Operating system: CentOS 7.x
Why upgrade the OpenSSL version?
The default OpenSSL installed on CentOS 7.x is 1.0.2k (CentOS 7.9)
[root@mysql-master ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
whereis openssl #find openssl
[root@mysql-master ~]# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/share/man/man1/openssl.1ssl.gz
When compiling and installing php7.4 and above, a higher version of OpenSSL is required; some PHP open source frameworks such as ThinkPHP and other programs require a higher version of OpenSSL; the installation and deployment of MySQL 8.x also requires a higher version of OpenSSL.
1. Use yum source to upgrade OpenSSL online
yum update openssl #Upgrade using the default yum source and find that the version has not changed
yum install -y epel-release #Install epel source
yum install -y openssl11 openssl11-devel #install -1.1 version
[root@mysql-master ~]# whereis openssl11 #Find a higher version of openssl
openssl11: /usr/bin/openssl11 /usr/lib64/openssl11 /usr/include/openssl11 /usr/share/man/man1/openssl11.1.gz
#Replace the system default OpenSSL version with a higher version
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/lib64/openssl /usr/lib64/openssl.old
ln -s /usr/bin/openssl11 /usr/bin/openssl
ln -s /usr/lib64/openssl11 /usr/lib64/openssl
ln -s /usr/include/openssl11 /usr/include/openssl
[root@mysql-master openssl]# openssl version #Check the OpenSSL version, it has been upgraded to a higher version
OpenSSL 1.1.1k FIPS 25 Mar 2021
2. Compile and install OpenSSL
#Download high version OpenSSL
cd /usr/local/src
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz
#Install
cd /usr/local/src
tar zxvf openssl-1.1.1q.tar.gz
cd openssl-1.1.1q
./config -fPIC shared zlib --prefix=/usr/local/openssl
make
make install
echo "/usr/local/lib64/" >> /etc/ld.so.conf
ldconfig
#Replace the system default OpenSSL version with a higher version
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v
openssl version #View version
[root@mysql-master lib]# openssl version
OpenSSL 1.1.1q 5 Jul 2022