Hello Jane,

Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.

To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.

There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

Answer from Domic Vo on learn.microsoft.com
🌐
Serverpronto
serverpronto.com › kb › page.php
Update OpenSSL
Go to openssl-1.0.1g directory # make clean # ./config shared –prefix=/usr –openssldir=/usr/local/openssl # make && make test # make install 4. Done 5. Check the if you you have the latest version. Thus the openssl is updated to the latest one, and if not reboot your machine and check again.
Top answer
1 of 2
1

Hello Jane,

Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.

To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.

There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

2 of 2
0

To ensure that your applications are using the new version of OpenSSL after updating, you can follow these steps:

  1. Check OpenSSL Version: You can verify the installed version of OpenSSL by running the following command in your command line:
       openssl version
    
    This command will display the version of OpenSSL currently in use.
  2. Verify Application Dependencies: For applications that depend on OpenSSL, you may need to check their documentation or use specific commands to see which version of OpenSSL they are linked against. This can vary by application, but many applications will have a command-line option to display version information.
  3. Check for Multiple Versions: If you suspect that multiple versions of OpenSSL are installed, you can check the paths of the OpenSSL binaries in your system. Use the following command to find all instances of OpenSSL:
       where openssl
    
    This will show you the locations of the OpenSSL executables, and you can verify if the correct version is being used.
  4. Update Environment Variables: Ensure that your system's PATH environment variable points to the directory of the new OpenSSL installation. This can help ensure that applications use the correct version.
  5. Testing Applications: After updating, test your applications to ensure they function correctly. If they fail or report issues related to OpenSSL, they may still be referencing an older version.

By following these steps, you can confirm that your applications are using the updated version of OpenSSL and mitigate any vulnerabilities associated with older versions.

Discussions

Update OpenSSL recommendation
Hi all, I've been trying to find out how to deal with "openssl" recommendation that I get on almost all end user computers in Defender. I'm just... More on techcommunity.microsoft.com
🌐 techcommunity.microsoft.com
10
1
November 13, 2023
How to upgrade OpenSSL to 3.1.4
CISA came out that OpenSSL aversion 3.1.3 is vulnerable. I want to upgrade to 3.1.4(current version) but since we are running windows we need OpenSSl bundled already with Apache. On Apache Lounge, they have not updated the OpenSSL on the Apache(2.4.58 - win 64) bundle. Is there somewhere else ... More on community.atlassian.com
🌐 community.atlassian.com
January 4, 2024
[Help] How do i upgrade OpenSSL
I wouldn't invest time in an OS that goes out of support end of next month. Better to migrate to Rocky /Alma or another alternative as version 9 is out now. More on reddit.com
🌐 r/linuxadmin
10
0
May 23, 2024
security - How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source? - Stack Overflow
Replacing OpenSSL with the latest version from upstream (i.e. 1.0.1g) runs the risk of introducing functionality changes which may break compatibility with applications/clients in unpredictable ways, causes your system to diverge from RHEL, and puts you on the hook for personally maintaining future updates ... More on stackoverflow.com
🌐 stackoverflow.com
Top answer
1 of 1
4

Hello

I’m Adeyemi and I’d be happy to help you with your question.

Updating OpenSSL when it's integrated within applications can be a bit tricky, but it's not impossible. Here are some general steps you can follow:

  1. Identify the Applications: Determine which applications on your system are using OpenSSL. This might require checking the documentation or contacting the software vendor.
  2. Check for Updates: Many applications bundle OpenSSL and will provide updates that include updated versions of OpenSSL when they become available. Check the software vendor's website or contact them directly to see if they have released an update.
  3. Recompile the Application: If the application's source code is available, and it's feasible, you could recompile the application with the updated OpenSSL library. This is a more technical approach and requires some knowledge of programming and compilation.
  4. Use a Package Manager: If you're using a package manager like vcpkg, you can update just OpenSSL and nothing else. This might not be applicable in all scenarios, especially if the application statically links OpenSSL.

If none of the above options are viable, your best bet would be to contact the vendor of the software and inquire about their plans for addressing the OpenSSL vulnerability.

