On 5/4/20 3:49 PM, Joe Orton wrote:
> I'd like to gauge consensus on removing the following mod_ssl features
> for 2.5. I am +1 (more or less strongly) on removing all the following:
>
> a) SSLInsecureRengotiation. If you haven't patched your clients for
> CVE-2009-3555 there is no hope. This should definitely be removed.
+1
>
> b) SSLRequire - this has been deprecated since it was subsumed into the
> better "Require expr" interface in 2.4.x.
+1
>
> c) Client-initiated renegotiation prevention mechanism. This was
> introduced mostly as a temporary workaround for CVE-2009-3555, and as
> the saying goes, there is nothing as permanent as a temporary
> workaround. This already doesn't apply for TLSv1.3, and it doesn't
> really add much for TLS < v1.3 so I think it can go completely.
+1 to the conclusion you did after Eric's post.
>
> d) SSLRandomSeed. This might have made sense in 1998 but at least with
> OpenSSL 1.1.1 which has a rewritten and fork-safe RAND, I think httpd
> should not be doing RAND seeding ever. Currently mod_ssl will splat
> random stack data, time() and the pid into the RNG state for each new
> connection. Unless someone can prove this is valuable and the OpenSSL
> PRNG is somehow broken OOTB, I think this code + directive should be
> dropped for OpenSSL 1.1.1+, including EGD support etc.
Do we drop it only for OpenSSL 1.1.1 or are there other older versions of
OpenSSL where this is save to drop?
And if we drop how do we drop it? If we can only drop it for OpenSSL 1.1.1 I
would be in favour
of sending a message to the log (INFO level) that it is just ignored. This
avoids that a config working with OpenSSL < 1.1.1
fails with OpenSSL 1.1.1 but the same Apache version.
>
> e) SSLCompression - enabling this has been considered (and documented
> as) a bad idea for a good while. IMO we should have "SSLCompression
> off" the hard-coded default and drop the directive.
+1
Regards
RĂ¼diger
