linux——openssl升级

Linux服务器openssl版本过低有漏洞，需要做升级。升级步骤如下：

1.查看openssl版本

[root@localhost sshupgrade]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

2.下载指定版本的openssl软件

下载网址：https://www.openssl.org/source/下载，后面的版本号换为最新的版本号。

wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz

我这里Linux命令下载的时候出现了域名解析失败，于是我就换了一种方式。

先下载到本地。

然后通过winscp上传到Linux。


然后解压

[root@localhost sshupgrade]# tar -zxvf openssl-1.1.1k.tar.gz 

3.编译安装

[root@localhost sshupgrade]# cd openssl-1.1.1k
[root@localhost openssl-1.1.1k]# ./config shared zlib
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************
[root@localhost openssl-1.1.1k]# make && make install

4.配置

[root@localhost openssl-1.1.1k]# mv /usr/bin/openssl /usr/bin/openssl.bak
mv：是否覆盖"/usr/bin/openssl.bak"? y
[root@localhost openssl-1.1.1k]# mv /usr/include/openssl /usr/include/openssl.bak
mv：是否覆盖"/usr/include/openssl.bak/openssl"? y
[root@localhost openssl-1.1.1k]#  find / -name openssl
/etc/pki/ca-trust/extracted/openssl
/usr/share/doc/man-pages-overrides-6.6.3/openssl
/usr/local/ssl/bin/openssl
/usr/local/ssl/include/openssl
/usr/local/ssl/include/openssl/openssl
/usr/local/share/doc/openssl
/usr/local/bin/openssl
/usr/local/include/openssl
/usr/lib64/openssl
/shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/include/openssl
/shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/apps/openssl
/shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/test/ossl_shim/include/openssl
/shenlan/sshupgrade/openssl-1.1.1k/include/openssl
/shenlan/sshupgrade/openssl-1.1.1k/apps/openssl
/shenlan/sshupgrade/openssl-1.1.1k/test/ossl_shim/include/openssl
/shenlan/sshupgrade/share/openssl-1.0.2k/include/openssl
/shenlan/sshupgrade/share/openssl-1.0.2k/apps/openssl
[root@localhost openssl-1.1.1k]# ln -s /usr/local/bin/openssl /usr/bin/openssl
[root@localhost openssl-1.1.1k]# ln -s /usr/local/include/openssl /usr/include/openssl
[root@localhost openssl-1.1.1k]# echo "/usr/local/lib64/" >> /etc/ld.so.conf
[root@localhost openssl-1.1.1k]# ldconfig
[root@localhost openssl-1.1.1k]# openssl version -a
OpenSSL 1.1.1k  25 Mar 2021
built on: Sun Apr 25 09:59:29 2021 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib64/engines-1.1"
Seeding source: os-specific

5.升级成功

[root@localhost openssl-1.1.1k]# openssl version
OpenSSL 1.1.1k  25 Mar 2021