본문 바로가기

리눅스

[draft] 우분투에 OpenSSL을 최신 버전으로 업그레이드하는 방법

728x90

우분투에 OpenSSL을 최신 버전으로 업그레이드하는 방법

OpenSSL - SSL(Secure Socket Layer) 암호화 라이브러리 및 도구

테스트 환경

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

현재 설치된 OpenSSL 버전 및 지원 프로토콜 확인

openssl version
$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl ciphers -v | awk '{print $2}' | sort | uniq
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3
sudo apt list openssl
$ sudo apt list openssl
Listing... Done
openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
sudo apt list libssl3
$ sudo apt list libssl3
Listing... Done
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.7 amd64 [installed,automatic]
N: There is 1 additional version. Please use the '-a' switch to see it

OpenSSL 패키지 업그레이드

설치 가능한 패키지 리스트를 최신화

sudo apt update

필요한 패키지 설치

sudo apt install -y build-essential checkinstall zlib1g-dev

OpenSSL 소스 코드 다운로드

wget https://github.com/openssl/openssl/archive/refs/tags/openssl-3.0.7.tar.gz

다운로드한 파일 압축 해제

tar xfz openssl-3.0.7.tar.gz

디렉터리 이동

cd openssl-openssl-3.0.7
728x90

OpenSSL 컴파일 및 설치

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib

openssl

make

openssl

sudo make install

openssl

라이브러리(libraries) 경로 설정

OpenSSL 라이브러리 경로를 설정합니다. 이를 위해 /etc/ld.so.conf.d/ 디렉토리에 새로운 설정 파일을 만듭니다.

echo "/usr/local/openssl/lib64" >> /etc/ld.so.conf.d/openssl.conf
sudo ldconfig
$ ldconfig -v | grep openssl
/sbin/ldconfig.real: Can't stat /usr/local/lib/x86_64-linux-gnu: No such file or directory
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from /etc/ld.so.conf.d/x86_64-linux-gnu.conf:4 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
(from <builtin>:0 and /etc/ld.so.conf.d/x86_64-linux-gnu.conf:3)
/sbin/ldconfig.real: Path `/usr/lib' given more than once
(from <builtin>:0 and <builtin>:0)
/usr/local/openssl/lib64: (from /etc/ld.so.conf.d/openssl.conf:1)
/sbin/ldconfig.real: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 is the dynamic linker, ignoring

        libxmlsec1-openssl.so.1 -> libxmlsec1-openssl.so.1.2.33

심볼릭 링크 업데이트

시스템에서 새로운 OpenSSL 버전을 사용하도록 심볼릭 링크를 업데이트합니다.

sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.bk
sudo mv /usr/bin/openssl /usr/bin/openssl.bak
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl

환경 변수(/etc/environment) 등록

/usr/local/openssl/bin 추가

vim /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin"
source /etc/environment
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/openssl/bin

신규 OpenSSL 버전 확인 및 지원 프로토콜 확인

which openssl
$ which openssl
/usr/local/openssl/bin/openssl
openssl version
$ openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3

 

참고URL

- USN-5710-1: OpenSSL vulnerabilities : https://ubuntu.com/security/notices/USN-5710-1

- Ubuntu openssl pakage : https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2

- howtoforge : https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/

- 우분투(Ubuntu 22.04 LTS)에 OpenSSL(openssl-1.1.1) 설치하기 : https://scbyun.com/1230

 

728x90