2

I have a requirement to upgrade SSL/TLS/OpenSSL. The server is RHEL 6 Enterprise.

In that server I am going to remove apache, which has not been not in use for a long time. After uninstalling apache , is it stil necessary to upgrade ssl/tls/openssl?

Or even broader, since neither a web server nor a webbrowser will be installed is there any need for OpenSSL at all?

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Ratheesh
  • 25
  • 3
  • Is there a particular vulnerability you're worried about? Or are you just looking to reduce the number of packages to reduce your attack surface? – Kassandry Sep 04 '15 at 07:18
  • Hi everybody..sorry, One correction..I want to use web browser. After uninstallation of web server, is there any need for ssl/tls/openssl at all? – Ratheesh Sep 04 '15 at 07:23
  • Yes. Because of vulnerability reason I have got this requirement. – Ratheesh Sep 04 '15 at 07:25

2 Answers2

3

Take a look at the output of 

yum remove openssl

It will list all of the packages that will also be removed because they depend upon the openssl package. Eventually it will quit with the error message

Error: Trying to remove "yum", which is protected

Removing openssl from your system is not practical or desirable.

Keeping it up-to-date with that provided by your distro is though desireable and practical.

user9517
  • 114,104
  • 20
  • 206
  • 289
2

Removing unneeded software is typically a good idea.

The openssl package is actually needed for a lot of required core functionality in a RHEL system. 

 sudo yum remove openssl

will fail but also show what also would have to be removed since it depends on openssl.

So do the right thing and upgrade the openssl package to the current patch level.

HBruijn
  • 72,524
  • 21
  • 127
  • 192