OpenSSL 3.2

卸载旧的1.0.2k-fips

yum -y remove openssl openssl-devel

检查依赖

就是开发工具包和Perl

yum -y groupinstall "Development Tools"
yum -y install perl-IPC-Cmd

获取源码

wget https://www.openssl.org/source/openssl-3.2.1.tar.gz
tar -zxvf openssl-3.2.1.tar.gz 
cd openssl-3.2.1/

编译

必须禁用掉国密死妈(sm)算法

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-sm2 no-sm3 no-sm4

make -j $(nproc)
make install

更新环境变量

ldconfig
echo "export PATH=/usr/local/openssl/bin:\$PATH" >> /etc/profile
echo "export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH" >> /etc/profile
source /etc/profile

检查版本

openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)

Nginx 1.27

获取源码

wget https://nginx.org/download/nginx-1.27.0.tar.gz
tar -zxvf nginx-1.27.0.tar.gz
cd nginx-1.27.0/

编译

./configure --with-openssl=../openssl-3.2.1 --with-http_ssl_module --with-http_v2_module --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid

make
make install

检查版本

nginx -v
nginx version: nginx/1.27.0