Questions tagged [openssl]
Open source implementation of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols
393
questions
153
votes
6
answers
126k
views
How to patch the Heartbleed bug (CVE-2014-0160) in OpenSSL?
As of today, a bug in OpenSSL has been found affecting versions 1.0.1 through 1.0.1f (inclusive) and 1.0.2-beta.
Since Ubuntu 12.04, we are all vulnerable to this bug. In order to patch this ...
- 18.9k
96
votes
7
answers
266k
views
How do I quickly encrypt a file with AES?
I want to encrypt a file using AES-256. How can I do that quickly and easily, and how can I - or someone else -decrypt it again?
- 87.1k
70
votes
5
answers
184k
views
Ubuntu 20.04 - how to set lower SSL security level?
I'd like to ask if there's a way to lower SSL security level to 1 on Ubuntu 20.04, since I'm receiving:
141A318A:SSL routines:tls_process_ske_dhe:dh key too small
when trying to curl the website.
...
52
votes
2
answers
72k
views
How should I change encryption according to *** WARNING : deprecated key derivation used
When I encrypt or decrypt a file I get:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
I do not understand what this means, and how I should change my ...
- 1,079
35
votes
1
answer
113k
views
How to upgrade OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04?
I have been running a production server with Ubuntu 18 installed.
Recently, I found that my web application was not allowed on some of the firewalls installed at the customer location.
I found that ...
- 467
34
votes
3
answers
261k
views
PHP OpenSSL extension has a package?
I know that OpenSSL extension is in PHP source, but I can't enable it when I perform apt-get install php5. There is not even a apt-get install php5-openssl. How I must proceed?
31
votes
13
answers
93k
views
module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
I was using python 3.6 on my ubuntu machine and faced this error when doing some testing:
CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support ...
- 413
31
votes
1
answer
52k
views
How to install openssl 3.0.7 on Ubuntu 22.04? [duplicate]
There's a highest severity security hole in openssl v3.0.x where x<7. The patched version (3.0.7) has officially dropped on November 1, 2022.
How to install/update openssl 3.0.7 on an Ubuntu 22.04 ...
- 1,385
30
votes
1
answer
49k
views
What is "openssl binaries" and "openssl development package"?
Build it using general C development environment with bash, gcc (3 or
4 series), make, etc on a linux machine.
Building pre-requirements are:
**
1. openssl binaries;
2. openssl ...
- 541
29
votes
3
answers
86k
views
How do I use OpenSSL 1.1.1 in Ubuntu 22.04?
I understand that Ubuntu 22.04 upgraded to OpenSSL 3.0. This has broken my university's secure WiFi access point joining script because "some insecure algorithms have been disabled by default&...
- 401
26
votes
7
answers
40k
views
Enabling SSL in MySQL
I'm running Ubuntu Server 12.04, and I want to enable SSL connections to MySQL.
I've generated the following keys/certs files with OpenSSL:
ca-cert.pem
server-cert.pem
server-key.pem
I stored these ...
- 361
24
votes
4
answers
210k
views
How to install OpenSSL 1.1.1 and libSSL package?
I want to use OpenSSL1.1.1 version for my code development. Currently I am working with Openssl 1.1.0g on Ubuntu 18.04 machine.
If I download the package with the command sudo apt install libssl-dev, ...
- 436
24
votes
3
answers
97k
views
Where are PEM files stored for validating SSL certificates?
I'm writing a SOAP client application on Ubuntu using OpenSSL and C++. I am having trouble getting my code to validate the server certificate even though I know has a valid certificate.
Just to make ...
- 2,271
21
votes
3
answers
51k
views
How to enable TLS 1.2 in Nginx?
How do I enable TLS 1.1 and 1.2 for SSL connections in my Ubuntu 12.04 server? I am using the following version of nginx and openssl library.
$ ./nginx -v
nginx version: nginx/1.2.3
$ openssl ...
- 393
20
votes
3
answers
19k
views
Why unattended-upgrades does not fix heartbleed bug?
I've followed the instruction to install unattended-upgrades to install automatic security updates on my server (ubuntu server 13.10).
https://help.ubuntu.com/community/AutomaticSecurityUpdates
Can ...
20
votes
3
answers
143k
views
Upgrade OpenSSL on Ubuntu 12.04
I wanted to upgrade OpenSSL to 1.0.1 on an Ubuntu 12.04 system. I have noticed that an apt-get upgrade openssl does not end up upgrading OpenSSL. Is the newer OpenSSL supported on Ubuntu?
I have also ...
- 253
18
votes
6
answers
67k
views
opensslconf.h not found
I'm trying to build znort987's parser, and have executed sudo apt-get libssl-dev. I can see all sorts of ssl related header files in /usr/include/openssl but opensslconf.h is missing from the openssl ...
