(1) 環境設定
4コア8GB CentOS 7.9.2009
アリババクラウドのyumリポジトリとepelリポジトリを設定します。
(2) ソースコードからOpenSSL 3.5.4をインストール
ダウンロードリンク:https://openssl-library.org/source/
- 依存関係のインストール
[root@localhost ~]# yum -y groupinstall "Development Tools"
[root@localhost ~]# yum -y install perl-core zlib zlib-devel wget curl tar
- コンパイルとインストール
[root@localhost ~]# tar xvf openssl-3.5.4.tar.gz
[root@localhost ~]# cd openssl-3.5.4
[root@localhost openssl-3.5.4]# ./config shared zlib threads enable-dynamic-engine --prefix=/usr/local/openssl-3.5.4 --openssldir=/usr/local/openssl-3.5.4/ssl
[root@localhost openssl-3.5.4]# make -j$(nproc)
[root@localhost openssl-3.5.4]# make install
- 環境変数の設定
[root@localhost openssl-3.5.4]# echo "export PATH=/usr/local/openssl-3.5.4/bin:$PATH" >> /etc/profile
[root@localhost openssl-3.5.4]# echo "export LD_LIBRARY_PATH=/usr/local/openssl-3.5.4/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}" >> /etc/profile
[root@localhost openssl-3.5.4]# echo "export PKG_CONFIG_PATH=/usr/local/openssl-3.5.4/lib64/pkgconfig${PKG_CONFIG_PATH:+:${PKG_CONFIG_PATH}}" >> /etc/profile
[root@localhost openssl-3.5.4]# source /etc/profile
(3) 動作確認
- コマンドラインツールのバージョン確認
新しいバージョンが表示されることを確認します。ここでは OpenSSL 3.5.4 と表示されるはずです。
[root@localhost openssl-3.5.4]# openssl version -a
OpenSSL 3.5.4 30 Sep 2025 (Library: OpenSSL 3.5.4 30 Sep 2025)
built on: Thu Jan 22 00:59:55 2026 UTC
platform: linux-x86_64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/openssl-3.5.4/ssl"
ENGINESDIR: "/usr/local/openssl-3.5.4/lib64/engines-3"
MODULESDIR: "/usr/local/openssl-3.5.4/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfefa32034f8bffff:0x18400704219c27ab:0x00000810bc004410:0x0000000000000000:0x0000000000000000
旧バージョンが存在することを確認します。ここでは OpenSSL 1.0.2k と表示されるはずです。
[root@localhost openssl-3.5.4]# /usr/bin/openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
- 動的ライブラリリンクの確認
新しいコマンドが新しいライブラリを参照していることを確認します。
[root@localhost openssl-3.5.4]# ldd /usr/local/openssl-3.5.4/bin/openssl | grep ssl
libssl.so.3 => /usr/local/openssl-3.5.4/lib64/libssl.so.3 (0x00007fe894dd0000)
libcrypto.so.3 => /usr/local/openssl-3.5.4/lib64/libcrypto.so.3 (0x00007fe89465a000)
旧コマンドが古いライブラリを参照していることを確認します。
[root@localhost openssl-3.5.4]# ldd /usr/bin/openssl | grep ssl
libssl.so.10 => /lib64/libssl.so.10 (0x00007ff956b5e000)
システムツール(例:curl)が古いライブラリを参照していることを確認します。
[root@localhost openssl-3.5.4]# ldd /usr/bin/curl | grep ssl
libssl3.so => /lib64/libssl3.so (0x00007f2f8ce6b000)
libssl.so.10 => /lib64/libssl.so.10 (0x00007f2f89fee000)
- システムのコア機能のテスト
yumの動作確認を行います。
[root@localhost openssl-3.5.4]# yum --version
3.4.3
Installed: rpm-4.11.3-48.el7_9.x86_64 at 2026-01-22 00:55
Built : CentOS BuildSystem <http://bugs.centos.org> at 2021-11-24 16:33
Committed: Michal Domonkos <mdomonko@redhat.com> at 2021-11-01
Installed: yum-3.4.3-168.el7.centos.noarch at 2026-01-11 11:26
Built : CentOS BuildSystem <http://bugs.centos.org> at 2020-10-01 17:03
Committed: CentOS Sources <bugs@centos.org> at 2020-09-29
Installed: yum-plugin-fastestmirror-1.1.31-54.el7_8.noarch at 2026-01-11 11:26
Built : CentOS BuildSystem <http://bugs.centos.org> at 2020-05-12 16:27
Committed: Michal Domonkos <mdomonko@redhat.com> at 2020-03-12
ネットワークツールの動作確認を行います。
[root@localhost openssl-3.5.4]# curl -I http://www.baidu.com
HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Content-Length: 0
Content-Type: text/html
Pragma: no-cache
Server: bfe
