Hello Techies,
Am running a webserver which is using openssl 3.2.2, however this version on openssl has been flagged for security vulnerability (CVE-2024-9143). I have tried to upgrade via the online repo using “yum upgrade openssl” with no joy!
What do you suggest?
Upgrading OpenSSL using yum might not always be possible due to several reasons:
- Repository Availability: The version you want to upgrade to (3.4.0) might not be available in the CentOS repositories. Package maintainers need time to test and ensure compatibility with the system before adding new versions to the repositories.
- Compatibility and Stability: Newer versions of OpenSSL might introduce changes that could affect system stability or compatibility with other software. Package maintainers often prioritize stability and may delay adding newer versions until they are thoroughly tested.
- Major vs. Minor Releases: OpenSSL 3.4.0 might include significant changes from 3.2.2, which could require recompilation of dependent applications. This is more complex than a simple minor version upgrade and might not be handled automatically by
yum. - Custom Configurations: If your system has custom configurations or dependencies, upgrading via
yummight not respect these customizations, leading to potential conflicts or issues.
In this case, your option is to try and install from source code (https://github.com/openssl/openssl/releases) , this allows you to:
- Control the Installation Path: You can specify where the new version is installed, avoiding conflicts with the existing version.
- Customize Build Options: You can enable or disable specific features according to your needs.
- Immediate Access: You can install the latest version without waiting for it to be available in the repositories.
Installing OpenSSL 3.4 from source code while you already have OpenSSL 3.2.2 installed can potentially cause conflicts, especially if both versions are installed in the same directories. Here are some steps to help you avoid conflicts:
1.) Download and Extract the Source Code:
# wget https://www.openssl.org/source/openssl-3.4.0.tar.gz
# tar -xzvf openssl-3.4.0.tar.gz
# cd openssl-3.4.0
2.) Configure the Build: Configure the installation to a different directory to avoid overwriting the existing OpenSSL installation:
# ./config –prefix=/usr/local/openssl-3.4
3.) Compile and Install:
# make
# sudo make install
4.) Update the System to Use the New Version: Update your environment variables to use the new OpenSSL version:
# export PATH=/usr/local/openssl-3.4/bin:$PATH
# export LD_LIBRARY_PATH=/usr/local/openssl-3.4/lib:$LD_LIBRARY_PATH
5.) Verify the Installation: Check the installed version to ensure it’s correctly set up:
# openssl version
By installing OpenSSL 3.4 in a separate directory and updating your environment variables, you can avoid conflicts with the existing OpenSSL installation.