centos 升级 openssl

安装相关依赖

apt-get install zlib1g zlib1g-dev

下载 cloudflare/sslconfig

git clone https://github.com/cloudflare/sslconfig

下载 openssl 并解压

wget -O openssl.zip -c https://github.com/openssl/openssl/archive/OpenSSL_1_0_2h.zip
unzip openssl.zip
mv openssl-OpenSSL_1_0_2h/ openssl

cd openssl
patch -p1 < ../sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch 

执行编译

# 编译为静态库
./config shared zlib
# 编译为动态库
# ./config shared zlib-dynamic
make depend
make
make install

备份旧的 openssl

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

对旧的 openssl 建立软链接

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl

配置文件搜索路径

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf 
ldconfig -v | grep openssl

查看最新版本

openssl version -a