Tue Apr 16 2024 06:03:35 UTC
 All that is gold does not glitter, not all those who wander are lost.
Hide Search Description
110 bugs found.
ID Product Comp Assignee Status Resolution Summary Changed
47514 Apache h mod_ssl bugs NEW --- Personal data and restrictions based on subject directory attributes extension 2009-07-13
49717 Apache h mod_ssl bugs NEW --- PATCH: Enable SSL Timeout 2011-02-12
43997 Apache h mod_ssl bugs REOP --- Only issue "Init: SSL server IP/Port conflict" if certificates are different. 2011-05-10
42688 Apache h mod_ssl bugs NEW --- engine managed keys: per process openssl context 2011-12-19
52495 Apache h mod_ssl bugs NEW --- CACertificate, CADNCertificate, CARevocation, CertificateChain, Certifcate and CertificateKey per directory context 2012-02-04
52874 Apache h mod_ssl bugs NEW --- Support Use TrustedFirst checking when verifying client certificate chain 2012-03-13
54385 Apache h mod_ssl bugs NEW --- SSL configuration independent from virtual hosts, automatic certificate selection. 2013-01-08
54830 Apache h mod_ssl bugs NEW --- Make SSLPProxyMachineCertificateFile configurable per location 2013-04-11
53899 Apache h mod_ssl bugs NEW --- SSL_OP_ALL disables the mitigation code for CVE-2011-3389 2013-06-23
45801 Apache h mod_ssl bugs REOP --- SSLRequireSSL with strictrequire and satisfy any does not behave as expected 2013-08-07
55458 Apache h mod_ssl bugs NEW --- allow to configure what mod_ssl responds when one doesn't talk TLS/SSL to the port 2013-08-20
45054 Apache h mod_ssl bugs NEW --- SSLVerifyClient optional_no_ca is broken 2013-11-21
56135 Apache h mod_ssl bugs NEW --- Add DC to list of x509 components 2014-02-13
55467 Apache h mod_ssl bugs NEW --- Support for OpenSSL custom TLS extensions and supplemental data 2014-02-18
56475 Apache h mod_ssl bugs NEW --- Allow TLS record size to be configured 2014-04-30
56587 Apache h mod_ssl bugs NEW --- Many VirtualHost's with SSLEngine On 2014-06-03
53156 Apache h mod_ssl bugs NEW --- CRL validation fails if CRL is missing 2014-07-03
56508 Apache h mod_ssl bugs NEW --- Requiring SNI - SSLStrictSNIVHostCheck semantics 2014-07-16
56843 Apache h mod_ssl bugs NEW --- Support different OCSP stapling max ages 2014-08-12
57159 Apache h mod_ssl bugs NEW --- mod_ssl OCSP Stapling directives don't support per-certificate settings 2014-10-28
56028 Apache h mod_ssl bugs NEW --- Add http/1.0, http/1.1 NPN advertisement to enable TLS False Start 2015-01-27
57646 Apache h mod_ssl bugs NEW --- SSLEngine inside If directive 2015-02-27
57680 Apache h mod_ssl bugs NEW --- SSLSessionCacheTimeout has no effect 2015-03-09
57131 Apache h mod_ssl bugs NEW --- OCSP Stapling scalability concern 2015-05-23
57949 Apache h mod_ssl bugs NEW --- new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose 2015-05-25
59626 Apache h mod_ssl bugs NEW --- mod_ssl configuration directives ExportCertData and StdEnvVars, and other ssl environment variables can't be used with a fastcgi authenticator 2016-05-24
59957 Apache h mod_ssl bugs NEW --- Suppress or reduce severity of AH01906 for self-signed certificates 2016-08-07
60028 Apache h mod_ssl bugs NEW --- mod_ssl does not accept expired client certificates even with SSLVerifyClient optional_no_ca 2016-08-22
60186 Apache h mod_ssl bugs NEW --- Adding a SSL Verify directive to accept expired client certificate 2016-09-29
60457 Apache h mod_ssl bugs NEW --- SSLOCSPEnable setting is not inherited from server config into vhost config 2016-12-08
46037 Apache h mod_ssl bugs NEED --- Configuration of trusted OCSP responder certificates 2017-03-02
60843 Apache h mod_ssl bugs NEW --- mod_ssl_ct sends empty SCT TLS extension 2017-03-09
