Upgrading OpenSSL on Debian 6 (squeeze) or Ubuntu 8.04 (hardy)

The Problem on the long term ubuntu 8.04 and the current stable debian is that they ship the old OpenSSL 0.9.8o With that I wasn’t able to compile the new apache 2.4.1 with all the SSL features I want. Downloading the OpenSSL source and just configure make make install didn’t help at all.

checking whether to enable mod_ssl... checking dependencies 
 checking for OpenSSL... checking for user-provided OpenSSL base directory... none 
 checking for OpenSSL version >= 0.9.7... FAILED 
 configure: WARNING: OpenSSL version is too old 
 no 
 checking whether to enable mod_ssl... configure: error: mod_ssl has been requested but can not be built due to prerequisite failures 
 mario@h2020668:~/apache24/httpd-2.4.1$ openssl version 
 OpenSSL 0.9.8o 01 Jun 2010

The only thing that helped was to use the unix config script plus the right prefix plus the shared option

wget http://openssl.org/source/openssl-1.0.1.tar.gz 
 tar xfz openssl-1.0.1.tar.gz 
 cd openssl-* 
 ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared 
 make 
 sudo make install

 

Debian is very fine, but sometimes it sucks because of the lag of new software versions

11 thoughts on “Upgrading OpenSSL on Debian 6 (squeeze) or Ubuntu 8.04 (hardy)

  1. Nag them, this was why the huge push by Stefan to get 2.4 out, so it could make it into the shiny new Debian. They should keep it more up to date, especially since this will eventually be the better way to mitigate the BEAST.

  2. Debian has PHP 5.4 and Apache 2.4 in experimental, but not libapache2-mod-fcgid nor libapache2-mod-php so I can’t really test it. I’m not sure why upgraded several of the Apache modules, PHP and Apache itself, and not any way to use PHP with Apache 2.4.

  3. “apt-get install libssl-dev” should fix the “WARNING: OpenSSL version is too old” error – at least it did it in my case.

    maybe it helps… :)

  4. Thanks for this page.

    I’ve just used it for the for the ‘heartbleed’ update.
    Just changed the the source url before using the wget command.

    Thanks!

  5. Pingback: Upgrade openssl-1.0.1 on Debian 6

Leave a Reply

Your email address will not be published. Required fields are marked *