OpenSSL is an open source project, and its composition mainly includes the following three components:
openssl: a multi-purpose command-line tool
libcrypto: an encryption algorithm library
libssl: an encryption module application library that implements ssl and tls
OpenSSL can implement key certificate management and symmetric encryption and asymmetric encryption.
OpenSSL contains most of the cryptographic algorithms, and supports national secret algorithms SM2, SM3, and SM4 after version 1.1.1.
resource
Official website: https://www.openssl.org/source/
openssl source code:https://gitcode.net/mirrors/openssl/openssl/-/tree/master
OpenSSL upgrade
View version number
openssl version
or
ssh -V
Goal: Upgrade to version 1.1.1
View the existing openssl installation directory
which openssl
Download the specified version of openssl
Use the official website to download
Download the source code and use the official website:https://www.openssl.org/source/
Use the wget tool
Download the specified version, such as 1.1.1:
wget http://www.openssl.org/source/openssl-1.1.1q.tar.gz
If the command reports an error: ERROR: cannot verify www.openssl.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired.
Execute the following statement:
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz
compile
Download C related
yum install -y zlib
yum install –y zlib-devel
yum install –y gcc
decompress
tar -zxvf openssl-1.1.1q.tar.gz
compile
cd openssl-1.1.1q
./config --prefix=/usr/local/openssl shared zlib
make depend
make && make install
Backup current openssl:
mv /usr/local/openssl /usr/local/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
Configure to use the new version
OpenSSL和OpenSSH
OpenSSL is a cryptography library, the main design purpose is to encrypt network data streams (application layer and transport layer).
OpenSSH is the implementation of the SSH protocol. During the implementation process, key exchange algorithms, symmetric/asymmetric encryption algorithms, and Mac algorithms need to be used , random number algorithm. OpenSSL provides two libraries libssl and libcrypto, and OpenSSH uses the above algorithm implemented in libcrypto.
OpenSSH is the connection tool of choice for remote login. It encrypts all traffic to eliminate eavesdropping, connection hijacking and other attacks. Contains commands such as SSH, SCP, and SFTP.
ssh protocol
Secure Shell, Secure Shell Protocol, referred to as ssh, is a security protocol based on the application layer. By encrypting and verifying the password, it can provide a secure transmission environment for network services in an insecure network, and realize The connection between the ssh client and the ssh server, so ssh is based on the C/S structure.
Yeah