On Mon, May 4, 2020 at 9:49 AM Joe Orton <jor...@redhat.com> wrote: > > I'd like to gauge consensus on removing the following mod_ssl features > for 2.5. I am +1 (more or less strongly) on removing all the following: > > a) SSLInsecureRengotiation. If you haven't patched your clients for > CVE-2009-3555 there is no hope. This should definitely be removed. > > b) SSLRequire - this has been deprecated since it was subsumed into the > better "Require expr" interface in 2.4.x. > > c) Client-initiated renegotiation prevention mechanism. This was > introduced mostly as a temporary workaround for CVE-2009-3555, and as > the saying goes, there is nothing as permanent as a temporary > workaround. This already doesn't apply for TLSv1.3, and it doesn't > really add much for TLS < v1.3 so I think it can go completely.
I am not familiar with this one in mod_ssl but I am familiar with the issue. Does it generate distinctive log messages for TLS < 1.3 that are useful for e.g. fail2ban? Has OpenSSL caught up and can we directly kill client-initiated renegotiation? > > d) SSLRandomSeed. This might have made sense in 1998 but at least with > OpenSSL 1.1.1 which has a rewritten and fork-safe RAND, I think httpd > should not be doing RAND seeding ever. Currently mod_ssl will splat > random stack data, time() and the pid into the RNG state for each new > connection. Unless someone can prove this is valuable and the OpenSSL > PRNG is somehow broken OOTB, I think this code + directive should be > dropped for OpenSSL 1.1.1+, including EGD support etc. > > e) SSLCompression - enabling this has been considered (and documented > as) a bad idea for a good while. IMO we should have "SSLCompression > off" the hard-coded default and drop the directive. > +1 to the others they are long past any practical/transitional use
