So, on a client machine, we have Apache 2.2 installed that serves a single php application. Apache ssl_module is not enabled and there is no respective configuration for serving the application via https. As far as port 443 is concerned, I am not sure if it is open or refuses connections, but I can find out. On the php side, I know that the version installed is packaged with a vulnerable OpenSSL extension that is currently disabled.
Now, I need to enable the php openssl extension, as my application needs to perform https requests to an external API that accepts secure connections only (flickr in particular). Maybe I am a bit confused (or paranoid) with the whole heartbleed issue, but I have the following questions:
1/ Does enabling the vulnerable php openssl extension makes my application and/or server vulnerable to the heartbleed bug? And how?
2/ What is the correlation (if any) between apache ssl_module and openssl php extension? Is one prerequisite to the other and in which cases?
Thanks in advance