18
votes
2
answers
88k
views
How to generate Openssl .pem file and where we have to place it
I want to generate a OpenSSL .pem file to allow the remote login via ssh using .pem file at the place of password.
I am able to generate key as well as .crt and .pem file using the following
sudo ...
- 337
18
votes
2
answers
30k
views
Enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04
I have recently reinstalled my server to Ubuntu 20.04.
A support call came in and after a few days, I managed to notice that TLS v1.0 and v1.1 were not being provided by my web server, nginx. The ...
- 409
16
votes
1
answer
42k
views
How to convert rsa key to pem using X.509 standard
I've converted an rsa key to pem using the following command
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
However when I try uploading this key to my ubuntu server hosted on Azure I ...
- 347
15
votes
1
answer
37k
views
How to check which OpenSSL version is use by Apache on Ubuntu 12.04
I have installed Ubuntu12.04 on my machine and it got heartBleed version of OpenSSL 1.0.1. So I uninstalled OpenSSL 1.0.1 and install new 1.0.1g version by refering this link.
Now I want to confirm ...
- 275
15
votes
4
answers
31k
views
Error 255 when trying to install openssl-1.0.1g from source
installing man1/cms.1
cms.pod around line 457: Expected text after =item, not a number
cms.pod around line 461: Expected text after =item, not a number
cms.pod around line 465: Expected text after =...
- 151
15
votes
1
answer
14k
views
What does BuildID SHA1 mean?
I was exploring around in the ubuntu unity terminal window when this came up:
When I typed:
file /bin/ls
the output is:
/bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically ...
- 1,659
14
votes
7
answers
76k
views
libcrypto.so.1.0.0: no version information available (required by ssh)
I get the following error:
jalal@klein:~$ ssh -i "hyunwoo_key.pem" [email protected]
ssh: /home/jalal/computer_vision/MCR/v901/bin/glnxa64/libcrypto.so.1.0.0: no version ...
- 4,605
14
votes
9
answers
38k
views
Setting up barrier to run on startup
Barrier is a free popular KVM software that enables mouse/keyboard sharing across several devices.
I've been fiddling with it for a few hours and I can't seem to get it right.
I have a barrier ...
- 303
14
votes
3
answers
72k
views
How can I downgrade openssl via apt-get?
After a recent upgrade, I am having some SSL connection problems. I would like to downgrade openssl temporarily to see if the issues go away.
The current version of openssl installed is 1.0.1-...
- 159
13
votes
3
answers
3k
views
How can I gradually encrypt a file that is being downloaded?
I used to download files and then use openssl to encrypt them, which is not enough for me. How can I encrypt the download gradually as the file is being downloaded?
I thought about using curl and an ...
- 2,408
12
votes
4
answers
22k
views
Amazon Workspaces Client not working on 22.04
I have the official Amazon client, and I have been using it for years. When I upgraded to 22.04, the client began to crash on every launch. It seems to be an error with OpenSSL
$ ./workspacesclient ...
- 576
12
votes
2
answers
62k
views
How to install openssl 1.0.2 with default openssl (1.1.1) on Ubuntu 16.04?
P4Python does not work on Ubuntu 16.04 since the distribution comes with OpenSSL 1.1.0g.(details). I am trying to build P4Python from source using --ssl path/to/openssl1.0. I need to install OpenSSL 1....
- 537
11
votes
3
answers
25k
views
Why MySQL Workbench 8.x errors out with an SSL connection error, choose client version unsupported protocol
I have a local developer environment running MySQL server 5.7.27. I used MySQL Workbench 6.3.10 (this is the latest version AFAIK before 8.0 appeared) without any problem. However when I upgrade to ...
- 1,418
11
votes
1
answer
40k
views
Why do I get "undefined reference" errors when linking against OpenSSL?
My compilation process throws around errors like
..undefined reference to `BN_cmp'
although I include <openssl/bn.h>
and run
gcc -lssl -lcrypto test.c -o test
can someone help? (openssl ...
- 111
11
votes
1
answer
43k
views
How to fix Microsoft ODBC Driver 17 for SQL Server : SSL Provider ssl_choose_client_version:unsupported protocol
I have installed Sql Server 2019 Developer Edition and mssql-tools on my Ubuntu 20.04 minimal.
I can connect to my localhost with no issue, but when I want to remote to another sql server:
sqlcmd -S &...
- 223
10
votes
2
answers
11k
views
Patch OpenSSL CVE-2014-0160 on ubuntu 12.04?
NO, this is not a duplicate of How to patch the Heartbleed bug (CVE-2014-0160) in OpenSSL?. So, read on.
I am seeing conflicting information with respect to Ubuntu 12.04:
The Heartbleed page claims ...
- 402
10
votes
2
answers
39k
views
When I try to CURL a website I get SSL error
I installed Ubuntu 20 on my VPS. This is why I'm trying to do:
curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
[1] 438975
root@vps:/var/www/html/tportal# * Trying 195....
- 203
10
votes
4
answers
7k
views
Building xar source error: no libcrypto?
I am building xar from source (https://github.com/mackyle/xar). It complains that I don't have OpenSSL, but I have it (my system have the openssl package installed and I have libcrypto.so.1.1.1 file ...
- 319
9
votes
2
answers
11k
views
OpenSSL config cuases error in node js crypto. How should the config be updated?
This was originally posted to the nodejs Github issues page, but it appears that it is an issue with Ubuntu 22.04, so I'm re-posting it here hoping to get further advice. The original thread on Github ...
9
votes
1
answer
3k
views
Are all versions of Ubuntu secure against DROWN attack?
OpenSSL updates release versions 1.0.2g and 1.0.1s to fix the DROWN vulnerability (CVE-2016-0800). In Ubuntu 14.04 LTS Trusty Tahr, the latest OpenSSL version is 1.0.1f-1ubuntu2.18. Do I understand it ...
- 210
9
votes
3
answers
20k
views
nut (UPS) and SSL certificates
Today I installed nut on my Ubuntu server (Ubuntu 14.04 LTS).
$ uname -a
Linux boson 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
The UPS is connected ...
- 740
9
votes
2
answers
9k
views
Do I need to take action on a 10.04 LTS server to avoid the heartbleed vulnerability?
From the heartbleed.com website, I see that OpenSSL 0.9.8 is NOT vulnerable, which is the version that is available on 10.04. That should mean that actually having stuck with 10.04 until now has ...
- 526
9
votes
1
answer
24k
views
Fake UserTrust.com Certificates in Chrome?
I was trying to install a SSL certificate, when I digged into Chrome Settings and looked at the installed ones (servers tab).
Those are marked as Not Safe, and they are related to mail.google.com, ...
- 733
9
votes
1
answer
2k
views
Is there a modern and clear tutorial on setting up SSL for localhost / testing use?
Let's say I'm developing a script for login.example.com. I have absolutely no access to login.example.com, but that page loads a script on assets.example.com (which I have access to). To test how ...
- 2,660
9
votes
1
answer
11k
views
OpenSSL not picking up CAs in certs folder
We're having trouble with curl not connecting to an HTTPS server:
$ curl https://the-problem-site.com (not the real URL!)
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(...
- 191
9
votes
2
answers
3k
views
How to Fix CVE-2023-2650- A Type Confusion Vulnerability in OpenSSL?
The error message you seeing is indicating that my system has not been updated to the latest version of OpenSSL, which includes a fix for the CVE-2023-2650 vulnerability. how To fix this:
Hit:1 http://...
- 99
9
votes
1
answer
56k
views
openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04
Executing:
openssl s_client -connect ms.icometrix.com:443
gives:
CONNECTED(00000003)
...
- 193
9
votes
0
answers
8k
views
Am I affected? Heartbleed bug [duplicate]
I've just learned about the Heartbleed Bug (OpenSSL leaking private keys), and based on the website, heartbleed.com, it says that OpenSSL 1.0.1 through version f is affected. However it leaves off ...
- 116
8
votes
2
answers
71k
views
Installing latest cmake on Ubuntu 18.04.3 LTS run via WSL: OpenSSL error
Using CLion on Windows (a C++ IDE), I'd like to install the latest version of cmake on Ubuntu 18.04.3 LTS run via WSL (the current version of CLion requires cmake > 3.15, while I have only version 3....
- 183
8
votes
2
answers
25k
views
How would you install OpenSSL package for Ruby?
I have trouble finding the package for this software. I built and installed from the packages found here, but it's still not working properly with rvm and gem (log is located here). How would you ...
- 185
8
votes
2
answers
30k
views
OpenSSL installed, but Ruby unable to require it
I'm trying to setup github-pages on my Ubuntu laptop, and following the guide provided by Github I have to install the bundler package; giving the command
~$ gem install bundler
returns me this ...
user270523
8
votes
1
answer
10k
views
How do I ensure that openssl is using AES-NI acceleration?
I am running Ubuntu 16.04.1 LTS, I checked that my processor does support AES-NI acceleration on all CPUs:
johndoe@mycomputer:~$ grep -m1 -o aes /proc/cpuinfo
aes
johndoe@mycomputer:~$ grep -o aes /...
- 461
8
votes
1
answer
11k
views
GPG encrypt a file with only a passphrase (no key storage needed)
Is there a GPG encryption mode that does not requires to have a specific public key stored and requires only one passphrase to be decrypted?
It would make the decryption possible on any machine if ...
- 2,408