How to Compile OpenSSL to Support Weak Ciphers and 3DES

Posted by

If you used the third method to enable weak ciphers on Zimbra in the previous article, this is my approach to enable it.

For example, I am using Ubuntu for compile OpenSSL

– Install the package to compile

sudo apt-get update && sudo apt-get upgrade -y
sudo apt install build-essential make wget -y

– Get OpenSSL version that used by Zimbra

su - zimbra
openssl version

In the latest Zimbra patch, the OpenSSL version used is 3.0.9

Source: https://www.openssl.org

– Download the same version of OpenSSL

cd /srv/
wget -c https://www.openssl.org/source/old/3.0/openssl-3.0.9.tar.gz

– Extract and configure OpenSSL to Support Weak Ciphers and 3DES

tar -xvf openssl-3.0.9.tar.gz
cd openssl-3.0.9
./config enable-weak-ssl-ciphers enable-des shared --prefix=/opt/openssl-3.0.9 -Wl,-rpath=/opt/openssl-3.0.9/lib64 -DOPENSSL_TLS_SECURITY_LEVEL=0 

– Compile OpenSSL

sudo make
sudo make install

Please wait until the compilation process is complete

– Check the compiled openssl version

/opt/openssl-3.0.9/bin/openssl version

Below is the result

root@mail:~# /opt/openssl-3.0.9/bin/openssl version
OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

Good luck 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.