{"id":11134,"date":"2025-04-03T06:12:03","date_gmt":"2025-04-03T06:12:03","guid":{"rendered":"https:\/\/mainvps.net\/blog\/?p=11134"},"modified":"2025-04-29T10:27:18","modified_gmt":"2025-04-29T10:27:18","slug":"how-to-upgrade-openssl-3-1-in-ubuntu-22-04","status":"publish","type":"post","link":"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/","title":{"rendered":"How to Upgrade OpenSSL 3.1 in Ubuntu 22.04: A Complete Guide"},"content":{"rendered":"\n<p>OpenSSL underpins secure communication on Linux systems, performing the SSL\/TLS handshakes for almost all Internet services. While Ubuntu 22.04 ships with OpenSSL 3.0 by default, you might need OpenSSL 3.1 for its improved features and security enhancements. This guide will walk you through How to upgrade openssl safely, while maintaining system stability.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Why_Upgrade_to_OpenSSL_31\" >Why Upgrade to OpenSSL 3.1?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Method_1_Official_Ubuntu_Backports_Recommended\" >Method 1: Official Ubuntu Backports (Recommended)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Method_2_Compiling_from_Source\" >Method 2: Compiling from Source<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Step_1_Install_Dependencies\" >Step 1: Install Dependencies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Step_2_Download_OpenSSL_31\" >Step 2: Download OpenSSL 3.1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Step_3_Compile_and_Install\" >Step 3: Compile and Install<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Step_4_Configure_System_Path\" >Step 4: Configure System Path<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Step_5_Verify\" >Step 5: Verify<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Method_3_Using_Third-Party_PPAs_Caution\" >Method 3: Using Third-Party PPAs (Caution)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Post-Installation_Checks\" >Post-Installation Checks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Downgrading_If_Needed\" >Downgrading (If Needed)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#FAQ_Section\" >FAQ Section<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Q_Is_OpenSSL_31_backwards_compatible\" >Q: Is OpenSSL 3.1 backwards compatible?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Q_Will_this_break_my_ApacheNginx\" >Q: Will this break my Apache\/Nginx?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Q_How_do_I_maintain_OpenSSL_updates\" >Q: How do I maintain OpenSSL updates?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Q_Why_isnt_OpenSSL_31_in_main_Ubuntu_repos\" >Q: Why isn&#8217;t OpenSSL 3.1 in main Ubuntu repos?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Q_Can_I_have_multiple_OpenSSL_versions\" >Q: Can I have multiple OpenSSL versions?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Expert_Recommendations\" >Expert Recommendations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Upgrade_to_OpenSSL_31\"><\/span>Why Upgrade to OpenSSL 3.1?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>OpenSSL 3.1 (released in March 2023) offers several advantages:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enhanced quantum-resistant algorithms<\/li>\n\n\n\n<li>Improved performance for modern CPUs<\/li>\n\n\n\n<li>Better TLS 1.3 support<\/li>\n\n\n\n<li>Security fixes not backported to 3.0<\/li>\n\n\n\n<li>New features like Certificate Compression<\/li>\n<\/ul>\n\n\n\n<p>However, proceed with caution &#8211; system upgrades can affect many dependent packages.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_1_Official_Ubuntu_Backports_Recommended\"><\/span>Method 1: Official Ubuntu Backports (Recommended)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The safest approach is using Ubuntu&#8217;s official channels:<\/p>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo apt update\nsudo apt install -t jammy-backports openssl<\/pre>\n\n\n\n<p>Verify the installation:<\/p>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">openssl version<\/pre>\n\n\n\n<p>If this shows 3.0.x, the backport might not be available yet (as of my knowledge cutoff in October 2023). In that case, consider:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_2_Compiling_from_Source\"><\/span>Method 2: Compiling from Source<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_1_Install_Dependencies\"><\/span>Step 1: Install Dependencies<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo apt update\nsudo apt install build-essential checkinstall zlib1g-dev libpcre3 libpcre3-dev -y<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_2_Download_OpenSSL_31\"><\/span>Step 2: Download OpenSSL 3.1<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">wget https:\/\/www.openssl.org\/source\/openssl-3.1.4.tar.gz <br>tar -xf openssl-3.1.4.tar.gz<br>cd openssl-3.1.4<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_3_Compile_and_Install\"><\/span>Step 3: Compile and Install<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">.\/config --prefix=\/usr\/local\/ssl --openssldir=\/usr\/local\/ssl shared zlib\nmake\nmake test\nsudo make install<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_4_Configure_System_Path\"><\/span>Step 4: Configure System Path<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo nano \/etc\/environment<\/pre>\n\n\n\n<p>Add:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">PATH=\"\/usr\/local\/ssl\/bin:$PATH\"\nLD_LIBRARY_PATH=\"\/usr\/local\/ssl\/lib:$LD_LIBRARY_PATH\"<\/pre>\n\n\n\n<p>Reload:<\/p>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">source \/etc\/environment\nsudo ldconfig<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_5_Verify\"><\/span>Step 5: Verify<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">openssl version<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_3_Using_Third-Party_PPAs_Caution\"><\/span>Method 3: Using Third-Party PPAs (Caution)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Some PPAs like the one from the <a href=\"https:\/\/mainvps.net\/blog\/install-openssl-on-ubuntu\/\">OpenSSL<\/a> maintainers might provide newer versions:<\/p>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo add-apt-repository ppa:openssl\/ppa\nsudo apt update\nsudo apt upgrade openssl<\/pre>\n\n\n\n<p><strong>Warning:<\/strong>&nbsp;Third-party repositories can introduce compatibility issues.