Update OpenSSL on OS X with Homebrew

Question

I'm using MacOS X 10.7.5 and I need a newer OpenSSL version due to handshake failures. There are several tutorials on the internet and I tried the following:

brew install openssl
brew link openssl --force

Nevertheless, it does not work:

openssl version
OpenSSL 0.9.8r 8 Feb 2011

brew unlink openssl && brew link openssl --force
Unlinking /usr/local/Cellar/openssl/1.0.1e... 1139 links removed
Linking /usr/local/Cellar/openssl/1.0.1e... 1139 symlinks created

The SVN issue is not resolved either. Any ideas? I would rather not try the MacPorts way because it may interfere with Homebrew.

Answer 1

For those, who are using macOS Monterey and are installing latest openssl v3 with brew, it's located in completely different path:

/opt/homebrew/Cellar/openssl@3/

A specific version is installed in the subfolder and the binary is reachable at (example for v.3.0.7):

/opt/homebrew/Cellar/openssl@3/3.0.7/bin/openssl

Using brew link --force openssl is still valid to create symlinks. Though it creates symlinks, the system openssl installed in /usr/bin/openssl has a preference because it's located earlier in the $PATH list. So the solution will be to set the local symlink:

ln -s /opt/homebrew/Cellar/openssl@3/3.0.7/bin/openssl /usr/local/bin/openssl

This preserves 2 version in different path but /usr/local/bin has the highest priority when searching in $PATH. The drawback is that you'll need to update a symlink once a new version updated with brew because each version is located in a separate subfolder now.

Answer 2

On OSX Big Sur, I had a very frustrating experience with the error, because all of the solutions lean on using brew install. But running brew install was always returning an error like:

Error: 
  homebrew-core is a shallow clone.
To `brew update`, first run:
  git -C /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core fetch --unshallow
This command may take a few minutes to run due to the large size of the repository.
This restriction has been made on GitHub's request because updating shallow
clones is an extremely expensive operation due to the tree layout and traffic of
Homebrew/homebrew-core and Homebrew/homebrew-cask. We don't do this for you
automatically to avoid repeatedly performing an expensive unshallow operation in
CI systems (which should instead be fixed to not use shallow clones). Sorry for
the inconvenience!

But I couldn't run that command because git was failing with:

% git -C /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core fetch --unshallow
dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
  Referenced from: /usr/local/libexec/git-core/git-remote-https
  Reason: image not found

In the end, the solution was to reinstall git.

brew reinstall git

And then update symlinks, if necessary:

brew link --overwrite git

Answer 3

On mac OS X Yosemite, after installing it with brew it put it into

/usr/local/opt/openssl/bin/openssl

But kept getting an error "Linking keg-only openssl means you may end up linking against the insecure" when trying to link it

So I just linked it by supplying the full path like so

ln -s /usr/local/opt/openssl/bin/openssl /usr/local/bin/openssl

So now when I do

$ openssl version -a

It's showing version OpenSSL 1.0.2o.

So I guess it worked!

Answer 4

Try:

mkdir homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C homebrew

Afterwards try:

brew install homebrew/portable-ruby/portable-openssl

Answer 5

installed openssl on mac with brew but nothing found on /usr/local/bin where other brew installed bins are located. Found my fresh openssl here:

/usr/local/opt/openssl/bin/openssl

Run it like this:

/usr/local/opt/openssl/bin/openssl version

I don't want to update OS X openssl, while some OS stuff or other 3rd party apps may have dependency on older version.

I also don't mind longer path than just openssl

Writing this here for all the Googlers who are looking for location of openssl installed by brew.

Answer 6

1. install port: https://guide.macports.org/
2. install or upgrade openssl package: sudo port install openssl or sudo port upgrade openssl
3. that's it, run openssl version to see the result.

Answer 7

I had problems installing some Wordpress plugins on my local server running php56 on OSX10.11. They failed connection on the external API over SSL.

Installing openSSL didn't solved my problem. But then I figured out that CURL also needed to be reinstalled.

This solved my problem using Homebrew.

brew rm curl && brew install curl --with-openssl

brew uninstall php56 && brew install php56 --with-homebrew-curl --with-openssl

Answer 8

In a terminal, run:

export PATH=/usr/local/bin:$PATH
brew link --force openssl

You may have to unlink openssl first if you get a warning: brew unlink openssl

This ensures we're linking the correct openssl for this situation. (and doesn't mess with .profile)

Hat tip to @Olaf's answer and @Felipe's comment. Some people - such as myself - may have some pretty messed up PATH vars.

Answer 9

To answer your question regarding updating openssl I followed these steps to successfully update the version found on my Mac to the newest openssl version 1.0.1e.

I followed the steps found here: http://foodpicky.com/?p=99

When you reach the steps for terminal commands make and make install be sure to use sudo make and sudo make install (I had to go through the step-by-step twice because I did it without sudo and it did not update).

Hope this helps

Answer 10

If you're using Homebrew /usr/local/bin should already be at the front of $PATH or at least come before /usr/bin. If you now run brew link --force openssl in your terminal window, open a new one and run which openssl in it. It should now show openssl under /usr/local/bin.

Answer 11

I had this issue and found that the installation of the newer openssl did actually work, but my PATH was setup incorrectly for it -- my $PATH had the ports path placed before my brew path so it always found the older version of openssl.

The fix for me was to put the path to brew (/usr/local/bin) at the front of my $PATH.

To find out where you're loading openssl from, run which openssl and note the output. It will be the location of the version your system is using when you run openssl. Its going to be somewhere other than the brewpath of "/usr/local/bin". Change your $PATH, close that terminal tab and open a new one, and run which openssl. You should see a different path now, probably under /usr/local/bin. Now run openssl version and you should see the new version you installed "OpenSSL 1.0.1e 11 Feb 2013".