Bodo, some comments inline...

On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote:
> OpenSSL Security Advisory [8 February 2011]
> OCSP stapling vulnerability in OpenSSL
> Which applications are affected
> -------------------------------
> Applications are only affected if they act as a server and call
> SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
> Apache httpd >= 2.3.3.

In httpd >= 2.3.3, OCSP Stapling is currently disabled by default.  To enable 
it, the "SSLUseStapling On" directive must be added to the config.  Since 
SSL_CTX_set_tlsext_status_cb() is only called when OCSP Stapling has been 
enabled, I conclude that the default configuration is not vulnerable.

A couple of months ago I proposed to httpd-dev that OCSP Stapling should be 
enabled by default.  Steve Henson was cautiously sympathetic to the idea...
"My personal opinion would be to, at least initially, require an explicit 
directive to enable it and leave the option in future to have it enabled by 
...but Igor Galić replied with...
"If we want to see more extensive testing in the field, then this is the right 
time to make 'On' the default."

Maybe httpd should:
1. Check the version number of the OpenSSL runtime library.
2. Log a warning if a vulnerable OpenSSL version is detected.
3. Definitely avoid enabling Stapling by default if a vulnerable OpenSSL 
version is detected.

(Sorry, I guess I've drifted a bit off-topic for this list).

> OCSP stapling is defined in RFC 2560.

RFC 2560 defines OCSP, but not OCSP Stapling.

OCSP Stapling is the popular term for the Certificate Status Request TLS 
Extension defined most recently by RFC 6066 (previous versions: RFC 4366, RFC 

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project                       
Development Mailing List             
Automated List Manager                 

Reply via email to