Openssl upgrade from source [closed]
I have upgraded the openssl version on my server to the latest version of openssl but the libraries that the reverse proxy server is using is pointing to .
strings /usr/lib64/libssl.so.10 | grep "^OpenSSL "
OpenSSL 1.0.1e-fips 11 Feb 2013
Where as when i type command
openssl version
it shows
[root@newreverseproxy openssl-1.0.2]# openssl version
OpenSSL 1.0.2 22 Jan 2015
I need my reverse proxy server nginx to use the up to date version of OpenSSL would really appreciate if some one could help me up with it .
Solution 1:
the 'problem' is that your ngnix is linked against a particular verion of libssl (libssl.so.10) ... your newly compiled libssl has a different version. Run
ldd `which openssl`
to see which version it is ...
In order for ngnix to use the new version of libssl
you have to recompile ngnix
as well.
Another option you have is to compile openssl-1.0.1l.tar.gz
, which is the latest version of the 1.0.1 line of the software. The resulting libssl
will be compatible with 1.0.1e and can be readily used by your existing ngnix
binary.
If you are replacing libssl with a newer version, note that this is a rather 'risky' business since many applications use libssl, so better be sure that it works, or many programs may fail to even start.
A nice way to just replace libssl for ngnix
, is to install the new libssl
into an alternate directroy and then start ngnix
with the environment variable LD_LIBRARY_PATH
pointing to the new directory. Just make sure the newly compiled library is called exactly the same as the one you find when running ldd
on ngnix
export LD_LIBRARY_PATH=/usr/local/new-libssl/lib
ngnix -whatever-options-you-want