While having an updated version of OpenSSL is always recommended, vulnerabilities such as The Heartbleed Bug reported 7th of April 2014 reminds us of it. Also, not counting on an updated version can cause some packages not to install (e.g., IO::Socket::SSL, necessary to run git send-email). In this post we go through the steps of updating OpenSSL in OSX, which as usual, entails a few more steps than in linux. I use Homebrew as a package manager.
1. The first thing to do is updating Homebrew and checking the installation:
$ brew update
$ brew doctor
Normally brew doctor gives a well detail feedback with broken dependencies and the commands to fix them. Follow the steps pointed out by brew doctor before continuing. Examples of broken dependencies include changing the ownership of sudo installations or updating xcode command line tools.
2. Now it is time to check (i) your current openssl version, and (ii) if there is a new version out there.
$ openssl version -a
$ brew install openssl
3. If a new version was installed, check that the symbolic links have been updating. For this check the version again.
$ openssl version -a
4. If there version corresponds with the one installed by brew, you are done. If the version is the same as before the installation, you need to update the symbolic links manually.
$ which openssl
//we use /usr/bin/openssl as the given output
//save the current binary, just in case
$ sudo mv /usr/bin/openssl ~/
$ sudo ln -s /usr/local/Cellar/openssl/1.0.1g/bin/openssl /usr/bin
$ openssl version -a
5. If everything went fine you can delete the old openssl binary.
$ sudo rm ~/openssl
OpenSSL is updated 🙂 As for today (9th April, 2014), after the report of The Heartbleed Bug, the newest version is OpenSSL 1.0.1g 7 Apr 2014.
— UPDATE:
A new version is available: OpenSSL 1.0.1h 5 Jun 2014 (release notes)
Enjoy! 🙂
–javier
My Cellar Door 
This worked great! Thanks!
Happy to read that it is useful 🙂
I tried following your recipe, but something went wrong in stage 4 I think – when I run “$ openssl version -a”, I keep getting “-bash: openssl: command not found”. Suggestions?
Try:
$ which openssl
That will tell you where openssl is, and then you can update your PATH.
I get “command not found” when running “$ which openssl” as well. Although When I try “brew install openssl”, I get “openssl-1.0.1i already installed”.
mmmm, it sounds like you don’t have a PATH created.
Try this: https://javigon.com/2012/09/06/recover-command-line-after-upgrading-mac-os-installing-command-line-tools-lion-mountain-lion/
to install the basics in your command line. Some OSX updates ruin your shell configuration (at least that’s my experience)
Thanks for quick answers! Followed the instructions in the link, but it does not seem to have changed much. Tried uninstalling and re-installing openssl through homebrew, but it didn’t change anything. This is what it says after I install openssl through homebrew:
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local.
Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.
The OpenSSL provided by OS X is too old for some software.
Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you’ll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
==> Summary
🍺 /usr/local/Cellar/openssl/1.0.1i: 430 files, 15M
Does that help in any way?
Seems I got it working now, through the “brew link –force openssl” command.
Super! Happy to hear that! 🙂
I seem to be getting this error WARNING: can’t open config file: /usr/local/etc/openssl/openssl.cnf.
Try using sudo, seems like you do not have permissions.
Worked nicely. Need the openssl header files (openssl/ssl.h etc) to build clamav from source. Any advise ?
Thanks! Seems that you need to install openssl (brew install openssl)
Yes, did that already but when I tried to make it gives me an error that it can’t find header. I found another asolution and installed 1.0.2 by building from source. The tried to build clamav from source. Still did not work.
Weird… the library should be installed with openssl. Have you checked your $PATH?
$ sudo mv /usr/bin/openssl ~/
Password:
mv: rename /usr/bin/openssl to /Users/KHF/openssl: Operation not permitted
What password should i give above ?
$ sudo mv /usr/bin/openssl ~/
Password:
mv: rename /usr/bin/openssl to /Users/KHF/openssl: Operation not permitted
Your own password. You are using superuser on your own machine I assume
May I know what password should i give? and why operation is not permitted ?
I am using my own machine..
Then use the superuser password – your root password. I think it’s always enabled in osx. If it’s not enabled you should enable it.
I gave my own password ..
Do you mean the password which I use to login my mac book ?
Yes
How to enable it ?
Use your osx password – it should be enabled 😉
I gave the same but still it is denied ..
$ sudo mv /usr/bin/openssl ~/
mv: rename /usr/bin/openssl to /Users/KHF/openssl: Operation not permitted
Even after enabling the root user operation seems to be denied..
If you use the right password, sudo will take you anywhere
read this if you are using OSX Capitan http://stackoverflow.com/questions/32590053/copying-file-under-root-got-failed-in-os-x-el-capitan-10-11/32590885#32590885
Pingback: MAC 上更新openssl – Itroadmap
Hello,
When I run openssl version on Mac OS X, I get:
OpenSSL 0.9.8zg 14 July 2015
I’m trying to update 1.0.2g by:
sudo ln -s /usr/local/Cellar/openssl/1.0.2g/bin/openssl /usr/bin/openssl
But getting the following error:
ln: /usr/bin/openssl: Operation not permitted
I tried: sudo mv /usr/bin/openssl /usr/bin/openssl_OLD
But got this error:
mv: rename /usr/bin/openssl to /usr/bin/openssl_OLD: Operation not permitted
Any help would be much appreciated.
Thanks!
Christian
Hi,
Watts that you are not allowed using sudo. Is root enabled?
For all with “Operation not permitted” error. It is because of rootless mode in El Capitan. Read more here:
http://stackoverflow.com/questions/32590053/copying-file-under-root-got-failed-in-os-x-el-capitan-10-11/32590885#32590885
and here: http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/
Hope it helps.
Thanks Erik!
Pingback: Update OpenSSL in OSX | godoggie123