This guide covers installing DSSSL as a replacement for system OpenSSL.
- Test in a non-production environment first
- Create backups before installation
- Have a rollback plan ready
- Understand the implications for your system
- Root access - Installation requires root privileges
- Build tools - Ensure build dependencies are installed
- Backup space - Ensure sufficient disk space for backups
- Testing environment - Test in VM or non-critical system first
# Clone DSSSL repository
git clone https://github.com/SWORDIntel/DSSSL.git
cd DSSSL
# Build DSSSL (if not already built)
./util/build-dsllvm-world.sh --clean
# Run installer (as root)
sudo ./install-dsssl.shThe installer performs the following steps:
- Detection - Detects current OpenSSL installation
- Backup - Creates backup of system OpenSSL
- Build - Builds DSSSL if not already built
- Install - Installs DSSSL binaries and libraries
- Verify - Verifies installation success
- Rollback Script - Creates rollback script for easy restoration
# Custom installation prefix (default: /usr/local)
INSTALL_PREFIX=/opt/dsssl ./install-dsssl.sh
# Custom backup directory
BACKUP_DIR=/backup/openssl-$(date +%Y%m%d) ./install-dsssl.sh
# Custom log file
LOG_FILE=/var/log/dsssl-install.log ./install-dsssl.sh
# Force installation without confirmation
FORCE_INSTALL=1 ./install-dsssl.shINSTALL_PREFIX=/opt/dsssl \
BACKUP_DIR=/backup/openssl-backup \
LOG_FILE=/var/log/dsssl-install.log \
./install-dsssl.sh/usr/local/bin/openssl(or$INSTALL_PREFIX/bin/openssl)/usr/bin/openssl(symlink to DSSSL binary)
/usr/lib/libssl.so.3(or/usr/lib64/libssl.so.3)/usr/lib/libcrypto.so.3(or/usr/lib64/libcrypto.so.3)- Symlinks:
libssl.so,libcrypto.so
/usr/local/include/openssl/(or$INSTALL_PREFIX/include/openssl/)
After installation, verify DSSSL is working:
# Check version
openssl version
# Should show DSSSL or DSMIL in version string
openssl version -a
# Test basic functionality
openssl speed
# Test TLS 1.3
openssl s_client -connect google.com:443 -tls1_3
# Test hybrid KEM (if configured)
openssl s_client -groups X25519MLKEM768 -connect server:443If you need to restore the original OpenSSL:
# Find backup directory
ls -la /opt/dsssl-backup-*
# Run rollback script
sudo /opt/dsssl-backup-YYYYMMDD-HHMMSS/rollback.shOr manually restore:
# Restore binary
sudo cp /opt/dsssl-backup-*/openssl.bin /usr/bin/openssl
# Restore libraries
sudo cp /opt/dsssl-backup-*/lib/* /usr/lib/
sudo ldconfig
# Restore /usr/bin/openssl if it was moved
if [ -f /usr/bin/openssl.system ]; then
sudo mv /usr/bin/openssl.system /usr/bin/openssl
fi# Register DSSSL with alternatives system
sudo update-alternatives --install /usr/bin/openssl openssl /usr/local/bin/openssl 100 \
--slave /usr/lib/libssl.so libssl.so /usr/lib/libssl.so.3 \
--slave /usr/lib/libcrypto.so libcrypto.so /usr/lib/libcrypto.so.3
# Switch between OpenSSL versions
sudo update-alternatives --config opensslIf you have services that depend on OpenSSL, restart them:
# Restart services that use OpenSSL
sudo systemctl restart apache2
sudo systemctl restart nginx
sudo systemctl restart postgresql
# etc.Note: Installing DSSSL may conflict with package managers. Consider:
-
Holding packages (Debian/Ubuntu):
sudo apt-mark hold openssl libssl-dev
-
Excluding from updates (RHEL/CentOS):
sudo yum versionlock openssl
# Check library paths
ldconfig -p | grep ssl
# Update library cache
sudo ldconfig
# Check library dependencies
ldd /usr/bin/openssl# Check which OpenSSL is being used
which openssl
openssl version
# Check library versions
ldd $(which openssl) | grep sslIf DSSSL isn't built:
# Build manually
cd /path/to/DSSSL
./util/build-dsllvm-world.sh --clean
# Verify build
ls -la .openssl/apps/openssl
ls -la .openssl/libssl.so*# Ensure script is executable
chmod +x install-dsssl.sh
# Run as root
sudo ./install-dsssl.sh- Backup system - Full system backup recommended
- Test environment - Test in VM or non-production system
- Documentation - Document current OpenSSL version
- Dependencies - List applications using OpenSSL
- Maintenance window - Plan for potential downtime
- Test applications - Test all critical applications
- Monitor logs - Check system logs for errors
- Performance - Monitor performance impact
- Security - Verify security features work
- Rollback plan - Keep rollback script accessible
To completely remove DSSSL:
# Restore original OpenSSL
sudo /opt/dsssl-backup-*/rollback.sh
# Remove DSSSL files
sudo rm -f /usr/local/bin/openssl
sudo rm -f /usr/lib/libssl.so.3
sudo rm -f /usr/lib/libcrypto.so.3
sudo rm -rf /usr/local/include/openssl
# Update library cache
sudo ldconfig# Build with custom options
cd DSSSL
./Configure dsllvm-world --prefix=/opt/dsssl
make -j$(nproc)
make install
# Then run installer with custom prefix
INSTALL_PREFIX=/opt/dsssl ./install-dsssl.shTo keep both system OpenSSL and DSSSL:
# Install DSSSL to custom location
INSTALL_PREFIX=/opt/dsssl ./install-dsssl.sh
# Use DSSSL via PATH
export PATH=/opt/dsssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/dsssl/lib:$LD_LIBRARY_PATH
# Or use alternatives system (see above)For installation issues:
- Check installation log:
/var/log/dsssl-install.log - Review backup information:
/opt/dsssl-backup-*/backup-info.txt - Verify system compatibility
- Contact support team
- DSSSL installation modifies system libraries
- All changes are logged for audit purposes
- Backups are created automatically
- Rollback capability is provided
- Installation requires root privileges
Classification: UNCLASSIFIED // FOR OFFICIAL USE ONLY