Join Log in
Score:1
Sevim avatar Ubuntu

How to upgrade OpenSSL to the latest version in Ubuntu 20.04.5 LTS

at flag
Sevim

I was wondering if someone could help with the below:

I am trying to install OpenVPN in mu Ubuntu 20.04 laptop but I get the error: openssl version too old. I run openssl version it says is OpenSSL 1.1.1f 31 Mar 2020. I have then downloaded and installed openssl-3.0.8 from https://www.openssl.org/source/ but when I check the version, I still get OpenSSL 1.1.1f 31 Mar 2020.

I believe I will not be able to install OpenVPN until I don't fix this. Why am I not able to use the latest version of OpenSSL I have installed?

Thanks!

2579
2 + 3
Pilot6 avatar
cn flag
Pilot6
How are you trying to install openvpn? Did you run `sudo apt install openvpn`?
2
Reply
Organic Marble avatar
us flag
Organic Marble
Don't download openvpn from somewhere else or add a ppa for it. Install the version from the Ubuntu repos. The approach you are trying will only bring you pain.
1
Reply
MSpreij avatar
us flag
MSpreij
Not an answer as such hence the comment.. It's possible your $PATH is set up such that it still finds the older version first. Try `type -a openssl` and see if there are multiple versions. If there are you can disable something or move them or ..
0
Reply
Score:0
user535733 avatar Ubuntu
cn flag
user535733

OpenVPN and ALL dependencies are in the Ubuntu repositories.

You do NOT need to add PPAs or any new sources. You can if you really want to, but then their maintenance and troubleshooting is your responsibility.

Simply sudo apt install openvpn

Bolting newer versions of software onto an older Ubuntu system is a classic new-user mistake. Folks who do that might not fully understand how security in Ubuntu works.

The versions of OpenVPN, OpenSSL, and other dependencies in the Ubuntu 20.04 repositories may look old, but don't be fooled by that appearance. Under the hood, they receive the same security patches as newer versions until 2025. It's safe to use.

+ 5
Jon avatar
bo flag
Jon
While the final paragraph may be technically true, it doesn't mean that the version of OpenSSL isn't "old" -- it's just that it's currently deemed to be "safe". However, there will be much newer versions of OpenSSL available, that may be beneficial for various reasons, but which you can't get simply by using default apt repositories. i.e. With all patches currently applied to an Ubuntu 20.04.6 LTS system (June 2023), the version of OpenSSL on the system in `openssl version > OpenSSL 1.1.1f 31 Mar 2020` -- Even though there are much newer versions of OpenSSL available
0
Reply
user535733 avatar
cn flag
user535733
@Jon while true that newer packages may be beneficial for some, it's also addressed in the fourth paragraph: Bolting a newer wrong-version package onto an older release of Ubuntu is generally a Bad Idea for non-experts, which the OP seems to be.
0
Reply
Jon avatar
bo flag
Jon
@ user535733 while this may also be true, it doesn't change the fact that said packages, are not, in fact "new" -- they are indeed "old" (by a couple years). It simply just depends on what the needs are, especially when it comes to OpenSSL. As an example, the version of OpenSSL shipped with U20 (1.1.1f) simply will not connect out of the box to some services running default config (such as MS SQL server), and require either openssl.cnf modifications, or an upgrade to a newer version, which will simply not occur via apt upgrades unless a major critical security vulnerability is found in 1.1.1f.
0
Reply
user535733 avatar
cn flag
user535733
@Jon are you quibbling about the phrase "*may look old, but don't be fooled by that appearance*?" If so, please offer a better phrasing. I think I understand what you are tried to say twice; I just don't see the relevance to the question that was asked.
0
Reply
Jon avatar
bo flag
Jon
@ user535733 As I said initially, my issue was with the 4th paragraph. If it would have read, "The versions of OpenVPN, OpenSSL, and other dependencies in the Ubuntu 20.04 repositories may be old, but they're still safe to use. The Ubuntu team updates all OS components thru 2025 as required if security vulnerabilities are discovered." The relevance to the question comes in the fact that the user may be looking to update OpenSSL for non-security reasons, such as compatibility or features that are broken in 1.1.1f (the version shipped with U20)
0
Reply
Score:0
xinthose avatar Ubuntu
de flag
xinthose

OpenSSL is included with OpenVPN, so update your version of OpenVPN to the latest for your version of Ubuntu. I follow the guide here.

sudo -s
curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/openvpn-repo-public.gpg
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/2.6 focal main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
apt-get update && apt-get install openvpn
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.