← ServerPilot Docs

Upgrading OpenSSL on Ubuntu LTS

Like all major Linux distributions, Ubuntu backports security and bug fixes so that updates do not break applications due to version incompatibilities.

Ubuntu only packages the latest versions of software when there is a new Ubuntu release. Then, for the life of each Ubuntu release, they keep software patched to ensure security and stability without introducing breaking changes.

The table below lists the OpenSSL version installed on each Ubuntu version. As long as your server's Ubuntu version has not reached its end of life, the OpenSSL installation on your server is being regularly updated with security patches.

Ubuntu Version OpenSSL Version Changelog
Ubuntu 24.04 OpenSSL 3.0.13 changelog
Ubuntu 22.04 OpenSSL 3.0.2 changelog
Ubuntu 20.04 OpenSSL 1.1.1 changelog
Ubuntu 18.04 OpenSSL 1.1.1 changelog
Ubuntu 16.04 OpenSSL 1.0.2 changelog
Ubuntu 14.04 OpenSSL 1.0.1 changelog

False Positives from PCI Scanners

If you receive a PCI compliance warning telling you to update to the most recent version of OpenSSL, your PCI scanner is most likely showing a false positive.

You do not and should not take any action to change your server.

Instead, let the company performing the PCI scan know the version of Ubuntu the server is running and the version of the OpenSSL package installed on the server. You can get this information using the following commands:

lsb_release -r

dpkg --list openssl

You may also want to provide the company performing the scan with a link to the OpenSSL changelog for your server's Ubuntu version (see the table above).

Do not attempt to replace OpenSSL on your server with any other version. If you do, ServerPilot will not be able to provide support for any breakage this may cause.
Last updated: December 13, 2024

Launch your first site in 5 minutes