Date: Thu, 22 Jan 2026 01:12:28 GMT
- 新しいバージョンの機能確認
TLS 1.3などの新機能を使用するために、新しいコマンドを使用してテストを行います。
[root@localhost openssl-3.5.4]# /usr/local/openssl-3.5.4/bin/openssl s_client -connect www.example.com:443 -tls1_3
Connecting to 104.18.27.120
CONNECTED(00000003)
depth=3 C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2
verify return:1
depth=1 C=US, O=SSL Corporation, CN=Cloudflare TLS Issuing ECC CA 3
verify return:1
depth=0 CN=example.com
verify return:1
---
Certificate chain
0 s:CN=example.com
i:C=US, O=SSL Corporation, CN=Cloudflare TLS Issuing ECC CA 3
a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA256
v:NotBefore: Dec 16 19:39:32 2025 GMT; NotAfter: Mar 16 18:32:44 2026 GMT
1 s:C=US, O=SSL Corporation, CN=Cloudflare TLS Issuing ECC CA 3
i:C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2
a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
v:NotBefore: May 29 19:49:45 2025 GMT; NotAfter: May 27 19:49:44 2035 GMT
2 s:C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2
i:C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022
a:PKEY: EC, (secp384r1); sigalg: ecdsa-with-SHA384
v:NotBefore: Oct 21 17:02:23 2022 GMT; NotAfter: Oct 17 17:02:22 2037 GMT
3 s:C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022
i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
v:NotBefore: Aug 1 00:00:00 2025 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5jCCA4ygAwIBAgIQHt6YMH6gWUgj6oG69hVKZzAKBggqhkjOPQQDAjBRMQsw
CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQDDB9D
bG91ZGZsYXJlIFRMUyBJc3N1aW5nIEVDQyBDQSAzMB4XDTI1MTIxNjE5MzkzMloX
DTI2MDMxNjE4MzI0NFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAAQxGeN57lXS1F2bzwodXUhr+ATB5io3CVYr/hHs4/rb
3mvCUW52NRIbNkrRHQ2uMGU5uwBkjIaIDqay+5zgOsOUo4ICfzCCAnswDAYDVR0T
AQH/BAIwADAfBgNVHSMEGDAWgBSDA/3n9vVKTRVB9O0iFtMyCj7KZjBsBggrBgEF
BQcBAQRgMF4wOQYIKwYBBQUHMAKGLWh0dHA6Ly9pLmNmLWkuc3NsLmNvbS9DbG91
ZGZsYXJlLVRMUy1JLUUzLmNlcjAhBggrBgEFBQcwAYYVaHR0cDovL28uY2YtaS5z
c2wuY29tMCUGA1UdEQQeMByCC2V4YW1wbGUuY29tgg0qLmV4YW1wbGUuY29tMCMG
A1UdIAQcMBowCAYGZ4EMAQIBMA4GDCsGAQQBgqkwAQMBATATBgNVHSUEDDAKBggr
BgEFBQcDATBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vYy5jZi1pLnNzbC5jb20v
YWU4MDFlZDFjNTViYjU3OWQ3OTIwOGIwZDc3MmFjZmI4Y2MzYTIwOC5jcmwwDgYD
VR0PAQH/BAQDAgeAMA8GCSsGAQQBgtpLLAQCBQAwggEDBgorBgEEAdZ5AgQCBIH0
BIHxAO8AdgBkEcRspBLsp4kcogIuALyrTygH1B41J6vq/tUDyX3N8AAAAZsotfor
AAAEAwBHMEUCIH6tkhTl46lP0v/8OqzmV0Vv6DV2BwGM4ti3XoDRQ1nFAiEA86Rz
a7JZdJ606/IiceXynxVojyGT9ln8CuejwqnEv0EAdQDLOPcViXyEoURfW8Hd+8lu
8ppZzUcKaQWFsMsUwxRY5wAAAZsotfpMAAAEAwBGMEQCIHy1dzJqqc7jEtWwPemT
AYGpiVj3fLkRhQ3yac050aCYAiAaMfO5uaoqMBAyDjjmGbPuXR+Zj+0srsBcuev+
5cHDajAKBggqhkjOPQQDAgNIADBFAiEA8GtCQg+hhl3iG0L+9oJoB11mxvmgxw1W
ItuzTEQUqM8CIEsu4IvUQFmf2RYc3XiMWn+jQHISY/4G22VAmCdC9W28
-----END CERTIFICATE-----
subject=CN=example.com
issuer=C=US, O=SSL Corporation, CN=Cloudflare TLS Issuing ECC CA 3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ecdsa_secp256r1_sha256
Negotiated TLS1.3 group: X25519MLKEM768
---
SSL handshake has read 5070 bytes and written 1562 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 97546CE3CF4E86749ED4A2494FD3C14C077434FBCEE3FE68F58C6A5454BA3A75
Session-ID-ctx:
Resumption PSK: 6FE16808A8996D8679DCCA9814E3C51FE60D93E652D75DF9873C811468ECF2D065B002FD1784DE85548270621DB17876
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 1c d6 82 8d 48 50 7f 53-43 94 58 b3 5e 3d b4 95 ....HP.SC.X.^=..
