This guide shows how to compile OpenSSL under Linux in WSL2.

• ☑ WSL2 with Ubuntu 24.04 LTS (recommended) or Fedora
• ☑ Build tools installed
• ☑ For aarch64: Cross-compiler installed

→ Set up WSL

# PowerShell (Administrator)
wsl --install Ubuntu-24.04 --no-launch
wsl -d Ubuntu-24.04

Ubuntu 24.04 (recommended):

sudo apt-get update
sudo apt-get install -y \
    build-essential \
    perl \
    git \
    wget \
    file
 
# For aarch64 cross-compilation:
sudo apt-get install -y \
    gcc-aarch64-linux-gnu \
    g++-aarch64-linux-gnu \
    binutils-aarch64-linux-gnu

Fedora:

sudo dnf install -y gcc make perl git wget file
# Cross-compilers for aarch64 are harder to install on Fedora
# Ubuntu 24.04 is recommended

# Create build directory
sudo mkdir -p /opt/openssl-build
sudo chown $(id -u):$(id -g) /opt/openssl-build
 
# Mount Windows drive (if not auto-mounted)
sudo mkdir -p /mnt/d
sudo mount -t drvfs D: /mnt/d 2>/dev/null || true
 
# Copy sources (with tar for complete copy)
cd /mnt/d/Workspace/openssl-3.6.0/l4re/src
tar cf - . | tar xf - -C /opt/openssl-build

cd /opt/openssl-build
 
# Standard configuration
./Configure linux-x86_64 \
    --prefix=/opt/openssl-3.6 \
    --openssldir=/opt/openssl-3.6/ssl \
    shared
 
# OR with FIPS module (recommended for production):
./Configure linux-x86_64 \
    --prefix=/opt/openssl-3.6 \
    --openssldir=/opt/openssl-3.6/ssl \
    enable-fips \
    shared

# Build with all CPU cores
make -j$(nproc)

sudo make install

For ARM64 targets like L4Re Microkernel:

# Separate build directory for aarch64
sudo rm -rf /opt/openssl-aarch64-build
sudo mkdir -p /opt/openssl-aarch64-build
sudo chown $(id -u):$(id -g) /opt/openssl-aarch64-build
 
# Copy sources
cd /mnt/d/Workspace/openssl-3.6.0/l4re/src
tar cf - . | tar xf - -C /opt/openssl-aarch64-build
 
# Configure for aarch64
cd /opt/openssl-aarch64-build
./Configure linux-aarch64 \
    --cross-compile-prefix=aarch64-linux-gnu- \
    --prefix=/opt/openssl-3.6-aarch64 \
    --openssldir=/opt/openssl-3.6-aarch64/ssl \
    shared \
    enable-fips \
    no-async
 
# Build
make -j$(nproc)
 
# Verify result
file libcrypto.so.3
# Expected output: ELF 64-bit LSB shared object, ARM aarch64

/opt/openssl-3.6/
├── bin/
│   └── openssl                # CLI Tool
├── include/
│   └── openssl/               # Headers for FFI
├── lib64/
│   ├── libcrypto.so.3         # ~7.4 MB - Crypto Library
│   ├── libssl.so.3            # ~1.3 MB - SSL/TLS Library
│   ├── libcrypto.a            # Static Library
│   ├── libssl.a
│   └── ossl-modules/
│       └── fips.so            # ~3.2 MB - FIPS Provider
└── ssl/
    ├── openssl.cnf
    └── fipsmodule.cnf         # FIPS Configuration

# Check version
/opt/openssl-3.6/bin/openssl version -a
# Expected output: OpenSSL 3.6.0 1 Oct 2025
 
# Check providers (FIPS should be listed)
/opt/openssl-3.6/bin/openssl list -providers
 
# Check Post-Quantum algorithms
/opt/openssl-3.6/bin/openssl list -signature-algorithms | grep -i mldsa
/opt/openssl-3.6/bin/openssl list -kem-algorithms | grep -i mlkem
 
# Check shared library format
file /opt/openssl-3.6/lib64/libcrypto.so.3
# x86_64: ELF 64-bit LSB shared object, x86-64

# x86_64 Libraries
mkdir -p /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64
cp /opt/openssl-3.6/lib64/libcrypto.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/lib64/libssl.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/lib64/ossl-modules/fips.so /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/ssl/fipsmodule.cnf /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
 
# aarch64 Libraries
mkdir -p /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64
cp /opt/openssl-aarch64-build/libcrypto.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/libssl.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/providers/fips.so /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/providers/fipsmodule.cnf /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/

FROM ubuntu:24.04 AS builder
 
# Install build tools
RUN apt-get update && apt-get install -y \
    build-essential perl git wget file
 
# Copy OpenSSL sources
COPY openssl-src/ /build/src/
 
# Build with FIPS
WORKDIR /build/src
RUN ./Configure linux-x86_64 enable-fips --prefix=/opt/openssl && \
    make -j$(nproc) && \
    make install
 
# Runtime Image
FROM ubuntu:24.04
 
# Copy only the finished binaries
COPY --from=builder /opt/openssl /opt/openssl
 
# Set path
ENV PATH="/opt/openssl/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/openssl/lib64:$LD_LIBRARY_PATH"

Problem: Build on NTFS filesystem (/mnt/d/…)

Solution: Copy sources to Linux filesystem (see Step 2)

Problem: USB drives (external hard drives, USB sticks) are not automatically mounted in WSL2.

Solution: Mount manually with metadata flag:

sudo mkdir -p /mnt/d
sudo mount -t drvfs D: /mnt/d -o metadata

Problem: Incomplete sources (util/perl/ missing)

Solution: Copy sources with tar instead of cp -r

Problem: Old x86_64 artifacts in build directory

Solution: Run make clean before build

• Set up WSL
• 4. Testing
• Back to Build Overview

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional Last update: 2025-12-16 (verified with OpenSSL 3.6.0)