This works well on my Ubuntu 14.04
# Based on http://fearby.com/article/update-openssl-on-a-digital-ocean-vm/
Method1:
$ sudo apt-get update
$sudo apt-get install –only-upgrade libssl1.0.0 openssl
#check if it patches successfully.
$ zgrep -ie “(CVE-2016-2108|CVE-2016-2107)” /usr/share/doc/libssl1.0.0/changelog.Debian.gz
Output should be like this:
– debian/patches/CVE-2016-2107.patch: check that there are enough
– CVE-2016-2107
– debian/patches/CVE-2016-2108-1.patch: don’t mishandle zero if it is
– debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
– CVE-2016-2108
Method2:
$ sudo apt-get dist-upgrade
$ wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
$ tar -xvzf openssl-1.0.2h.tar.gz
$ cd openssl-1.0.2h
$ ./config –prefix=/usr/
$ make depend
$ sudo make install
$ openssl version
# OpenSSL 1.0.2h 3 May 2016
# now restart your nginx or other server
$ sudo service nginx restart
# check your website here https://www.ssllabs.com/ssltest/