60943 Apache h mod_ssl bugs NEW --- mod_ssl enables all of OpenSSL's built-in engines, even when in FIPS mode. 2017-03-30
60456 Apache h mod_ssl bugs NEW --- export SSL_CLIENT_SAN_IPaddr variable 2017-08-08
61531 Apache h mod_ssl bugs NEW --- SSLStaplingReturnResponderErrors should return last cached response if is an error upstream 2017-09-17
61500 Apache h mod_ssl bugs NEW --- unable to compile mod_ssl_ct using CMAKE and win32 2017-09-18
59049 Apache h mod_ssl bugs NEW --- Apache doesn't recover from OCSP decode error 2017-09-22
61984 Apache h mod_ssl bugs NEW --- mod_ssl has SSLProxyVerify set to none by default 2018-01-10
62346 Apache h mod_ssl bugs NEW --- LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init" 2018-05-02
58288 Apache h mod_ssl bugs NEW --- Semaphore amount increase until crash when enabling SSLProxyCACertificateFile 2018-05-07
62400 Apache h mod_ssl bugs NEW --- OCSP Stapling should not serve OCSP responses from the cache even after they expire 2018-05-23
61081 Apache h mod_ssl bugs NEW --- per-domain SNI (to override per-vhost SNI) 2018-08-29
58007 Apache h mod_ssl bugs NEW --- 400 Bad Request with fully qualified domain name over HTTPS 2018-09-06
63000 Apache h mod_ssl bugs NEW --- SSLCA* based directives never honoured for the client certificate auth for providing the CA names 2018-12-10
58901 Apache h mod_ssl bugs NEW --- Download of large file is aborted in SSL_write on EINTR 2019-01-06
63097 Apache h mod_ssl bugs NEW --- TLS 1.3: Support "SSLOptions OptRenegotiate" 2019-01-21
61929 Apache h mod_ssl bugs NEW --- Configure mod_ssl for send empty distinguished names list 2019-02-11
63426 Apache h mod_ssl bugs NEW --- Excessive logging: AH02227: Failed to set r->user to 'SSL_CLIENT_S_DN' & AH02261: Re-negotiation handshake failed 2019-05-13
55942 Apache h mod_ssl bugs NEW --- 400 - Bad Request on POST (Windows Server 2012 Hyper-V with SSL) 2019-06-19
45058 Apache h mod_ssl bugs NEW --- Mod_SSL does not set AUTH_TYPE with client certificate authentication 2019-09-11
63924 Apache h mod_ssl bugs NEW --- SSLProxyMachineKeyFile 2019-11-14
63925 Apache h mod_ssl bugs NEW --- Wrong "cert does not match for name" 2019-11-14
63171 Apache h mod_ssl bugs NEW --- SSLProxy: SSLOCSPResponderCertificateFile not loaded on HTTP to HTTPS proxy 2019-11-25
60739 Apache h mod_ssl bugs NEW --- SSLProtocol settings seem to have no effect 2019-12-10
64071 Apache h mod_ssl bugs NEW --- [PATCH] Add wolfSSL SSL/TLS support and configure option 2020-01-10
64124 Apache h mod_ssl bugs NEW --- TLS1.3 sessions not resumable after graceful restart 2020-02-13
61453 Apache h mod_ssl bugs NEW --- OCSP Stapling: SSLStaplingFakeTryLater responses cached too long 2020-03-17
64262 Apache h mod_ssl bugs NEW --- Unsafe error handling: when using OpenSSL API 2020-03-25
57121 Apache h mod_ssl bugs NEW --- ocsp stapling should not pass temporary server outages to clients 2020-04-04
64352 Apache h mod_ssl bugs NEW --- Add an equivalent of SSLOpenSSLConfCmd for proxy HTTPS connections 2020-04-15
64434 Apache h mod_ssl bugs NEW --- Implement TLS 1.3 random record padding to mitigate BREACH 2020-05-14
64531 Apache h mod_ssl bugs NEW --- mod_ssl doesn't log client IP although it would be available many times 2020-06-17
64554 Apache h mod_ssl bugs NEW --- Wrong soft link causes config file not loaded 2020-06-24
52616 Apache h mod_ssl bugs REOP --- SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509) 2020-09-26
31418 Apache h mod_ssl bugs REOP --- SSLUserName is not usable by other modules 2020-09-26
64781 Apache h mod_ssl bugs NEW --- mod_ssl_ct does not send SCT extension with TLS 1.3 2020-09-30
64847 Apache h mod_ssl bugs NEW --- Incomplete SSL virtual host config seems to work but tells php it is not using SSL 2020-10-24
