OpenSSL
Hello,
I installed OpenSSL in which it corrected a few errors when testing the software. A quick background on the application. OpenSSL is an optional install. At the command line the application has the ability to open a browser up to allow user to use the browser instead of command line. The application can serve user logins. Sage: http://www.sagemath.org/doc/installa...er-environment ./sage -i openssl ./sage -f python make ssl Anyways, my question is with OpenSSL installed even without the intention to use it, is the machine vulnerable to any future issues or do I have to actually configure and enable it? [root@math1 sage-6.4.1]# openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Tue Jan 20 17:30:05 UTC 2015 platform: linux-x86_64 Centos 6.4 Thanks, TT |
Openssl is a crypto library. It is used in many security apllications.
It is usually used by applications which provide secure communication like internet, web, email. It is used by web browsers, email, git, subversion, video chat clients, webservers, email servers and many. |
As with all crypto resources, you do need to take the time to learn about OpenSSL and how to properly configure and use it. It's present on nearly all machines. No, its presence does not per se represent a vulnerability.
Contrast this, for example, with the SSH daemon, sshd, which might be running on a machine that you never actually intend to secure-login to from the outside. If you never intend to do that, that daemon should never be running, and if it is running, it must be properly configured and secured. SSL is a library, not a daemon. |
Quote:
|
All times are GMT -5. The time now is 08:41 PM. |