I want to make sure the version of OpenSSL on my Amazon EC2 Linux instance is up-to-date.

AWS uses OpenSSL to provide an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and a general-purpose cryptography library. Amazon Linux AMIs are updated periodically, but you can update or check the version on existing instances.

Connect to the instance and run these commands, depending on the operating system:
Amazon Linux / Red Hat Enterprise Linux

  • Run the command sudo yum update openssl

Ubuntu Server

  1. Run the command sudo apt-get update
  2. Run the command sudo apt-get upgrade

Use the operating system’s built-in package management tools to query the current release.
Amazon Linux

  • Run the command sudo yum info openssl

The version displayed should be 1.0.1e Release 37.66 or later.

Red Hat Enterprise Linux

  • Run the command sudo yum info openssl

The version displayed should be 1.0.1e-16.el6_5.7 or later.

Ubuntu Server

  • Run the command sudo dpkg –s openssl

On Ubuntu Server 12.04 LTS, the version displayed should be 1.0.1-4ubuntu5.12 or later.

On Ubuntu Server 13.10, the version displayed should be 1.0.1e-3ubunt1.2 or later.

On Ubuntu Server 14.04 LTS, the version display should be 1.0.1f-1ubuntu2.7 or later.

OpenSSL, Linux, Windows Server, update

Follow the instructions at Install and Configure OpenSSL.

  1. Connect to your instance using an IAM account that is a member of the local Users group.
  2. Open a command-prompt window and navigate to the \bin subdirectory of the OpenSSL installation folder.
  3. Run the command openssl
  4. Run the command version
    Verify that you have the latest updates installed for your version by checking https://www.openssl.org/news/vulnerabilities.html
  5. Run the command quit to exit.

If you use Elastic Load Balancing, Amazon CloudFront, AWS CloudFormation, or AWS Elastic Beanstalk, you should regenerate your private keys and CSR (certificate signing request), submit the new CSR to your certificate authority, and obtain a replacement SSL certificate. For more information, see these topics:


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.