installed.

Cryptographic Algorithms Supported by OpenSSL:

OpenSSL Licensing:

OpenSSL is licensed under OpenSSL (Apache License 1.0) and SSLeay permissive licenses. Anyone can use or redistribute OpenSSL both for personal and commercial use. OpenSSL licensing is not compatible with GNU GPL license. This fact encouraged the development of GnuTLS.

OpenSSL Alternatives:

LibreSSL:

It was forked from OpenSSL aiming to clean the code and improve security. Known for being more secure, some OpenSSL vulnerabilities didn’t affect LibreSSL. LibreSSL was developed by an OpenBSD developer and replaced OpenSSL for that OS which was considered the most secure.

Let’s Encrypt:

Another open-source option. It is currently the largest certificate issuer in the world. It is the easiest alternative to install and configure with a process fully automated.

GnuTLS:

GnuTLS is used by software like GNOME, OpenLDAP, CenterIM, Exim, Mutt, Slrn, Lynx, CUPS, etc. This cryptography library was developed by the Free Software Foundation, and also allows the implementation of SSL, TLS and DTLS. It was developed because of the incompatibility of OpenSSL with GNU GPL licenses.

Conclusion:

Installing OpenSSL from source is a 10 minute easy task. Any inexperienced user can do it by following the instructions above. However, benefits range from security to the ability to run TLS/SSL dependent applications like OAuth. Securing a website with TLS/SSL will improve the site before search engines which prioritize secured websites (https) over insecure sites (http) in search results.

OpenSSL supports Unix-like operating systems (including Linux, BSD, and macOS) and Microsoft Windows.

OpenSSL’s advantages over competitors include sources availability, friendly licensing terms and platform independence. However, historical bugs have exposed important vulnerabilities like plaintext recovery attack, Heartbleed, CCS injection, key recovery attack, OCSP stapling, etc. Security incidents breaking OpenSSL security encouraged the development of the alternative LibreSSL, included in OpenBSD (the safest OS).

I hope this OpenSSL tutorial was useful. Keep following Linux Hint for more Linux tips and tutorials.

About the author

Ivan Vanney

Ivan Vanney has over 2 years as writer for LinuxHint, he is co-founder of the freelance services marketplace GIGopen.com where he works as a sysadmin.