[Ubuntu >=12.04] How to install Openssl 1.1.1a

Info

• OpenSSL StandAlone latest version: 1.1.1a (11/11/2018) -> TLSv1.3
• Ubuntu 10.04 latest version: 0.9.8 (19/3/2015) -> TLSv1.0
• Ubuntu 12.04 latest version: 1.0.1 (30/01/2017) -> TLSv1.2
• Ubuntu 14.04 latest version: 1.0.1f (04/12/2018) -> TLSv1.2
• Ubuntu 16.04 latest version: 1.0.2g (04/12/2018) -> TLSv1.2
• Ubuntu 18.04 latest version: 1.1.0g (05/12/2018) -> TLSv1.2

Install

https://websiteforstudents.com/manually-install-the-latest-openssl-toolkit-on-ubuntu-16-04-18-04-lts/

sudo apt-get install -y zlib1g-dev checkinstall build-essential
wget ftp://openssl.org/source/openssl-1.1.1a.tar.gz
tar -xvzf openssl*.tar.gz
cd openssl*
sudo ./config -Wl,--enable-new-dtags \
    --debug \
    --prefix=/usr/local \
    --libdir=/lib \
    --openssldir=/usr/local/ssl && \
    make && sudo make install

PS: that .config synxtax will fix error openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory. Reference: https://github.com/openssl/openssl/issues/3993

After that the version of OpenSSL you downloaded should be installed on the directory /usr/local/ssl.

Ubuntu default OpenSSL version is installed in the /usr/lib/ssl and it’s where apps that need to use SSL look by default

You’ll need to reference the version you installed.

Run the commands below option Ubuntu default man page

sudo nano /etc/manpath.config

Then add the following:

MANPATH_MAP     /usr/local/ssl/bin      /usr/local/ssl/man

Then run the commands below to update the manual database…

sudo mandb

You can also update the execution path to include the new location for OpenSSL. run the commands below to open Ubuntu environment configuration file.

sudo nano /etc/environment

Then add the /usr/local/ssh/bin as shown in the line below…. Use the exact path as shown…

PATH="/usr/local/sbin:/usr/local/bin:/usr/local/ssl/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Next steps:

echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
cat /etc/ld.so.conf
sudo ldconfig
echo 'export LD_LIBRARY_PATH=/usr/local/lib' >> ~/.bashrc
openssl version

Reboot

TLS Support

• TLSv1.2 has been the recommended version for IETF protocols since 2008
• The OpenSSL 1.1.1 release includes support for TLSv1.3.
• The OpenSSL 1.0.1 release includes support for TLSv1.1 and TLSv1.2.
• Openssl versions till 1.0.0h supports SSLv2, SSLv3 and TLSv1.0
• 1.0.1s and 1.0.2g up (March 2016) 'disable' SSLv2 (omit from builds) by default but ./Configure can add it back.
• 1.1.0 base up (Aug. 2016) drops the code for SSLv2 entirely (can't add back) and disables SSLv3 by default.
• June 30, 2018 => On that date all remaining python.org sites, including PyPI, will no longer support TSL 1.0 and 1.1. Older Python versions that do not implement TLSv1.2 will be prohibited from accessing PyPI.

How to check Python interpreter's TLS version,

install the "requests" package (Python 2)

python -m pip install --upgrade requests

install the "requests" package (Python 3)

python3 -m pip install --upgrade requests

Run a command (Python2)

python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"

Run a command (Python3)

python3 -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"

If you see "TLS 1.2", your interpreter's TLS is up to date. If you see "TLS 1.0" or an error like "tlsv1 alert protocol version", then you must upgrade. ↩

TLS 1.1 Deprecation

• Atlassian will be disabling support for Transport Layer Security (TLS) v1 and v1.1, effective December 1, 2018.
• Digication will be disabling support for Transport Layer Security (TLS) v1 and v1.1, effective March 1, 2019.