Remember, it's crucial to test all changes in a safe and reversible manner, ideally in a non-production environment first. Always backup your data before making such updates.

I hope this helps.

Give back to the community. Help the next person who has this issue by indicating if this reply solved your problem. Click Yes or No below.

Kind regards, Adeyemi

🌐
Rackspace
docs.rackspace.com › docs › update-openssl-on-ubuntu
Update OpenSSL on Ubuntu - Rackspace
In case OpenSSL is not installed on your system, use this step to install or update it to the newest version of the OpenSSL package.
🌐
Openssl-windows
openssl-windows.github.io › update-openssl-windows.html
How to Update OpenSSL on Windows 10 / 11 — Step-by-Step Guide
May 20, 2026 - How to update OpenSSL to the latest version on Windows 10 and 11. Check current version, download new installer, upgrade in place. Settings preserved.
🌐
IBM
ibm.com › support › pages › downloading-and-installing-or-upgrading-openssl-and-openssh
Downloading and Installing or Upgrading OpenSSL and OpenSSH
March 26, 2025 - Transfer the compressed OpenSSL tar file to the /tmp/newOpenSSL directory. Transfer the compressed OpenSSH tar file to the /tmp/newOpenSSH directory. 3) If /etc/ssh exists before the upgrade of OpenSSH or AIX, make a backup of the directory. Skip steps 3 and 9-10 if OpenSSH is not installed.
Find elsewhere
🌐
Atlassian Community
community.atlassian.com › q&a › confluence › questions › how to upgrade openssl to 3.1.4
How to upgrade OpenSSL to 3.1.4
January 4, 2024 - This worked for me. Thanks for the suggesting! A couple of notes to help others. Download the new version as a zip (instead of .exe) from https://kb.firedaemon.com/support/solutions/articles/4000121705-openssl-3-1-3-0-and-1-1-1-binary-distributions-for-microsoft-windows
🌐
CyRisk
cyrisk.com › security › upgrading-openssl-to-address-vulnerabilities
Upgrading OpenSSL to Address Vulnerabilities – CyRisk
January 7, 2025 - Package Manager (Linux/BSD): If ... to upgrade. Use commands like sudo apt-get update && sudo apt-get upgrade openssl (for Debian/Ubuntu) or sudo yum update openssl (for CentOS/RHEL)....
🌐
Baeldung
baeldung.com › home › security › how to safely upgrade the openssl library on debian
How to Safely Upgrade the OpenSSL Library on Debian | Baeldung on Linux
November 7, 2024 - Before initiating the OpenSSL upgrade, it’s usually best to assess and prepare the current environment. Let’s begin by updating the package repository using the apt update command:
🌐
Cloudzy
cloudzy.com › home › blog › security & networking › how to install openssl on windows 10 & 11
How to Install OpenSSL on Windows 10 & 11 · Cloudzy Blog
September 21, 2025 - For users managing multiple OpenSSL ... approach involves uninstalling the current version through Windows Add/Remove Programs, then downloading and installing the latest version from the official sources....
Top answer
1 of 11
49

The fix for the heartbleed vulnerability has been backported to 1.0.1e-16 by Red Hat for Enterprise Linux see, and this is therefore the official fix that CentOS ships.

Replacing OpenSSL with the latest version from upstream (i.e. 1.0.1g) runs the risk of introducing functionality changes which may break compatibility with applications/clients in unpredictable ways, causes your system to diverge from RHEL, and puts you on the hook for personally maintaining future updates to that package. By replacing openssl using a simple make config && make && make install means that you also lose the ability to use rpm to manage that package and perform queries on it (e.g. verifying all the files are present and haven't been modified or had permissions changed without also updating the RPM database).

I'd also caution that crypto software can be extremely sensitive to seemingly minor things like compiler options, and if you don't know what you're doing, you could introduce vulnerabilities in your local installation.

2 of 11
43

To manually compile OpenSSL, do as follows:

$ cd /usr/src

$ wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz -O openssl-1.0.1g.tar.gz

$ tar -zxf openssl-1.0.1g.tar.gz

$ cd openssl-1.0.1g

$ ./config

$ make

$ make test

$ make install

$ openssl version

If it shows the old version, do the steps below.

