Before you update anything, I suggest you run rpm -e --test gnutls If this complains about "refers to more than one package" then use rpm -e --test gnutls.i386 gnutls.x86_64 This will tell you what other packages depend on the gnutls library. It's probably fewer than you think, because RHEL/CentOS have openssl packages as well. We determined that for our servers we could simply remove gnutls (desktops are a different matter). (Ideally "rpm -q --whatrequires" would tell you this, but in fact it does not unless you know the magic string that fully names "libgnutls.so...")