OpenSSL下载地址

现有版本

[root@localhost ~]# cat /etc/redhat-release

CentOS Linux release 7.5.1804 (Core)

[root@localhost ~]# uname -r

3.10.0-862.11.6.el7.x86_64

[root@localhost ~]# openssl version -v

OpenSSL 1.0.2k-fips 26 Jan 2017

升级到新版本

[root@localhost software]# tar xf openssl-1.1.1.tar.gz

[root@localhost software]# cd openssl-1.1.1/

[root@localhost openssl-1.1.1]# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl enable-ec_nistp_64_gcc_128

Operating system: x86_64-whatever-linux2

Configuring OpenSSL version 1.1.1 (0x1010100fL) for linux-x86_64

Using os-specific seed configuration

Creating configdata.pm

Creating Makefile

**********************************************************************

*** ***

*** If you want to report a building issue, please include the ***

*** output from this command: ***

*** ***

*** perl configdata.pm --dump ***

*** ***

**********************************************************************

# enable-ec_nistp_64_gcc_128可以让我们使用优化后的一些常用的椭圆曲线算法，这个优化基于编译器的一些特性，默认情况下会关闭这些特性，而且无法自动检测。

[root@localhost openssl-1.1.1]# make

[root@localhost openssl-1.1.1]# make install

[root@localhost openssl-1.1.1]# mv /usr/bin/openssl /usr/bin/openssl.bak

[root@localhost openssl-1.1.1]# mv /usr/include/openssl /usr/include/openssl.bak

[root@localhost openssl-1.1.1]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl

[root@localhost openssl-1.1.1]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

[root@localhost openssl-1.1.1]# ldd $(which openssl)

linux-vdso.so.1 => (0x00007ffe2b391000)

libssl.so.1.1 => not found

libcrypto.so.1.1 => not found

libz.so.1 => /lib64/libz.so.1 (0x00007f709695e000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f709675a000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f709653e000)

libc.so.6 => /lib64/libc.so.6 (0x00007f7096171000)

/lib64/ld-linux-x86-64.so.2 (0x00007f70972eb000)

[root@localhost openssl-1.1.1]# echo "/usr/local/openssl/lib/" >> /etc/ld.so.conf

[root@localhost openssl-1.1.1]# ldconfig

[root@localhost openssl-1.1.1]# ldd $(which openssl)

linux-vdso.so.1 => (0x00007fff082be000)

libssl.so.1.1 => /usr/local/openssl/lib/libssl.so.1.1 (0x00007fdd78f88000)

libcrypto.so.1.1 => /usr/local/openssl/lib/libcrypto.so.1.1 (0x00007fdd78a82000)

libz.so.1 => /lib64/libz.so.1 (0x00007fdd7886c000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007fdd78668000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdd7844c000)

libc.so.6 => /lib64/libc.so.6 (0x00007fdd7807f000)

/lib64/ld-linux-x86-64.so.2 (0x00007fdd79219000)

[root@localhost openssl-1.1.1]# openssl version -a

OpenSSL 1.1.1 11 Sep 2018

built on: Sat Oct 20 07:24:19 2018 UTC

platform: linux-x86_64

options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)

compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG

OPENSSLDIR: "/usr/local/openssl"

ENGINESDIR: "/usr/local/openssl/lib/engines-1.1"

Seeding source: os-specific

/lib /lib64是内核级的

/usr/lib /usr/lib64是系统级的

/usr/local/lib /usr/local/lib64是用户级的