Categories: TutorialsUbuntu

How to Install OpenSSL Libraries on Ubuntu

OpenSSL is a robust, open-source toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, which are essential for secure communication over networks.

For developers working with secure connections, encryption, or digital certificates, installing and properly configuring OpenSSL libraries becomes a necessary skill.

Many developers encounter confusion when they try to build code that depends on OpenSSL. This often happens when they’ve installed the OpenSSL command-line tools but find themselves missing the development libraries needed for compilation.

Table of Contents

Toggle

Why OpenSSL Libraries Are Not Included in the Basic Package

Understanding Package Naming Conventions in Ubuntu

Ubuntu follows specific naming conventions for packages that are helpful to understand:

Base packages (like openssl) contain the executables and runtime libraries
Development packages are named with -dev suffix (like libssl-dev)
Runtime library packages often start with lib (like libssl1.1)

Learning these naming patterns makes finding the right packages much easier.

Installing OpenSSL Development Libraries

Method 1: Using Package Manager (Recommended)

The simplest and most reliable way to install OpenSSL development libraries is through the package manager:

sudo apt-get install libssl-dev

This installs the header files and development libraries needed for compiling programs that use OpenSSL.

Read: How to install and uninstall applications on Ubuntu – A Beginner’s guide

Method 2: Finding the Right Package Manually

If you’re not sure which package you need, Ubuntu provides several ways to search for packages:

# Search for packages containing “ssl”

apt-cache search ssl | grep dev

# Check which package provides a specific header file

apt-file search openssl/bio.h

The second command requires the apt-file tool, which you can install with sudo apt-get install apt-file followed by sudo apt-file update.

Read: Fix Broken Packages in Ubuntu 24.04: Step-by-Step Guide to Package Repair & Removal

Method 3: Using Tab Completion

Ubuntu’s bash supports helpful tab completion that can show available packages:

sudo apt-get install libssl-[TAB][TAB]

This will display all packages starting with “libssl-“, making it easier to find the right one.

Installing from Source

While using package managers is preferred, sometimes you might need a specific version not available in the repositories. Here’s how to install OpenSSL from source:

Step 1: Install Prerequisites

sudo apt-get install build-essential checkinstall zlib1g-dev

Step 2: Download the Source Code

Visit the OpenSSL website to find the version you need, then download it:

wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz

Always verify the integrity of downloaded files:

Step 3: Extract and Configure

tar -xf openssl-1.1.1g.tar.gz

cd openssl-1.1.1g

./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib

The shared option ensures that dynamic libraries are built, which is typically what you want for development.

Step 4: Compile and Install

make

sudo make install

Step 5: Configure the Dynamic Linker

Create a configuration file for the linker:

sudo bash -c ‘echo “/usr/local/ssl/lib” > /etc/ld.so.conf.d/openssl.conf’

sudo ldconfig

Step 6: Update PATH Environment Variable

Add the new OpenSSL binary directory to your PATH:

Step 7: Verify the Installation

Check that the correct version is now available:

openssl version

Configuring Your Project to Use OpenSSL

Including Headers in C/C++ Code

Include the necessary headers in your source files:

#include

Compilation and Linking

When compiling programs that use OpenSSL:

g++ -o myprogram myprogram.cpp -lssl -lcrypto

If you’ve installed OpenSSL in a custom location, you’ll need to specify the include and library paths:

g++ -o myprogram myprogram.cpp -I/usr/local/ssl/include -L/usr/local/ssl/lib -lssl -lcrypto

Using pkg-config

For more complex projects, pkg-config provides a cleaner way to get compiler flags:

g++ -o myprogram myprogram.cpp $(pkg-config –cflags –libs openssl)

Common Issues and Troubleshooting

Missing Headers

If you see errors like openssl/bio.h: No such file or directory, you need to install the development package (libssl-dev).

Linker Errors

If you get errors like undefined reference to ‘BIO_new’, ensure you’re linking with the correct libraries using -lssl -lcrypto.

Version Mismatch

If your code requires a specific OpenSSL version that differs from what’s provided by your distribution, consider installing from source or using container technologies to isolate your development environment.

Multiple OpenSSL Installations

If you have multiple OpenSSL installations, use the following to ensure you’re using the correct one:

which openssl

openssl version

echo $LD_LIBRARY_PATH

Understanding the Difference Between Runtime and Development Packages

The distinction between runtime and development packages can be confusing. Here’s a clear breakdown:

Runtime package (openssl): Contains the binary executables and shared libraries needed to run programs that use OpenSSL
Development package (libssl-dev): Contains header files, static libraries, and documentation needed to compile programs that use OpenSSL
Library package (libssl1.1): Contains the shared libraries that provide the actual OpenSSL implementation

Different Requirements for Different Distributions

Package naming conventions can vary between Linux distributions:

Ubuntu/Debian: Uses libssl-dev
CentOS/RHEL/Fedora: Uses openssl-devel
Arch Linux: Uses openssl

This is important to know if you’re working across different environments or writing documentation for multiple platforms.

Maintaining OpenSSL Security

Security vulnerabilities in cryptographic libraries like OpenSSL can have serious implications. Always:

Keep your OpenSSL installation updated with the latest security patches
Subscribe to security announcements from your distribution
Regularly check for OpenSSL updates, especially after major vulnerability disclosures

FAQ

Why are development files separate from runtime files?

Development files (headers, static libraries) are separated to reduce disk usage and simplify dependency management for end-users who don’t need to compile software.

How do I check which version of OpenSSL I have installed?

Use the command openssl version to check the version of the OpenSSL command-line tool.

Can I have multiple versions of OpenSSL installed simultaneously?

Yes, but it requires careful configuration of include paths, library paths, and environment variables to ensure each application uses the intended version.

What’s the difference between -lssl and -lcrypto when linking?

-lssl links against the SSL/TLS implementation, while -lcrypto links against the cryptographic functions. Most applications using OpenSSL need both.

How do I upgrade OpenSSL without breaking existing applications?

When upgrading OpenSSL, test your applications thoroughly before deploying to production. Consider using compatibility layers or containerization if breaking changes occur.

What’s the relationship between OpenSSL and LibreSSL?

LibreSSL is a fork of OpenSSL created by the OpenBSD team with a focus on simplicity and security. It maintains API compatibility but has different development goals.

How do I verify that my OpenSSL installation is secure?

Use tools like openssl s_client and online security scanners to test your SSL/TLS configuration. Stay informed about security advisories and apply patches promptly.

The post How to Install OpenSSL Libraries on Ubuntu appeared first on net2.

Ubuntu Server Admin

Next 70% of IT teams spend more than 6 hours per week on security patching – new IDC research »

Previous « Rivos and Canonical partner to deliver scalable RISC-V solutions in Data Centers and enable an enterprise-grade Ubuntu experience across Rivos platforms

Ubuntu