Open in app

Sign in

Write

Sign in

Upgrade OpenSSL for MacOS

Maxim
2 min readFeb 4, 2020

--

I needed to generate a self-signed certificate/key and run into an issue that the built-in OpenSSL version has no support for sha256 digest

Tested on my mac book with macOS High Sierra (10.13.6). Here is my output of built-in OpenSSL:

$ /usr/bin/openssl version -a
LibreSSL 2.2.7
built on: date not available
platform: information not available
options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: information not available
OPENSSLDIR: "/private/etc/ssl"

The first thing we need to do is install brew if it is not installed.

$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then I executed those commands:

brew update
brew upgrade
brew install openssl
mkdir -p /usr/local/lib
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
brew link - force openssl

The last command likely to complain about not able to replace macOS built-in OpenSSL:

$ brew link -f openssl
Warning: Refusing to link macOS-provided software: openssl
If you need to have openssl@1.1 first in your PATH run:
 echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.bash_profile
For compilers to find openssl@1.1 you may need to set:
 export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib"
 export CPPFLAGS="-I/usr/local/opt/openssl@1.1/include"
For pkg-config to find openssl@1.1 you may need to set:
 export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"

I just followed the recommendations and updated PATH to have openssl from /usr/local/opt/openssl and done;

$ openssl version -a
OpenSSL 1.1.1d 10 Sep 2019
built on: Thu Sep 12 09:33:18 2019 UTC
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
OPENSSLDIR: "/usr/local/etc/openssl@1.1"
ENGINESDIR: "/usr/local/Cellar/openssl@1.1/1.1.1d/lib/engines-1.1"
Seeding source: os-specific

I hope those instructions can help you.

Openssl
Brew
Mac Os X

--

--

Maxim
Maxim

Written by Maxim

4 Followers
31 Following

Principal Software Engineer at Docker, ex f5 Networks engineer. Opinions are mine

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams