Install OpenSSL 3 on Debian 11 – Easy Upgrade Steps

By Posted on

Install OpenSSL 3 on Debian 11 - Easy Upgrade Steps

Install OpenSSL 3 on Debian 11 – Easy Upgrade Steps

In this guide, we want to show you how to Install OpenSSL 3 on Debian 11. OpenSSL is an Open Source toolkit that implements the protocols and algorithms required by the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols. The toolkit includes a general-purpose cryptographic API, and a full-featured command line utility, and uses an Apache-style license.

The version of OpenSSL available on Debian 11 is a bit old (V1.1) and some applications will give errors when compiling if it requires a newer release. So we want to show you how to install the latest release of OpenSSL on Debian 11 by using this guide provided by the Orcacore website.

To Install OpenSSL 3 Debian 11, log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Debian 11.

Install OpenSSL 3 on Debian 11

Install dependencies for OpenSSL 3

First, you need to update your local package index with the command below:

sudo apt update

Then, use the command below to install the dependencies for OpenSSL 3:

sudo apt install build-essential checkinstall zlib1g-dev -y

Download Latest OpenSSL

At this point, you need to visit the GitHub OpenSSL Releases page and get the latest release by using the wget command:

sudo wget https://github.com/openssl/openssl/releases/download/openssl-3.0.8/openssl-3.0.8.tar.gz

Then, extract your downloaded file by using the command below:

sudo tar xvf openssl-3.0.8.tar.gz

Next, navigate to your OpenSSL directory:

cd openssl-3.0*/

Build and Install OpenSSL 3 Debian 11

Now you can use the command below to configure OpenSSL:

./config
Install OpenSSL 3 Debian 11

Next, use the following commands to build OpenSSL 3.0:

# make
# make test
# make install

Update links and caches by using the command below:

sudo ldconfig

Then, update your system-wide OpenSSL configuration:

sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
EOF

Reload shell environment:

source /etc/profile.d/openssl.sh

Verify OpenSSL Installation on Debian 11

At this point, you have finished Upgrade and Install OpenSSL 3 on Debian 11. Now you can verify your OpenSSL installation by checking its version:

openssl version
**Output**
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

Conclusion

At this point, you have learned to Install OpenSSL 3 Debian 11or Upgrade OpenSSL on Debian 11. To install the latest OpenSSL on Debian 11, you must first install the required packages and download, build, and install the latest OpenSSL package on your server as shown in the above guide steps.

Hope you enjoy it. You may also like these articles:

How To Install OpenJDK 19 on Debian 11

Install Pritunl VPN Server and Client on Debian 11

Secure Alpine Linux Using CSF Firewall

LAMP Stack Installation on Ubuntu 24.04 for Beginners

FAQs

What is the default version of OpenSSL in Debian 11?

The version of OpenSSL available on Debian 11 is a bit old (V1.1).

How do I change or upgrade the OpenSSL version in Debian 11?

As you have seen in the above guide steps, you can easily download and install the latest OpenSSL from the source on Debian 11.

Where is OpenSSL installed in Debian?

The OpenSSL file is located under /usr/lib/ssl directory on Debian.

Where is OpenSSL 3 used?

OpenSSL 3 is used by most of the websites on the Internet to secure their traffic.

Alternative Solutions for Installing OpenSSL 3 on Debian 11

While the provided method of compiling from source is effective, it’s not always the most convenient, especially for those less familiar with manual compilation. Furthermore, manually compiled software requires diligent manual updates to ensure security and stability. Here are two alternative approaches to achieve the same goal of installing OpenSSL 3 on Debian 11, along with their explanations and code examples:

1. Using a Backports Repository

Debian backports provide newer versions of software packages for stable Debian releases. While not officially supported, they offer a relatively stable way to get newer packages without upgrading the entire operating system. Check if OpenSSL 3 is available in the Debian 11 backports repository.

