Following the TLS audit work, I have spent the past fortnight reading mod_ssl source carefully. The Apache SSL/TLS module is the most-deployed open-source SSL/TLS server in 2001. Understanding how it actually works seemed worth doing.
A short writeup of what I found.
The architecture
mod_ssl wraps OpenSSL into the Apache module API. The module hooks several Apache request-processing phases:
- Initialisation — load the certificate, set up the SSL context.
- Connection — perform the SSL handshake when a connection arrives.
- Per-request — populate environment variables with SSL session details.
- Termination — clean up SSL state.
The glue between Apache and OpenSSL is the largest part of the code by line count. The cryptographic operations themselves are essentially passthrough to OpenSSL.
What I found readable
The handshake handling is well-organised. The state machine for SSL handshake — SSLv3 versus TLSv1 versus SSLv2, the various message types, the negotiation of cipher suites — is captured in a small set of functions that follow the protocol RFCs closely. Reading the code while reading RFC 2246 (TLS 1.0) is productive.
The certificate-validation code is similarly well-structured. The chain validation, the CRL checking (when configured), the various extensions — each is in its own function with clear interfaces.
The configuration parser is straightforward.
What I found concerning
Three specific issues.
The SSL session cache is shared across processes via shared memory. This is correct architecturally — Apache forks per-request — but the synchronisation is implementation-dependent. On some platforms, the locking primitives are not as robust as the design assumes. A poorly-tested platform combination could produce subtle races.
The certificate-renewal handling is awkward. Reloading a certificate (e.g. after rotation) requires a full Apache restart. The configuration parser does not support online reload of certificate files. For high-availability deployments this is a real operational issue.
The default cipher-suite list is overly inclusive. As I noted in the TLS audit, mod_ssl's default SSLCipherSuite ALL permits weak ciphers. The default is in the source for compatibility reasons; operators consistently fail to override it.
What this changes about my advice
For operators running mod_ssl:
Override the default cipher suite. Use something like SSLCipherSuite HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA or a recent-best-practice equivalent.
Plan for restart-based certificate rotation. Schedule certificate-rotation maintenance windows; build the rotation process around the assumption that Apache will need to restart.
Watch for shared-memory issues on unusual platforms. If you are running on a less-common Unix variant, be cautious about high-concurrency deployments.
For my own infrastructure: I have updated my mod_ssl configuration to apply the cipher-suite restrictions. My certificate rotation procedure was already restart-based.
A small reflection on reading source
The mod_ssl source is, on the whole, well-written code from a small team that took the cryptographic engineering seriously. The issues I found are not major; they are operational details that come up in serious deployment. Reading the source is the cheapest way to find them; the documentation does not always cover the operational edges.
I continue to find that one evening of reading source produces more practical knowledge than several weeks of reading deployment guides. The discipline is worth recommending broadly.
More as the year develops.