Update OpenSSL in OSX

While having an updated version of OpenSSL is always recommended, vulnerabilities such as The Heartbleed Bug reported 7th of April 2014 reminds us of it. Also, not counting on an updated version can cause some packages not to install (e.g., IO::Socket::SSL, necessary to run git send-email). In this post we go through the steps of updating OpenSSL in OSX, which as usual, entails a few more steps than in linux. I use Homebrew as a package manager.

1. The first thing to do is updating Homebrew and checking the installation:

$ brew update
$ brew doctor

Normally brew doctor gives a well detail feedback with broken dependencies and the commands to fix them. Follow the steps pointed out by brew doctor before continuing. Examples of broken dependencies include changing the ownership of sudo installations or updating xcode command line tools.

2. Now it is time to check (i) your current openssl version, and (ii) if there is a new version out there.

$ openssl version -a
brew install openssl

3. If a new version was installed, check that the symbolic links have been updating. For this check the version again.

$ openssl version -a

4. If there version corresponds with the one installed by brew, you are done. If the version is the same as before the installation, you need to update the symbolic links manually.

$ which openssl                              
//we use /usr/bin/openssl as the given output
//save the current binary, just in case
$ sudo mv /usr/bin/openssl ~/                
$ sudo ln -s /usr/local/Cellar/openssl/1.0.1g/bin/openssl /usr/bin
$ openssl version -a

5. If everything went fine you can delete the old openssl binary.

$ sudo rm ~/openssl

OpenSSL is updated 🙂 As for today (9th April, 2014), after the report of The Heartbleed Bug, the newest version is OpenSSL 1.0.1g 7 Apr 2014.

 

— UPDATE:

A new version is available: OpenSSL 1.0.1h 5 Jun 2014 (release notes)

 

Enjoy! 🙂

 

–javier

 

34 thoughts on “Update OpenSSL in OSX

  1. Thanks for quick answers! Followed the instructions in the link, but it does not seem to have changed much. Tried uninstalling and re-installing openssl through homebrew, but it didn’t change anything. This is what it says after I install openssl through homebrew:

    A CA file has been bootstrapped using certificates from the system
    keychain. To add additional certificates, place .pem files in
    /usr/local/etc/openssl/certs

    and run
    /usr/local/opt/openssl/bin/c_rehash

    This formula is keg-only, which means it was not symlinked into /usr/local.

    Mac OS X already provides this software and installing another version in
    parallel can cause all kinds of trouble.

    The OpenSSL provided by OS X is too old for some software.

    Generally there are no consequences of this for you. If you build your
    own software and it requires this formula, you’ll need to add to your
    build variables:

    LDFLAGS: -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

    ==> Summary
    🍺 /usr/local/Cellar/openssl/1.0.1i: 430 files, 15M

    Does that help in any way?

  2. Pingback: MAC 上更新openssl – Itroadmap

  3. Hello,

    When I run openssl version on Mac OS X, I get:
    OpenSSL 0.9.8zg 14 July 2015

    I’m trying to update 1.0.2g by:
    sudo ln -s /usr/local/Cellar/openssl/1.0.2g/bin/openssl /usr/bin/openssl

    But getting the following error:
    ln: /usr/bin/openssl: Operation not permitted

    I tried: sudo mv /usr/bin/openssl /usr/bin/openssl_OLD

    But got this error:
    mv: rename /usr/bin/openssl to /usr/bin/openssl_OLD: Operation not permitted

    Any help would be much appreciated.

    Thanks!

    Christian

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s