I'd like to gauge consensus on removing the following mod_ssl features for 2.5. I am +1 (more or less strongly) on removing all the following:
a) SSLInsecureRengotiation. If you haven't patched your clients for CVE-2009-3555 there is no hope. This should definitely be removed. b) SSLRequire - this has been deprecated since it was subsumed into the better "Require expr" interface in 2.4.x. c) Client-initiated renegotiation prevention mechanism. This was introduced mostly as a temporary workaround for CVE-2009-3555, and as the saying goes, there is nothing as permanent as a temporary workaround. This already doesn't apply for TLSv1.3, and it doesn't really add much for TLS < v1.3 so I think it can go completely. d) SSLRandomSeed. This might have made sense in 1998 but at least with OpenSSL 1.1.1 which has a rewritten and fork-safe RAND, I think httpd should not be doing RAND seeding ever. Currently mod_ssl will splat random stack data, time() and the pid into the RNG state for each new connection. Unless someone can prove this is valuable and the OpenSSL PRNG is somehow broken OOTB, I think this code + directive should be dropped for OpenSSL 1.1.1+, including EGD support etc. e) SSLCompression - enabling this has been considered (and documented as) a bad idea for a good while. IMO we should have "SSLCompression off" the hard-coded default and drop the directive. Regards, Joe
