Bodo, some comments inline... On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote: > OpenSSL Security Advisory [8 February 2011] > > OCSP stapling vulnerability in OpenSSL <snip> > Which applications are affected > ------------------------------- > > Applications are only affected if they act as a server and call > SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes > Apache httpd >= 2.3.3.
In httpd >= 2.3.3, OCSP Stapling is currently disabled by default. To enable it, the "SSLUseStapling On" directive must be added to the config. Since SSL_CTX_set_tlsext_status_cb() is only called when OCSP Stapling has been enabled, I conclude that the default configuration is not vulnerable. A couple of months ago I proposed to httpd-dev that OCSP Stapling should be enabled by default. Steve Henson was cautiously sympathetic to the idea... "My personal opinion would be to, at least initially, require an explicit directive to enable it and leave the option in future to have it enabled by default." ...but Igor Galić replied with... "If we want to see more extensive testing in the field, then this is the right time to make 'On' the default." Maybe httpd should: 1. Check the version number of the OpenSSL runtime library. 2. Log a warning if a vulnerable OpenSSL version is detected. 3. Definitely avoid enabling Stapling by default if a vulnerable OpenSSL version is detected. (Sorry, I guess I've drifted a bit off-topic for this list). <snip> > OCSP stapling is defined in RFC 2560. RFC 2560 defines OCSP, but not OCSP Stapling. OCSP Stapling is the popular term for the Certificate Status Request TLS Extension defined most recently by RFC 6066 (previous versions: RFC 4366, RFC 3546). Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List email@example.com Automated List Manager majord...@openssl.org