Install OpenSSL version 3 in ubuntu 20.04

The default version in ubuntu focal fossa has seen end of life so Install OpenSSL version 3 in ubuntu 20.04 to avoid TLS initialization failed errors in apps.

Posted by sudo
OpenSSL version 3

Ubuntu 20.04 LTS (Focal Fossa) initially shipped with OpenSSL 1.1.1f, and while it has received security updates, it remains on the 1.1.1 series, which presents several issues.

OpenSSL 1.1.1 Series is Outdated

  • OpenSSL 1.1.1 reached End of Life (EOL) on September 11, 2023.
  • No further official support or security updates from the OpenSSL project.
  • Ubuntu backports some patches, but these are limited.

Ubuntu 20.04’s reliance on OpenSSL 1.1.1 is a major downside for security but also running OpenSSL 1.1.1 may cause compatibility problems when deploying modern applications.

I ran into a compatibility issue when I bundled Nextcloud linux client appimage in ubuntu 20.04 with default OpenSSL version which was 1.1.1.
I came to this conclusion after reading some nextcloud forums related to TLS initialization failed error.

Nextcloud TLS initialization error due to OpenSSL version

Check Installed OpenSSL Version and Path

openssl version -a
which openssl

You will notice the current version has seen end of life. Now we must download and build the new release manually since ubuntu 20.04 (focal fossa) does not have official support of openssl newer versions.

sudo apt update
sudo apt install build-essential checkinstall zlib1g-dev -y
wget https://github.com/openssl/openssl/releases/download/openssl-3.0.12/openssl-3.0.12.tar.gz
tar -xvf openssl-3.0.12.tar.gz
cd openssl-3.0.12
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make -j$(nproc)
sudo make install

There are newer versions of OpenSSL than 3.0.12. I have mentioned this version here since it was the one I installed, anyway you get the idea. I hope you have other build dependencies like cmake installed.

Add path to new OpenSSL 3

echo 'export LD_LIBRARY_PATH=~/openssl-3.0.12:$LD_LIBRARY_PATH' >> ~/.bashrc
source ~/.bashrc

Install OpenSSL 3 System-wide

If you need libcrypto.so.3 available globally which is the library responsible for cryptography. My build script still wasn’t sure about new OpenSSL files so I went a bit further and removed the old OpenSSL entirely.

ln -sf ~/openssl-3.0.12/libcrypto.so.3 ~/openssl-3.0.12/libcrypto.so
ln -sf ~/openssl-3.0.12/libssl.so.3 ~/openssl-3.0.12/libssl.so
sudo cp ~/openssl-3.0.12/libcrypto.so* /usr/lib/
sudo cp ~/openssl-3.0.12/libssl.so* /usr/lib/
sudo ldconfig
sudo mv /bin/openssl /bin/openssl.backup
sudo ln -s ~/openssl-3.0.12/openssl /bin/openssl

After double tapping, now forcing my build script to run it already with these variables for cmake, if its still not clear.

export OPENSSL_ROOT_DIR=~/openssl-3.0.12
export OPENSSL_LIBRARIES=~/openssl-3.0.12
export OPENSSL_INCLUDE_DIR=~/openssl-3.0.12/include
export LD_LIBRARY_PATH=~/openssl-3.0.12:$LD_LIBRARY_PATH

Since I was deploying an nextcloud application and Qt framework expects OpenSSL, you need to ensure that Qt finds libcrypto.so.3 and libssl.so.3 instead of the older OpenSSL 1.1.1.

Tags: