Best way to have a system with openssl-1.1 and 3.0?

Michael Brunnbauer brunni at
Tue Sep 5 17:58:12 UTC 2023

hi all,

I am planning the migration to openssl 3.0 on my self-compiled linux systems.
There is a non-negotiable requirement to support old packages that will only
compile with openssl 1.1 - like PHP < 8.1. This is usually not a problem as
the openssl 3 shared libraries have a new version number but there are some
tricky dependency-problems - one of which I cannot solve:

I assume that no binary should both link to openssl 1.1 and 3.0 either directly
or indirectly (via shared libraries using openssl)? This poses a problem with 
apache, libcurl and libmysql which are all used by php and linked to openssl.

I can install apache linked with openssl 3.0 under a separate prefix and
compile php (also installed under a version-specific prefix) with mysqlnd such 
that libmysql is not linked. This leaves only libcurl as a problem and I do
not know how to solve it. I tried installing libcurl linked with openssl 1.1
under /usr/curl_openssl1 and then compiling php with that path specified.

But the Loader will alway prefer the found under /usr/lib64
to the one under /usr/curl_openssl1/lib. It seems having two libcurls with
the same version number linked to different openssl version is not an option.

Is there a way to solve this?


Michael Brunnbauer

++  Michael Brunnbauer
++  netEstate GmbH
++  Geisenhausener Straße 11a
++  81379 München
++  Tel +49 89 32 19 77 80
++  Fax +49 89 32 19 77 89 
++  E-Mail brunni at
++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
++  USt-IdNr. DE221033342
++  Geschäftsführer: Michael Brunnbauer
++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list