So, on a client machine, we have Apache 2.2 installed that serves a single php application. Apache ssl_module is not enabled and there is no respective configuration for serving the application via https. As far as port 443 is concerned, I am not sure if it is open or refuses connections, but I can find out. On the php side, I know that the version installed is packaged with a vulnerable OpenSSL extension that is currently disabled.
Now, I need to enable the php openssl extension, as my application needs to perform https requests to an external API that accepts secure connections only (flickr in particular). Maybe I am a bit confused (or paranoid) with the whole heartbleed issue, but I have the following questions:
1/ Does enabling the vulnerable php openssl extension makes my application and/or server vulnerable to the heartbleed bug? And how?
2/ What is the correlation (if any) between apache ssl_module and openssl php extension? Is one prerequisite to the other and in which cases?
Thanks in advance
Make sure you have Apache 2.2.27 and beyond. Apache backtracked to the fix at 2.2.27