0010 - 5e 2b 49 86 bb c6 d9 d9-db 5f f6 d7 68 91 02 00 ^+I......_..h...
0020 - 25 70 cb ce ab e9 bf 36-49 1d 40 77 23 9d 49 70 %p.....6I.@w#.Ip
0030 - b5 3d 36 1e d4 e5 04 05-13 c6 59 6b bd 44 15 41 .=6.......Yk.D.A
0040 - 72 72 43 5b 13 ee a0 ac-5a 78 72 7d ab a9 10 11 rrC[....Zxr}....
0050 - fe 35 10 6c 8c eb 10 ee-9c ca 39 3c 44 49 c0 7b .5.l......9<DI.{
0060 - 5b 71 ee 77 b2 b0 92 bb-29 bb 79 54 42 89 e9 b2 [q.w....).yTB...
0070 - c2 b5 d3 8b 3a c2 27 bf-ce ca 03 34 38 65 39 80 ....:.'....48e9.
0080 - 4c e5 30 7e 9a b3 ed c6-fb ca 8a 84 f7 32 9a d8 L.0~.........2..
0090 - 56 0d e3 a3 e1 06 b5 5f-80 4d 0a e2 d1 cd ec 52 V......_.M.....R
00a0 - 46 ed 7a 82 3a 24 f4 f6-48 5c f6 21 c9 94 12 f0 F.z.:$..H\.!....
00b0 - b0 a8 52 3d e7 d7 25 89-79 16 a6 43 27 42 a7 8e ..R=..%.y..C'B..
Start Time: 1769044439
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 555BC06BCDC2C890C74F13C88B23F522B603509E757D8F96ABFE436195E67F04
Session-ID-ctx:
Resumption PSK: EAC151BD715F1532F5B0E2B61DA29A10910267103EF15CCBDC4AF87591A0159B80264D63AAF4C641D806F35BE54D0E4E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 1c d6 82 8d 48 50 7f 53-43 94 58 b3 5e 3d b4 95 ....HP.SC.X.^=..
0010 - 62 17 1c d4 ae ef 17 81-c2 a2 62 c5 40 cb ca 24 b.........b.@..$
0020 - 58 4d 42 33 a0 78 92 b9-2c b3 4b d5 5e f2 6f 71 XMB3.x..,.K.^.oq
0030 - 74 f0 b2 1a 10 b4 a9 11-60 03 81 7d 28 4c 29 3e t.......`..}(L)>
0040 - d3 94 71 86 99 f0 86 82-93 7d ed 81 38 55 31 20 ..q......}..8U1
0050 - cf 63 c6 0d 9d b7 fa 49-5f 8c 7b b0 73 ca d0 87 .c.....I_.{.s...
0060 - 27 5d 98 46 25 dc 3a 14-f7 dd 98 a0 d0 83 92 5b '].F%.:........[
0070 - ae a3 f4 6b 78 e4 51 38-e0 06 25 7f 43 b3 67 1c ...kx.Q8..%.C.g.
0080 - 34 22 61 a5 d8 cd ed 8c-c4 9f 74 1a 7b f5 68 e9 4"a.......t.{.h.
0090 - 02 a6 f5 f1 79 d9 fc ae-90 83 e8 9d f3 cc cb b1 ....y...........
00a0 - 81 cb 05 e2 de 5f a6 15-16 9a 81 2d 81 98 17 bd ....._.....-....
00b0 - f3 e6 f0 e4 87 19 7a d1-b3 0e 40 2f 83 dd 65 a2 ......z...@/..e.
Start Time: 1769044439
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed