Download source code from openssl.org.

The final release  in the 1.0.2 train is 1.0.2u.

Releases in the 1.0.1 train prior to 1.0.1g are vulnerable to the Heartbleed Bug and are not safe to run in production. 1.0.1j provides SSL3 fallback (Poodle) attack prevention.

As of this writing, the latest and final 0.9 release is 0.9.8zh. This does not include TLS support, so ought to be considered primarily as a bug fix.

Verify the integrity of the download. Calculate the MD5 or SHA1 checksum or verify the GPG (PGP) signature of the file you download.

Explode the source tarball with:

tar -xzvf openssl-1.0.2u.tar.gz

The source code is unpacked into a newly created directory. Change to that directory:

cd openssl-1.0.2u

Now we need to create a makefile appropriate for our server. In our case, we want to install it in the default location that CentOS uses:

./config –prefix=/usr –openssldir=/usr/share zlib threads shared

Next, we actually compile the software:

make

The OpenSSL makefile supports an option to test the build. Run the following command if you want to test it before you actually install the software.

make test

Finally, install the software. This will overwrite any existing OpenSSL installation.

make install

Post install steps:

Older CentOS  systems will need a symlink in /usr/lib for some apps (sudo and others) to find the new library:

ln -s /usr/lib/libssl.so.1.0.0 libssl.so.6

Previous copies of openssl libraries will have to be removed manually.  Check the output of the following and remove those without symlinks:

ls -l /usr/lib64/libssl*

ls -l /usr/lib64/libcrypto*

Verify the installation with the command:

openssl version