User Tools

Site Tools


Howto switch to OpenSSL 1.0 for TLS Connections

Debian and Ubuntu

First of all you need to make and install OpenSSL 1.0.2r from source.

sudo apt install build-essential checkinstall zlib1g-dev -y

cd /usr/src


tar -xvzf openssl-1.0.2r.tar.gz

cd openssl-1.0.2r

./config -d --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

make test

make install

nano /etc/

Add this line and save:

sudo ldconfig -v

mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
mv /usr/bin/openssl /usr/bin/openssl.BEKUP

export PATH=$PATH:/usr/local/ssl/bin

Link binaries to path:

sudo ln -s /usr/local/ssl/bin/c_rehash /usr/bin/c_rehash
sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl


sudo shutdown -r now

Check OpenSSL path, should return '/usr/bin/openssl'.

which openssl

Check OpenSSL version, should return 'OpenSSL 1.0.2r 26 Feb 2019'.

openssl version

Modify '/usr/src/kamailio/src/modules/tls/makefile'.

Change this:

ifneq ($(SSL_BUILDER),)
	DEFS += $(shell $(SSL_BUILDER) --cflags)
	LIBS += $(shell $(SSL_BUILDER) --libs)
	DEFS += -I$(LOCALBASE)/ssl/include
	LIBS += -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib \
			-L$(LOCALBASE)/lib64 -L$(LOCALBASE)/ssl/lib64 \
			-lssl -lcrypto
	# NOTE: depending on the way in which libssl was compiled you might
	#       have to add -lz -lkrb5   (zlib and kerberos5).
	#       E.g.: make TLS_HOOKS=1 TLS_EXTRA_LIBS="-lz -lkrb5"

To this:

DEFS+=	-I/usr/local/ssl/include
LIBS+=	-L/usr/local/ssl/lib \
		-lssl -lcrypto

Make clean, make and make install:

cd /usr/src/kamailio/src/modules/tls
make clean
make install
tutorials/tls/howto-openssl-1-0.txt · Last modified: 2019/05/13 11:17 by shaunjstokes