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Post-Installation_Checks\"><\/span>Post-Installation Checks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Verify dependent services:<\/li>\n<\/ol>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo lsof -n | grep libssl<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Test common operations:<\/li>\n<\/ol>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">openssl speed aes-256-cbc\nopenssl s_client -connect google.com:443 -showcerts<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Downgrading_If_Needed\"><\/span>Downgrading (If Needed)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If you encounter issues:<\/p>\n\n\n\n<p>bash<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">sudo apt install --reinstall openssl=3.0.2-0ubuntu1.10<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQ_Section\"><\/span>FAQ Section<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_Is_OpenSSL_31_backwards_compatible\"><\/span>Q: Is OpenSSL 3.1 backwards compatible?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A: Mostly yes, but some deprecated APIs were removed. Most applications work fine.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_Will_this_break_my_ApacheNginx\"><\/span>Q: Will this break my Apache\/Nginx?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A: If compiled correctly, no. But test thoroughly in staging first.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_How_do_I_maintain_OpenSSL_updates\"><\/span>Q: How do I maintain OpenSSL updates?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A: If using source compilation, you&#8217;ll need to manually update. Consider setting up monitoring for new releases.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_Why_isnt_OpenSSL_31_in_main_Ubuntu_repos\"><\/span>Q: Why isn&#8217;t OpenSSL 3.1 in main Ubuntu repos?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A: Ubuntu prioritizes stability. Major version updates typically come with new <a href=\"https:\/\/mainvps.net\/blog\/ubuntu-guide\/\">Ubuntu<\/a> releases unless critical security fixes are needed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_Can_I_have_multiple_OpenSSL_versions\"><\/span>Q: Can I have multiple OpenSSL versions?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p style=\"font-size:18px\">A: Yes, using&nbsp;<code>update-alternatives<\/code>, but this requires careful configuration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Expert_Recommendations\"><\/span>Expert Recommendations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Test First<\/strong>: Always test in a non-production environment<\/li>\n\n\n\n<li><strong>Document Changes<\/strong>: Keep records of your compilation options<\/li>\n\n\n\n<li style=\"font-size:18px\"><strong>Monitor Dependencies<\/strong>: Use&nbsp;<code>apt-cache rdepends openssl<\/code>&nbsp;to check what depends on OpenSSL<\/li>\n\n\n\n<li><strong>Security Patches<\/strong>: If using source compilation, subscribe to OpenSSL security <a href=\"https:\/\/openssl-library.org\/news\/vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">announcements<\/a><\/li>\n\n\n\n<li><strong>Consider Containers<\/strong>: For isolated applications, consider containerization to avoid system-wide changes<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Upgrading from OpenSSL 3.0, which comes preinstalled with Ubuntu 22.04, is advantageous for select scenarios, while still maintaining its stability and security features. The varied approaches offer distinct advantages, although they also come with differing levels of required maintenance. However, regardless of methods selected, guarantee that you can easily revert changes, rolling back upgrades and patches while closely tracking system performance post-upgrade.<\/p>\n\n\n\n<p>Remember: if your system is working fine and you don&#8217;t specifically need 3.1 features, waiting for Ubuntu&#8217;s official updates might be the most maintainable approach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenSSL underpins secure communication on Linux systems, performing the SSL\/TLS handshakes for almost all Internet services. While Ubuntu 22.04 ships with OpenSSL 3.0 by default, you <a class=\"read-more-link\" href=\"https:\/\/mainvps.net\/blog\/how-to-upgrade-openssl-3-1-in-ubuntu-22-04\/\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":11154,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[221],"class_list":["post-11134","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-servers","tag-openssl"],"_links":{"self":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/comments?post=11134"}],"version-history":[{"count":4,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11134\/revisions"}],"predecessor-version":[{"id":11337,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11134\/revisions\/11337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/media\/11154"}],"wp:attachment":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/media?parent=11134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/categories?post=11134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/tags?post=11134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}