The elusive latest version of OpenSSL, we finally meet.
As everyone knows, CentOS does not always ship with the latest version of softwares. The core repo focuses more on stability rather than freshness.
We recently needed to update OpenSSL on a server with HTTP/2 enabled. The server has nginx setup to handle SSL connections, which it hands off to Varnish which further hands the request back to Apache w/ PHP-FPM.
Get the pre-requisites
yum groupinstall "Development Tools"
Start off by changing your directory to /usr/src
Fetch the latest source for OpenSSL, at the time of writing it was 1.0.2k. Head over to this page to get the latest source
tar -zxf openssl-1.0.2k.tar.gz
Step into the extracted folder
Run configure and install
./config make make test make install
At this point, it is best to backup the current OpenSSL binary file
mv /usr/bin/openssl /root/backup
Now link to the latest version so it is globally accessible
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
That should do it, enter openssl version at shell to verify