728x90
우분투에 OpenSSL을 최신 버전으로 업그레이드하는 방법
OpenSSL - SSL(Secure Socket Layer) 암호화 라이브러리 및 도구
테스트 환경
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
현재 설치된 OpenSSL 버전 및 지원 프로토콜 확인
openssl version
$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl ciphers -v | awk '{print $2}' | sort | uniq
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3
sudo apt list openssl
$ sudo apt list openssl
Listing... Done
openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
sudo apt list libssl3
$ sudo apt list libssl3
Listing... Done
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed,automatic]
N: There is 1 additional version. Please use the '-a' switch to see it
OpenSSL 패키지 업그레이드
설치 가능한 패키지 리스트를 최신화
sudo apt update
필요한 패키지 설치
sudo apt install -y build-essential checkinstall zlib1g-dev
OpenSSL 소스 코드 다운로드
wget https://github.com/openssl/openssl/archive/refs/tags/openssl-3.0.7.tar.gz
다운로드한 파일 압축 해제
tar xfz openssl-3.0.7.tar.gz
디렉터리 이동
cd openssl-openssl-3.0.7
728x90
OpenSSL 컴파일 및 설치
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
sudo make install
라이브러리(libraries) 경로 설정
OpenSSL 라이브러리 경로를 설정합니다. 이를 위해 /etc/ld.so.conf.d/ 디렉토리에 새로운 설정 파일을 만듭니다.
echo "/usr/local/openssl/lib64" >> /etc/ld.so.conf.d/openssl.conf
sudo ldconfig
$ ldconfig -v | grep openssl
/sbin/ldconfig.real: Can't stat /usr/local/lib/x86_64-linux-gnu: No such file or directory
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from /etc/ld.so.conf.d/x86_64-linux-gnu.conf:4 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib' given more than once
(from <builtin>:0 and <builtin>:0)
/usr/local/openssl/lib64: (from /etc/ld.so.conf.d/openssl.conf:1)
/sbin/ldconfig.real: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 is the dynamic linker, ignoring
libxmlsec1-openssl.so.1 -> libxmlsec1-openssl.so.1.2.33
심볼릭 링크 업데이트
시스템에서 새로운 OpenSSL 버전을 사용하도록 심볼릭 링크를 업데이트합니다.
sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.bk
sudo mv /usr/bin/openssl /usr/bin/openssl.bak
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
환경 변수(/etc/environment) 등록
/usr/local/openssl/bin 추가
vim /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin"
source /etc/environment
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin
신규 OpenSSL 버전 확인 및 지원 프로토콜 확인
which openssl
$ which openssl
/usr/local/openssl/bin/openssl
openssl version
$ openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3
참고URL
- USN-5710-1: OpenSSL vulnerabilities : https://ubuntu.com/security/notices/USN-5710-1
- Ubuntu openssl pakage : https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2
- howtoforge : https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/
- 우분투(Ubuntu 22.04 LTS)에 OpenSSL(openssl-1.1.1) 설치하기 : https://scbyun.com/1230
728x90
'리눅스' 카테고리의 다른 글
[draft] Shell 스크립트 if 조건문 (0) | 2022.11.14 |
---|---|
[draft] Shell 스크립트 for 반복문 (0) | 2022.11.14 |
Ansible을 위한 기본 Bash 완성을 설치하는 방법 (0) | 2022.11.07 |
[리눅스] watchdog: BUG: soft lockup - CPU#0 stuck for 63s! (0) | 2022.11.07 |
[Ansible] ansible 팩트변수, 매직변수 (0) | 2022.11.07 |