How to upgrade OpenSSL from 1.0.2g to 1.1.0g in Ubuntu and let python recognize the new OpenSSL

Question

I have Ubuntu 16.04. It has OpenSSL 1.0.2g. I need to use OpenSSL 1.1.0g. Note that OpenSSL 1.1.0g is installed in my other machine Ubuntu 18. But I need to run a python program in Ubuntu 16.04 but I need the specific OpenSSL 1.1.0g. I did:

sudo apt-get upgrade
sudo apt-get update

But OpenSSL in my Ubuntu machine did not get updated. How can I update it?

I use python socket, ssl modules to make TLS connection in port 443. Will python automatically recognizes OpenSSL 1.1.0g if I updated the old OpenSSL 1.0.2g to OpenSSL 1.1.0g?

The reason for upgrading OpenSSL is I need to run python program ssl socket but I need the program to use OpenSSL 1.1.0g.

When I tried:

sudo apt-get install openssl

and checks the OpenSSL version via: openssl version -a I get the old version OpenSSL 1.0.2g

How to get the new version OpenSSL 1.1.0g in my Ubuntu 14.06 machine please?

Answer 1

Why you couldn't get OpenSSL 1.1.0g working on Ubuntu 16.04 by just updating:

Your Ubuntu 18 has OpenSSL 1.1.0g because the version that is available on its repositories. Sometimes, it has more than one version of a package available on the repository system. But, it looks like Ubuntu 16.04 does not have the version you need available at all. That is why you weren't and you won't be able to get OpenSSL 1.1.0g working on Ubuntu 16.04 by just updating. The version available on the repositories is different.

And how to do it:

You either will need to install it manually or find a repository for Ubuntu 16.04 that make OpenSSL 1.1.0g available on the system. I am not sure there is a repository available, so if you want to install it manually do as it follows:

wget https://www.openssl.org/source/old/1.1.0/openssl-1.1.0g.tar.gz
tar xzvf openssl-1.1.0g.tar.gz
cd openssl-1.1.0g
./config
make
sudo make install

openssl version -a

That is it!

Warning.: By installing a new version of OpenSSL that is not available in the system, by default, you introduced a version that is not compatible with the updates made available by the maintenance of the system. You will need to take care of it yourself. Maybe, depending on your scenario, it is worth your while just use Ubuntu 18 that has the version of OpenSSL you need by default. It is the easiest and safest way to go.

Hope everything goes well. Good luck!

Answer 2

Here is how I installed the latest version of openssl from source code.

# Install make and packages required to compile the source code
apt-get install -y libfindbin-libs-perl build-essential

# Download source code
wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1k.tar.gz -O openssl.tar.gz

# Extract source code
tar -xf openssl.tar.gz

# Go to the source code folder
cd openssl-OpenSSL_1_1_1k

# Configure to compile it
./config --libdir=/usr/local/lib

# Compile with 4 parelel jobs
make -j 4

# Install compiled code
sudo make install

# Move older executable
sudo mv /usr/bin/openssl /usr/bin/openssl-1.0.2g

# Create soft symbolic link to the newer version of openssl
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl

# Make visible the new libraries installed at /usr/local/lib
sudo ldconfig