Explanation:

Backports are essentially packages recompiled for an older Debian release. They are designed to be as compatible as possible with the stable system, reducing the risk of introducing conflicts.

Steps:

  1. Add the Backports Repository:

    First, you need to add the backports repository to your system’s package sources. Edit the /etc/apt/sources.list file (using sudo nano /etc/apt/sources.list, for example) and add the following line:

    deb http://deb.debian.org/debian bullseye-backports main contrib non-free

  2. Update Package Lists:

    Update the package lists to include the new repository:

    sudo apt update

  3. Install OpenSSL from Backports:

    Install OpenSSL 3 (or the newest version available) specifically from the backports repository. Use the -t option to target the bullseye-backports release:

    sudo apt install -t bullseye-backports openssl libssl-dev

  4. Verify Installation:

    Check the installed OpenSSL version:

    openssl version

Caveats:

  • Backports are not officially supported, although they are usually built with stability in mind.
  • Not all packages have backports available. The availability of OpenSSL 3 in backports depends on when this guide is being read.

2. Using a Third-Party Repository (e.g., a repository specifically for newer OpenSSL versions)

While not generally recommended due to potential security concerns, a carefully vetted third-party repository might offer a pre-built OpenSSL 3 package for Debian 11. This approach requires significant caution and research to ensure the repository is trustworthy.

Explanation:

Third-party repositories provide packages not included in the official Debian repositories. They can be useful for accessing software that is not yet available or has been updated more recently than in the official channels. However, adding external repositories increases the risk of installing malicious or unstable software.

Disclaimer: Use this method only if you are absolutely certain about the trustworthiness of the repository. Always verify the repository’s maintainer, security practices, and the integrity of the packages. We are not responsible for any issues arising from the use of third-party repositories.

Hypothetical Example (Repository Name Fictional – Do Not Use Without Verification!):

Let’s imagine, for illustrative purposes only, a fictional repository https://example.com/debian-openssl3. This URL and repository do not exist and are for demonstration only!

Steps:

  1. Add the Third-Party Repository:

    You would typically add the repository to your /etc/apt/sources.list.d/ directory. Create a new file, for example, openssl3.list, and add the repository entry:

    sudo nano /etc/apt/sources.list.d/openssl3.list

    Add the following line (adjusting the distribution name if necessary, and replacing the URL with the actual, verified URL of the repository):

    deb https://example.com/debian-openssl3 bullseye main

    Important: Some repositories require you to add a GPG key to verify the authenticity of the packages. Consult the repository’s documentation for instructions on adding the key. This usually involves downloading the key with wget and adding it to your APT keyring with apt-key add.

  2. Update Package Lists:

    Update the package lists to include the new repository:

    sudo apt update

    If you get GPG key errors, it means you haven’t added the repository’s key correctly (or the key is invalid). Address these errors before proceeding.

  3. Install OpenSSL:

    Install OpenSSL from the repository:

    sudo apt install openssl libssl-dev

  4. Verify Installation:

    Check the installed OpenSSL version:

    openssl version

Critical Considerations for Third-Party Repositories:

  • Trust: Only use repositories from sources you completely trust. Research the repository’s maintainers, their reputation, and their security practices.
  • Security: Verify that the repository uses HTTPS and provides GPG signatures for its packages.
  • Compatibility: Ensure the repository is specifically designed for Debian 11 (Bullseye) to avoid compatibility issues.
  • Conflicts: Be aware that adding third-party repositories can sometimes lead to conflicts with packages from the official Debian repositories.
  • Maintenance: Understand that you are responsible for keeping the packages from the third-party repository up to date.
  • Risk: Using third-party repositories inherently carries a higher risk than using official repositories.

In conclusion, while compiling from source provides maximum control, using backports offers a slightly less risky and often easier alternative to install OpenSSL 3 on Debian 11. Third-party repositories should only be considered as a last resort and with extreme caution. Always prioritize security and thoroughly vet any external source of software.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *