본문 바로가기

리눅스

Ubuntu에서 OpenSSL을 최신 버전으로 업그레이드하는 방법

728x90

Ubuntu에서 OpenSSL을 최신 버전으로 업그레이드하는 방법

openssl - SSL(Secure Socket Layer) 암호화 라이브러리 및 도구

테스트 환경

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

openssl 버전 및 지원 프로토콜 확인

openssl version
$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl ciphers -v | awk '{print $2}' | sort | uniq
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3
sudo apt list openssl
$ sudo apt list openssl
Listing... Done
openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
sudo apt list libssl3
$ sudo apt list libssl3
Listing... Done
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed,automatic]
N: There is 1 additional version. Please use the '-a' switch to see it

openssl 패키지 업그레이드

설치 가능한 패키지 리스트를 최신화

sudo apt update

openssl 컴파일에 필요한 패키지 설치

sudo apt install -y build-essential checkinstall zlib1g-dev

openssl 다운로드

wget https://github.com/openssl/openssl/archive/refs/tags/openssl-3.0.7.tar.gz

openssl 압축 해제 및 디렉터리 이동

tar xfz openssl-3.0.7.tar.gz
cd openssl-openssl-3.0.7
728x90

openssl 설치 및 컴파일

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib

o1

make

o2

make install

o3

라이브러리(libraries) 구성

echo "/usr/local/openssl/lib64" >> /etc/ld.so.conf.d/openssl.conf
sudo ldconfig
$ ldconfig -v | grep openssl
/sbin/ldconfig.real: Can't stat /usr/local/lib/x86_64-linux-gnu: No such file or directory
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from /etc/ld.so.conf.d/x86_64-linux-gnu.conf:4 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib' given more than once
(from <builtin>:0 and <builtin>:0)
/usr/local/openssl/lib64: (from /etc/ld.so.conf.d/openssl.conf:1)
/sbin/ldconfig.real: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 is the dynamic linker, ignoring

        libxmlsec1-openssl.so.1 -> libxmlsec1-openssl.so.1.2.33

openssl 바이너리 구성

  • 백업
$ ls -l /usr/bin/c_rehash 
-rwxr-xr-x 1 root root 6963 Oct 28 02:06 /usr/bin/c_rehash
$ ls -l /usr/bin/openssl 
-rwxr-xr-x 1 root root 1001272 Oct 28 02:06 /usr/bin/openssl
mv /usr/bin/c_rehash /usr/bin/c_rehash.bk
mv /usr/bin/openssl /usr/bin/openssl.bk

환경변수(/etc/environment) 등록

  • /usr/local/openssl/bin 추가
vim /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin"
source /etc/environment
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin

신규 버전 및 지원 프로토콜 확인

$ which openssl
/usr/local/openssl/bin/openssl
openssl version
$ openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3

 

참고URL

- USN-5710-1: OpenSSL vulnerabilities : https://ubuntu.com/security/notices/USN-5710-1

- Ubuntu openssl pakage : https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2

- howtoforge : https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/

- 우분투(Ubuntu 22.04 LTS)에 OpenSSL(openssl-1.1.1) 설치하기 : https://scbyun.com/1230

 

728x90