How to Install openssl 1.1.1 (TLS 1.3) on CentOS 7

OpenSSL is an open source software library that provides Secure Sockets Layer (SSL) encryption and other security protocols for secure data transmission over the internet. It is used in many products and services, including web servers, email servers, file transfer protocols, virtual private networks (VPNs), and more. Installing the latest version of OpenSSL is essential to ensure that your data remains secure and protected from malicious attacks.

This article will show how to install latest openssl and TLS 1.3 into CentOS 7. For some reason, the development team still needs to run the application in CentOS 7/RHEL 7/Oracle Linux 7 but wants to maintain application security by running the application in TLS 1.3.

1. Install prerequisites before install openssl 1.1.1 (TLS 1.3. If you face any issues, you can refer to this guide on how to fix error during openssl 1.1.1 into CentOS 7.

# yum install gcc gcc-c++ pcre-devel zlib-devel make unzip gd-devel perl-ExtUtils-Embed libxslt-devel openssl-devel perl-Test-Simple
yum groupinstall 'Development Tools'

2. Download openssl 1.1.1 version.

# cd /usr/src
# wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1f.tar.gz

3. Extract the openssl file

# tar xvf openssl-1.1.1f.tar.gz

4. Rename the file to openssl for standardization.

# mv openssl-1.1.1f openssl

5. Recompile and install openssl version using below command :

# cd openssl
# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib-dynamic
# make -j4
# make test 
# make install 

6. Now rename the existing openssl binary. Binary usually in /usr/bin/ for CentOS 7.

# mv /usr/bin/openssl /usr/bin/openssl-backup

7. Create add a new symlink for openssl binary.

# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

8. Display the dependencies of the openssl using ldd command :

# cd /usr/local/openssl/bin/
# ldd openssl
        linux-vdso.so.1 =>  (0x00007ffd7b54c000)
        libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f5eec37b000)
        libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f5eebe8f000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f5eebc8b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5eeba6f000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f5eeb6a1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f5eec60e000)

9. Show the version and the supported ciphers :

# openssl ciphers -v | awk '{print $2}' | sort | uniq

Output :

SSLv3
TLSv1
TLSv1.2
TLSv1.3

10. Now you can verify TLS 1.3 by using any browser dev tools or SSL Labs service such as given below.

https://www.ssllabs.com/ssltest/

Conclusion :
Installation of TLS 1.3 for CentOS 7 or Oracle 7 require manual installation from source openssl package.

Leave a Comment