I have been running a production server with Ubuntu 18 installed. Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that my server is communicating at TLSv1.0, TLSv1.1, TLSv1.2 protocols, I assume that the firewall setting is allowing communication with the server on TLSv1.3 protocol only.
As Ubuntu 18 is shipped with OpenSSL version 1.1.0, and to make server support TLS v1.3 I have to upgrade OpenSSL to version 1.1.1 which is the latest one.
As this is a production server running nginx server, I don't want to directly try anything on the server.
root@energy-prod:~# nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
What is the best way to upgrade OpenSSL to v1.1.1 without disturbing any other settings of the server?
NOTE: As of ~August 2019, openSSL 1.1.1 should be available for installation via normal package upgrades/installations for 18.04. Or, you can download the .deb package directly from here.
According to the OpenSSL website:
Since this is not in the current Ubuntu repositories, you will need to download, compile, and install the latest OpenSSL version manually.
Below are the instructions to follow:
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gztar -zxf openssl-1.1.1g.tar.gz && cd openssl-1.1.1g./config.make(You may need to runsudo apt install make gccbefore running this command successfully).make testto check for possible errors.sudo mv /usr/bin/openssl ~/tmpsudo make install.sudo ldconfigto update symlinks and rebuild the library cache.Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.
Again, from the terminal issue the command:
Your output should be as follows: