A guide to upgrading OpenSSL

Step 1: Check the Current OpenSSL Version
Before upgrading, verify your current version:

openssl version

This will show the installed version of OpenSSL.

Step 2: Update the Package Repository (For Prepackaged Updates)
If your distribution provides an updated version of OpenSSL, run:

sudo apt update
sudo apt upgrade openssl

If this updates OpenSSL to your desired version, skip to Step 6. If not, proceed with a manual installation.

Step 3: Download the Latest OpenSSL Source Code
Visit the OpenSSL source page and download the latest stable version. Use the following command to download it directly:

wget https://www.openssl.org/source/openssl-[i]x.y.z[/i].tar.gz

Replace `x.y.z` with the version number (e.g., `1.1.1v`).

Step 4: Extract the Source Code
Unpack the downloaded archive:

tar -xvzf openssl-x.y.z.tar.gz
cd openssl-x.y.z

Step 5: Build and Install OpenSSL
Run the following commands to configure, build, and install OpenSSL:

./config
make
sudo make install

This will install OpenSSL in the default location, `/usr/local/ssl`.

Step 6: Update Links and Verify
To ensure the system uses the new version, update symbolic links and verify the installation:

sudo ldconfig
openssl version

The output should reflect the updated version.

Step 7: Restart Dependent Services
Restart any services that rely on OpenSSL to ensure they use the upgraded version. For example:

sudo systemctl restart apache2
sudo systemctl restart nginx

Optional: Remove Old Versions
If you no longer need the old version, consider removing it to avoid conflicts:

sudo apt remove openssl

(Be careful to avoid removing essential packages unintentionally.)