$ mv /usr/bin/openssl /root/

$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
openssl version
OpenSSL 1.0.1g 7 Apr 2014

http://olaitanmayowa.com/heartbleed-how-to-upgrade-openssl-in-centos/

🌐
Web Hosting Geeks
webhostinggeeks.com › home › ubuntu › how to update and upgrade openssl on ubuntu server
How to Update and Upgrade OpenSSL on Ubuntu Server | Linux Tutorials for Beginners
October 16, 2023 - Yes, Ubuntu provides unattended-upgrades, a package that can automate security updates, including OpenSSL. However, ensure you monitor automated processes for potential issues. ... Always take a backup before updating. If you face issues, you can revert to the backup or seek expert assistance.
🌐
Rackspace
docs.rackspace.com › support › how-to › update-openssl-on-ubuntu
Update OpenSSL on Ubuntu
September 3, 2021 - In case OpenSSL is not installed on your system, use this step to install or update it to the newest version of the OpenSSL package.
Top answer
1 of 2
9

First of all, never allow telnetd (telnet server) to listen for connections on a public interface. There's really no reason to ever use it on a modern system. Everything you can accomplish with telnet can be accomplished with SSH, and SSH is secure (connections are only allowed from authenticated clients, and communications are encrypted "on the wire"). Back up your private keys in a secure location.

To update openssl, assuming it's already installed:

sudo apt update && sudo apt install openssl

2 of 2
7

It really depends on why you are wanting to 'update' OpenSSL. Given that you have a recent LTS version of Ubuntu, ordinarily, all the usual bug fixes/vulnerabilities are ported into the packaged versions of OpenSSL and OpenSSH are handled for you. As such, building OpenSSL from source should be the last option.

In your situation, I would recommend that, unless you are looking for a specific unsupported feature, you use the packages in the Ubuntu package repositories.

In which case, the regular process for carrying out this sort of operation would be to run:

sudo apt-get update
sudo apt-get upgrade

If you know there is a newer version of OpenSSL you are attempting to use, you can simply upgrade that package individually by running:

sudo apt-get install openssl

If this returns 0 packages updated then there were no updates to the packages anyway.

Then look at the packages that Ubuntu wants to upgrade and make a more informed choice. If the package upgrade list looks sensible for what you are needing, then typing Y and enter will allow the upgrade process to proceed.

Of course, the best way to mitigate against the sort of 'I can't gain network access to my box' is to have console access to the box. Unfortunately, without knowing who your provider is, I cannot advise you as to whether that is possible, or by what mechanism you would do it. However, many provisioning systems give you at least some KVM functionality, so it may be possible. You would have to read the documentation from your host as to how to achieve this.

🌐
Dell
dell.com › support › manuals › en-us › data-iq › dataiq_pub_install_guide › upgrade-openssl
DataIQ 2.2.x.x Installation Guide | Dell US
For example: ... If the version is 1.1.1n or later, you can skip the rest of this topic. Example: ... On a computer connected to the internet, download the OpenSSL installation files from https://www.openssl.org/source/, for example, openssl-1.1.1n.tar.gz, and then transfer them to the DataIQ host.
🌐
Stack Overflow
stackoverflow.com › questions › 72266514 › how-do-i-update-openssl-on-windows-10-from-1-1-1h-to-1-1-1o
How do I update OpenSSL on Windows 10 from 1.1.1h to 1.1.1o - Stack Overflow
@DavidGrayson: historically native Windows apps did that, but Win10 up has WSL where the library handling and update methods are the same as a selected Unix distro, and all versions of Win (at least NT up) have had other Unix-like schemes such as gnuwin32 and cygwin/mingw/mingw64 each with their own library scheme. But yes it depends on what you installed/use. ... @DavidGrayson Unfortunately I can't be sure what was used to install it in the first place as that was before I was there. I can be sure it's 1.1.1h as I ran "openssl version" in PowerShell and it returned the version.