Hello Jane,
Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.
To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.
There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.
Answer from Domic Vo on learn.microsoft.comHello Jane,
Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.
To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.
There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.
To ensure that your applications are using the new version of OpenSSL after updating, you can follow these steps:
- Check OpenSSL Version: You can verify the installed version of OpenSSL by running the following command in your command line:
This command will display the version of OpenSSL currently in use.openssl version - Verify Application Dependencies: For applications that depend on OpenSSL, you may need to check their documentation or use specific commands to see which version of OpenSSL they are linked against. This can vary by application, but many applications will have a command-line option to display version information.
- Check for Multiple Versions: If you suspect that multiple versions of OpenSSL are installed, you can check the paths of the OpenSSL binaries in your system. Use the following command to find all instances of OpenSSL:
This will show you the locations of the OpenSSL executables, and you can verify if the correct version is being used.where openssl - Update Environment Variables: Ensure that your system's PATH environment variable points to the directory of the new OpenSSL installation. This can help ensure that applications use the correct version.
- Testing Applications: After updating, test your applications to ensure they function correctly. If they fail or report issues related to OpenSSL, they may still be referencing an older version.
By following these steps, you can confirm that your applications are using the updated version of OpenSSL and mitigate any vulnerabilities associated with older versions.
Update OpenSSL recommendation
How to upgrade OpenSSL to 3.1.4
[Help] How do i upgrade OpenSSL
security - How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source? - Stack Overflow
Videos
Hi, I am using Centos 7 and currently has OpenSSL 3.1.3 on it. I want to upgrade it to 3.1.4 or 3.1.5.
How do i actually do that..
I googled and i tried the
/config
make install make test procedure. it was successful but the new version wont reflect.
Any tips or guidance? TIA
The fix for the heartbleed vulnerability has been backported to 1.0.1e-16 by Red Hat for Enterprise Linux see, and this is therefore the official fix that CentOS ships.
Replacing OpenSSL with the latest version from upstream (i.e. 1.0.1g) runs the risk of introducing functionality changes which may break compatibility with applications/clients in unpredictable ways, causes your system to diverge from RHEL, and puts you on the hook for personally maintaining future updates to that package. By replacing openssl using a simple make config && make && make install means that you also lose the ability to use rpm to manage that package and perform queries on it (e.g. verifying all the files are present and haven't been modified or had permissions changed without also updating the RPM database).
I'd also caution that crypto software can be extremely sensitive to seemingly minor things like compiler options, and if you don't know what you're doing, you could introduce vulnerabilities in your local installation.
To manually compile OpenSSL, do as follows:
$ cd /usr/src
$ wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz -O openssl-1.0.1g.tar.gz
$ tar -zxf openssl-1.0.1g.tar.gz
$ cd openssl-1.0.1g
$ ./config
$ make
$ make test
$ make install
$ openssl version
If it shows the old version, do the steps below.
$ mv /usr/bin/openssl /root/
$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
openssl version
OpenSSL 1.0.1g 7 Apr 2014
http://olaitanmayowa.com/heartbleed-how-to-upgrade-openssl-in-centos/
It already has OpenSSL version 1.1.1k. How do I upgrade it to the latest version? I already tried "sudo dnf update openssl" after installing epel-release. It says nothing to update. I downloaded the latest OpenSSL RPM file, extracted but it doesn't have a folder called "config". I was not able to do anything. Can someone shed some light? Thanks.
First of all, never allow telnetd (telnet server) to listen for connections on a public interface. There's really no reason to ever use it on a modern system. Everything you can accomplish with telnet can be accomplished with SSH, and SSH is secure (connections are only allowed from authenticated clients, and communications are encrypted "on the wire"). Back up your private keys in a secure location.
To update openssl, assuming it's already installed:
sudo apt update && sudo apt install openssl
It really depends on why you are wanting to 'update' OpenSSL. Given that you have a recent LTS version of Ubuntu, ordinarily, all the usual bug fixes/vulnerabilities are ported into the packaged versions of OpenSSL and OpenSSH are handled for you. As such, building OpenSSL from source should be the last option.
In your situation, I would recommend that, unless you are looking for a specific unsupported feature, you use the packages in the Ubuntu package repositories.
In which case, the regular process for carrying out this sort of operation would be to run:
sudo apt-get update
sudo apt-get upgrade
If you know there is a newer version of OpenSSL you are attempting to use, you can simply upgrade that package individually by running:
sudo apt-get install openssl
If this returns 0 packages updated then there were no updates to the packages anyway.
Then look at the packages that Ubuntu wants to upgrade and make a more informed choice. If the package upgrade list looks sensible for what you are needing, then typing Y and enter will allow the upgrade process to proceed.
Of course, the best way to mitigate against the sort of 'I can't gain network access to my box' is to have console access to the box. Unfortunately, without knowing who your provider is, I cannot advise you as to whether that is possible, or by what mechanism you would do it. However, many provisioning systems give you at least some KVM functionality, so it may be possible. You would have to read the documentation from your host as to how to achieve this.