OpenSSL
 

Hello,

I installed OpenSSL in which it corrected a few errors when testing the software. A quick background on the application. OpenSSL is an optional install. At the command line the application has the ability to open a browser up to allow user to use the browser instead of command line. The application can serve user logins.

Sage:
http://www.sagemath.org/doc/installa...er-environment
./sage -i openssl

./sage -f python

make ssl

Anyways, my question is with OpenSSL installed even without the intention to use it, is the machine vulnerable to any future issues or do I have to actually configure and enable it?


[root@math1 sage-6.4.1]# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Jan 20 17:30:05 UTC 2015
platform: linux-x86_64

Centos 6.4

Thanks, TT

Openssl is a crypto library. It is used in many security apllications.

It is usually used by applications which provide secure communication like internet, web, email.

It is used by web browsers, email, git, subversion, video chat clients, webservers, email servers and many.

As with all crypto resources, you do need to take the time to learn about OpenSSL and how to properly configure and use it. It's present on nearly all machines. No, its presence does not per se represent a vulnerability.

Contrast this, for example, with the SSH daemon, sshd, which might be running on a machine that you never actually intend to secure-login to from the outside. If you never intend to do that, that daemon should never be running, and if it is running, it must be properly configured and secured. SSL is a library, not a daemon.

Got it. Thanks for the clarification. I installed it cause the dam test runs kept on failing. Users who are accessing the Linux machine are going through VNC over SSH. The browser option provides GUI interface (can be opened http or https) but the web service itself is not accessible from any other machine