Openssl upgrade from source [closed]

I have upgraded the openssl version on my server to the latest version of openssl but the libraries that the reverse proxy server is using is pointing to .

  strings /usr/lib64/libssl.so.10 | grep "^OpenSSL "

  OpenSSL 1.0.1e-fips 11 Feb 2013

Where as when i type command

openssl version

it shows

   [root@newreverseproxy openssl-1.0.2]# openssl version   
   OpenSSL 1.0.2 22 Jan 2015

I need my reverse proxy server nginx to use the up to date version of OpenSSL would really appreciate if some one could help me up with it .


Solution 1:

the 'problem' is that your ngnix is linked against a particular verion of libssl (libssl.so.10) ... your newly compiled libssl has a different version. Run

ldd `which openssl`

to see which version it is ...

In order for ngnix to use the new version of libssl you have to recompile ngnix as well.

Another option you have is to compile openssl-1.0.1l.tar.gz, which is the latest version of the 1.0.1 line of the software. The resulting libssl will be compatible with 1.0.1e and can be readily used by your existing ngnix binary.

If you are replacing libssl with a newer version, note that this is a rather 'risky' business since many applications use libssl, so better be sure that it works, or many programs may fail to even start.

A nice way to just replace libssl for ngnix, is to install the new libssl into an alternate directroy and then start ngnix with the environment variable LD_LIBRARY_PATH pointing to the new directory. Just make sure the newly compiled library is called exactly the same as the one you find when running ldd on ngnix

export LD_LIBRARY_PATH=/usr/local/new-libssl/lib
ngnix -whatever-options-you-want