mod_tls

Prossimo Initiative
mod_tls logo

The Story

The Apache httpd server is a popular HTTP server. Server software like httpd is security critical because its primary job is to handle network requests and perform complex processing. It's a difficult job to perform securely even without having to worry about managing memory.

Unfortunately, Apache httpd is written in C, so manual memory management is a major concern. Like almost every other HTTP server written in C, it has a long history of memory safety vulnerabilities. The Internet is not going to provide the level of security that we need until the most popular HTTP servers are written in memory safe code.

What We've Done

In November of 2020 we contracted with Stefan Eissing to write mod_tls, a new TLS module for Apache httpd. The mod_tls module uses the largely memory safe Rustls TLS library instead of OpenSSL, bringing a much greater degree of security to a critical component of httpd.

The mod_tls module is available as an experimental module in httpd. If you're interested you can give it a shot today.

What's Next

Creating mod_tls was one of Prossimo's first projects and we learned quite a bit from building it. It also resulted in some ancillary improvements to TLS support in httpd, outside of mod_tls itself. While the initiative did not gain a significant usage, lessons learned here have helped us to design and prioritize future Prossimo initiatives.

ISRG does not plan to make further investments in mod_tls as we believe there are more effective investments to be made, investments that were not seen as options when we built mod_tls.

The Rustls TLS library has come a long way in the past few years due to ISRG's investments, and as of Q2 an OpenSSL compatibility layer is nearing an initial release. Eventually it should be possible to use Rustls with httpd's default TLS module, mod_ssl, by way of this compatibility layer. This would largely obviate the need for mod_tls.

Additionally, when we built mod_tls we did not have a legitimate strategy for improving memory safety in other servers/proxies that have more promising long-term market share trends. Since then the Rustls OpenSSL compatibility layer has become a viable strategy for bringing Rustls to Nginx, and Prossimo's River memory safe reverse proxy will hopefully be in a position to bring memory safety to the entire reverse proxy for many people, not just the TLS library.

Links

More from the Prossimo blog

February 2, 2021

A Memory Safe TLS Module for the Apache HTTP Server

The Apache HTTP Server, httpd, is an important piece of the Internet’s infrastructure. Hundreds of millions of websites use it every day to serve requests. As such, improvements to httpd security have broad impact.

Funders

Google