Linux服务器openssl版本过低有漏洞,需要做升级。升级步骤如下:
1.查看openssl版本
[root@localhost sshupgrade]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 2.下载指定版本的openssl软件
下载网址:https://www.openssl.org/source/下载,后面的版本号换为最新的版本号。
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz [root@localhost sshupgrade]# tar -zxvf openssl-1.1.1k.tar.gz 3.编译安装
[root@localhost sshupgrade]# cd openssl-1.1.1k [root@localhost openssl-1.1.1k]# ./config shared zlib Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1k (0xbfL) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm Creating Makefile * * * OpenSSL has been successfully configured * * * * If you encounter a problem while building, please open an * * issue on GitHub <https://github.com/openssl/openssl/issues> * * and include the output from the following command: * * * * perl configdata.pm --dump * * * * (If you are new to OpenSSL, you might want to consult the * * 'Troubleshooting' section in the INSTALL file first) * * * [root@localhost openssl-1.1.1k]# make && make install 4.配置
[root@localhost openssl-1.1.1k]# mv /usr/bin/openssl /usr/bin/openssl.bak mv:是否覆盖"/usr/bin/openssl.bak"? y [root@localhost openssl-1.1.1k]# mv /usr/include/openssl /usr/include/openssl.bak mv:是否覆盖"/usr/include/openssl.bak/openssl"? y [root@localhost openssl-1.1.1k]# find / -name openssl /etc/pki/ca-trust/extracted/openssl /usr/share/doc/man-pages-overrides-6.6.3/openssl /usr/local/ssl/bin/openssl /usr/local/ssl/include/openssl /usr/local/ssl/include/openssl/openssl /usr/local/share/doc/openssl /usr/local/bin/openssl /usr/local/include/openssl /usr/lib64/openssl /shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/include/openssl /shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/apps/openssl /shenlan/sshupgrade/ssh8.3/openssl-1.1.1g/test/ossl_shim/include/openssl /shenlan/sshupgrade/openssl-1.1.1k/include/openssl /shenlan/sshupgrade/openssl-1.1.1k/apps/openssl /shenlan/sshupgrade/openssl-1.1.1k/test/ossl_shim/include/openssl /shenlan/sshupgrade/share/openssl-1.0.2k/include/openssl /shenlan/sshupgrade/share/openssl-1.0.2k/apps/openssl [root@localhost openssl-1.1.1k]# ln -s /usr/local/bin/openssl /usr/bin/openssl [root@localhost openssl-1.1.1k]# ln -s /usr/local/include/openssl /usr/include/openssl [root@localhost openssl-1.1.1k]# echo "/usr/local/lib64/" >> /etc/ld.so.conf [root@localhost openssl-1.1.1k]# ldconfig [root@localhost openssl-1.1.1k]# openssl version -a OpenSSL 1.1.1k 25 Mar 2021 built on: Sun Apr 25 09:59:29 2021 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib64/engines-1.1" Seeding source: os-specific 5.升级成功
[root@localhost openssl-1.1.1k]# openssl version OpenSSL 1.1.1k 25 Mar 2021 版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/224072.html原文链接:https://javaforall.net
![《转》OpenStack Live Migration[通俗易懂]](https://javaforall.net/wp-content/uploads/2020/11/2020110817443450-480x300.jpg)
