bibaramCentOS 6 / CentOS 7 OpenSSL 업데이트 하기
하루 오류가 많아서 기억하려고... 암튼 업데이트 기억 남기자. OpenSSL
리눅스를 처음 설치후...버전 확인해 보면.
[root@bibaram ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
yum이 지원 하는 지 확인해 보자
[root@bibaram ~]# yum info openssl Loaded plugins: fastestmirror, langpacks, priorities Loading mirror speeds from cached hostfile * base: mirror.fibergrid.in * extras: mirror.fibergrid.in * updates: mirror.fibergrid.in Installed Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 60.el7 Size : 1.5 M Repo : installed From repo : base Summary : Utilities from the general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols. Available Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 60.el7_3.1 Size : 713 k Repo : updates/7/x86_64 Summary : Utilities from the general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols.
이게 최신 이네 -_-;;;
그럼 수동설치 가자
[root@bibaram ~]# cd /usr/src [root@bibaram src]# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz --2017-02-28 11:16:53-- https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz Resolving www.openssl.org (www.openssl.org)... 104.108.216.207, 2600:140f:b:184::c1e, 2600:140f:b:186::c1e Connecting to www.openssl.org (www.openssl.org)|104.108.216.207|:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://www.openssl.org/source/openssl-1.0.2k.tar.gz [following] --2017-02-28 11:16:55-- https://www.openssl.org/source/openssl-1.0.2k.tar.gz Reusing existing connection to www.openssl.org:443. HTTP request sent, awaiting response... 200 OK Length: 5309236 (5.1M) [application/x-gzip] Saving to: ‘ openssl-1.0.2-latest.tar.gz’ 100%[=============================================================> ] 53,09,236 319KB/s in 15s 2017-02-28 11:17:09 (353 KB/s) - ‘ openssl-1.0.2-latest.tar.gz’ saved [5309236/5309236] 다운받은 파일 압축 풀고 / 설치 [root@bibaram src]# tar -zxf openssl-1.0.2-latest.tar.gz [root@bibaram src]# cd openssl-1.0.2k/ [root@bibaram openssl-1.0.2k]# ./config Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring for linux-x86_64 no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-gmp [default] OPENSSL_NO_GMP (skip dir) no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 . . make[1]: Leaving directory `/usr/src/openssl-1.0.2k/test' Configured for linux-x86_64.
다음은 make
[root@bibaram openssl-1.0.2k]# make making all in crypto... make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' /usr/bin/perl ../util/mkbuildinf.pl " gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM" " linux-x86_64" > buildinf.h . . make[1]: Entering directory `/usr/src/openssl-1.0.2k/tools' make[1]: Nothing to be done for `all' . make[1]: Leaving directory `/usr/src/openssl-1.0.2k/tools' [root@bibaram openssl-1.0.2k]# make 잘 되었으면 확인해 보자.. [root@bibaram openssl-1.0.2k]# make test testing... make[1]: Entering directory `/usr/src/openssl-1.0.2k/test' make[2]: Entering directory `/usr/src/openssl-1.0.2k' making all in apps... make[3]: Entering directory `/usr/src/openssl-1.0.2k/apps' make[3]: Nothing to be done for `all' . make[3]: Leaving directory `/usr/src/openssl-1.0.2k/apps' make[2]: Leaving directory `/usr/src/openssl-1.0.2k' ../util/shlib_wrap.sh ./destest . . -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: " /usr/local/ssl"
다음은 install
[root@bibaram openssl-1.0.2k]# make install making all in crypto... make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' making all in crypto/objects... make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/objects' make[2]: Nothing to be done for `all' . make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/objects' making all in crypto/md4... make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/md4' make[2]: Nothing to be done for `all' . make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/md4' making all in crypto/md5... . . cp openssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
이전꺼는 백업 하고....
[root@bibaram openssl-1.0.2k]# mv /usr/bin/openssl /root/ [root@bibaram openssl-1.0.2k]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
버전 확인
[root@bibaram openssl-1.0.2k]# openssl version OpenSSL 1.0.2k 26 Jan 2017
완료다.... 그나마..
PS : SSLCipherSuite 설정은 여기서 https://ssl-config.mozilla.org/
