Homebrew refusing to link OpenSSL

brew link
brew install curl --with-openssl
brew openssl dev
brew install openssl 12
[openssl library could not be loaded, make sure openssl 1.0 or 1.1 is installed]
refusing to link macos-provided software bison
brew install mongodb with-openssl
brew install specific version

I'm on: OSX 10.11.6, Homebrew version 0.9.9m OpenSSL 0.9.8zg 14 July 2015

I'm trying to play with with dotnetcore and by following their instructions,

I've upgraded/installed the latest version of openssl:

> brew install openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
Already downloaded: /Users/administrator/Library/Caches/Homebrew/openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Pouring openssl-1.0.2h_1.el_capitan.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

But when I try to link openssl I continue to run into this linking error:

> brew link --force openssl
Warning: Refusing to link: openssl
Linking keg-only OpenSSL means you may end up linking against the insecure,
deprecated system version while using the headers from the Homebrew version.
Instead, pass the full include/library paths to your compiler e.g.:
  -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib

The option to include compiler flags doesn't make sense to me, since I'm not compiling these libraries that I'm dependent on.

EDIT dotnetcore has updated their instructions:

brew update    
brew install openssl    
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/    
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/

As the update to the other answer suggests, the workaround of installing the old openssl101 brew will no longer work. For a right-now workaround, see this comment on dotnet/cli#3964.

The most relevant part of the issue copied here:

I looked into the other option that was suggested for setting the rpath on the library. I think the following is a better solution that will only effect this specific library.

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.0/System.Security.Cryptography.Native.dylib

and/or if you have NETCore 1.0.1 installed perform the same command for 1.0.1 as well:

sudo install_name_tool -add_rpath /usr/local/opt/openssl/lib /usr/local/share/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.dylib

In effect, rather than telling the operating system to always use the homebrew version of SSL and potentially causing something to break, we're telling dotnet how to find the correct library.

Also importantly, it looks like Microsoft are aware of the issue and and have both a) a somewhat immediate plan to mitigate as well as b) a long-term solution (probaby bundling OpenSSL with dotnet).

Another thing to note: /usr/local/opt/openssl/lib is where the brew is linked by default:

13:22 $ ls -l /usr/local/opt/openssl
lrwxr-xr-x  1 ben  admin  26 May 15 14:22 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2h_1

If for whatever reason you install the brew and link it in a different location, then that path is the one you should use as an rpath.

Once you've update the rpath of the System.Security.Cryptography.Native.dylib libray, you'll need to restart your interactive session (i.e., close your console and start another one).

Force link openssl error? · Issue #891 · Homebrew/brew · GitHub, brew link --force openssl Warning: Refusing to link: openssl Linking just indicate creating the link manually, ie doing what brew refuses to do. > brew link --force openssl Warning: Refusing to link: openssl Linking keg-only OpenSSL means you may end up linking against the insecure, deprecated system version while using the headers from the Homebrew version.


This is what worked for me:

brew update
brew install openssl
ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/
ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/bin/openssl

Thanks to @dorlandode on this thread https://github.com/Homebrew/brew/pull/597

NB: I only used this as a temporary fix until I could spend time correctly installing Openssl again from scratch. As I remember I spent best part of a day debugging and having issues before I realised the best way was to manually install the certs I needed one by one. Please read the link in @bouke's comment before attempting this.

Brew refusing to link openssl · Issue #6415 · dotnet/runtime · GitHub, Refusing to link: openssl Linking keg-only OpenSSL means you may end up linking against the insecure, deprecated system version while  Refusing to link: openssl Linking keg-only OpenSSL means you may end up linking against the insecure, deprecated system version while using the headers from the Homebrew version. Instead, pass the


OpenSSL not getting linked with homebrew on El Capitan 10.11.6 , Warning: Refusing to link: openssl . My path references /usr/local/bin as the first one. Ran this command: ln -s /usr/local  > brew link --force openssl Warning: Refusing to link: openssl Linking keg-only OpenSSL means you may end up linking against the insecure, deprecated system version while using the headers from the Homebrew version.


Just execute brew info openssland read the information where it says:

If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

Using the OpenSSL library with macOS Sierra - Timothy Ko, Usually, you would just install OpenSSL with Homebrew…. $ brew install openssl​. And then link it… $ brew link --force openssl. Warning: Refusing to link:  Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew's openssl.


If migrating your mac breaks homebrew:

I migrated my mac, and it unlinked all my homebrew installs - including OpenSSL. This broke gem install, which is how I first noticed the problem and started trying to repair this.

After a million solutions (when migrating to OSX Sierra - 10.12.5), the solution ended up being comically simple:

brew reinstall ruby
brew reinstall openssl

How to upgrade OpenSSL (macOS) - katopz, OpenSSL 1.0.2j, Homebrew 1.1.2, Mac 10.11.6. You'll see… Warning: Refusing to link: openssl. Linking keg-only openssl means you may end up linking  $ brew link --force openssl Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew's openssl.


Openssl rsa malloc() segfault on mac os x catalina, openssl genrsa -des3 -out private.pem 2048 Generating RSA private key, /usr/​bin/openssl $ brew link -f openssl Warning: Refusing to link  Refusing to link: openssl Linking keg-only OpenSSL means you may end up linking against the insecure, deprecated system version while using the headers from the Homebrew version.


Brew relink openssl, Warning: Refusing to link: openssl Linking keg-only OpenSSL means you may end 7 Jul 31, 2016 · brew update brew install openssl brew link --force openssl. % brew link openssl --force Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against the insecure, deprecated system OpenSSL while using the headers from Homebrew's openssl.


You are linking against OpenSSL 0.9.8, which is no longer , brew update brew install openssl brew link openssl --force Warning: Refusing to link: openssl Linking keg-only openssl means you may end up linking against​  From Brew refusing to link openssl on Stack Overflow and Issue 3964, .Net GitHub (I think it was first reported with .Net):. I looked into the other option that was suggested for setting the rpath on the library.