On Mon, May 4, 2015 at 4:26 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> --------- Original Message --------- > Subject: Re: Disable SSLv3 by default > From: "Arkadiusz Miśkiewicz" <ar...@maven.pl> > Date: 10/17/14 1:57 pm > To: dev@httpd.apache.org > > On Friday 17 of October 2014, Kaspar Brand wrote: > > On 17.10.2014 12:02, Takashi Sato wrote: > > > SSLv3 is now insecure (CVE-2014-3566, POODLE) > > > Let's disable SSLv3 by default, at least trunk. > > > > > > SSLProtocol default is "all". > > > <http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol> > > > "all" means "a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL > > > 1.0.1 and later - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, respectively." > > > > > > Should we remove SSLv3 from "all" ? > > > > From a semantic point of view, I wouldn't do that. As long as we still > > allow SSLv3 to be used, "all" should really mean "all protocols which > > can be enabled in mod_ssl". > > Then add "safe" option (leaving "all" as is) and make "safe" default. safe > would point to known safe protocols at release time. > > > Is this a responsible recommendation, though? Does TLSv1.0 offer any > significant improvement over SSLv3.0 that HTTP server project endorses? > Can or should 'we' officially designate SSLv3 as undesirable without > making the same recommendation for TLSv1.0? > > It seems to me that SAFE at this time is TLSv1.2. > > It also seems to me that the first problem to solve is to ensure if the > user > removes SSLv3 (+/- TLSv1.0) from their openssl installed binary, that we > simply respect that. In that case, 'SSLProtocol all' should be just the > remaining supported TLSv1.1 and TLSv1.2 protocols, or TLSv1.2-only. > And as I purge out all of my stale drafts - I notice this was brought up again w.r.t. POODLE. I don't believe we want to alter the behavior of any config that the user has deployed on a subrevision update (2.4.13 or 2.2.30, for ex.) We should propose solid new default configs, including the exclusion of both SSLv3.0 and TLSv1.0, and aim to default to TLSv1.2 only (ciphers and protocols) effective with 2.6 or 3.0, and by default on maintenance branches as of the beginning of the coming year.