64966 Apache h mod_ssl bugs NEW --- "SSLStaplingReturnResponderErrors off" still returning errors to client 2020-12-08
64970 Apache h mod_ssl bugs NEW --- drop unmaintained ocsp support from mod_ssl 2020-12-09
65025 Apache h mod_ssl bugs NEW --- SSL error "ca key too small" is reported at info level instead of error level 2020-12-22
65162 Apache h mod_ssl bugs NEW --- Ambigous error message related to wildcard SSL certificate sharing 2021-03-01
57553 Apache h mod_ssl bugs REOP --- mod_ssl_ct causes connection failures when configured 'empty' 2021-03-30
44503 Apache h mod_ssl bugs REOP --- Errors during SSL handshake 2021-03-30
61436 Apache h mod_ssl bugs NEED --- Permissive TLS connection allowed when connecting from localhost 2021-03-30
49277 Apache h mod_ssl bugs NEW --- Expose a variable to identify SSL Session renegotiated 2021-03-30
60947 Apache h mod_ssl bugs NEW --- Segfault on startup when using mod_ssl with APR-crypto 2021-06-26
35154 Apache h mod_ssl bugs REOP --- Support for NID_serialNumber, etc. in SSLUserName 2021-07-14
40513 Apache h mod_ssl bugs REOP --- Seeding PRNG with 0 bytes of entropy 2021-08-18
65554 Apache h mod_ssl bugs NEW --- http to https redirect doesn't work when only TLSv1.2 is specified 2021-09-06
65415 Apache h mod_ssl bugs NEW --- ERR_BAD_SSL_CLIENT_AUTH_CERT by client certificate 2021-09-19
65591 Apache h mod_ssl bugs NEW --- Standard + non-standard SSL port + name-based vhosts + SNI: Port number disregarded when selecting certificate? 2021-09-22
61818 Apache h mod_ssl bugs NEW --- OCSP "SSLUseStapling on" completely blocking the server when something is off with the responder 2021-09-22
65594 Apache h mod_ssl bugs NEED --- Incorrect certificate chain sent to client 2021-09-23
65605 Apache h mod_ssl bugs NEW --- Default configuration of the ssl module should be conditional 2021-09-30
60182 Apache h mod_ssl bugs NEW --- SSLStaplingFakeTryLater Deviates From Documented Behavior of Only Being Effective When SSLStaplingReturnResponderErrors is On 2021-11-09
65860 Apache h mod_ssl bugs NEED --- Revoked certificate block httpd start 2022-02-07
65900 Apache h mod_ssl bugs NEW --- SSL still enabled without SSLEngine 2022-02-19
65904 Apache h mod_ssl bugs NEW --- modules/ssl/ssl_util_stapling.c: Fix memory leak 2022-02-24
65902 Apache h mod_ssl bugs NEW --- modules/ssl/ssl_engine_vars.c: Add check after calling ASN1_STRING_new 2022-02-24
65903 Apache h mod_ssl bugs NEW --- modules/ssl/ssl_engine_kernel.c: Add check for X509_STORE_CTX_init 2022-02-24
65905 Apache h mod_ssl bugs NEW --- modules/ssl/ssl_engine_init.c: Add check for X509_STORE_CTX_init 2022-02-25
14104 Apache h mod_ssl bugs REOP --- not documented: must restart server to load new CRL 2022-03-31
65682 Apache h mod_ssl bugs NEED --- Apache won't start with mod_ssl and openssl 1.1.1l or newer 2022-04-26
66036 Apache h mod_ssl bugs NEW --- pkcs#11: parent httpd not issuing C_Login() after graceful reload causing on-going connections to fail SSL/TLS handshake 2022-05-23
66224 Apache h mod_ssl bugs NEW --- Lacking a check for the return value of SSL_peek() 2022-08-17
66345 Apache h mod_ssl bugs NEW --- Apache2 not working properly when mod_ssl is loaded 2022-11-22
57360 Apache h mod_ssl bugs NEW --- Fail gracefully on certificate/key mismatch 2023-01-06
66481 Apache h mod_ssl bugs NEW --- SSL_CLIENT_SAN_Email (without _n) doesn't work 2023-02-20
63096 Apache h mod_ssl bugs NEW --- TLS 1.3: Client certificates don't work if they are optional on virtual host but required on location 2023-03-09
66525 Apache h mod_ssl bugs NEW --- document when certificate/key/CRL/etc. files are reloaded 2023-03-11
66440 Apache h mod_ssl bugs NEW --- The maximum effective value of SSLSessionCacheTimeout is 3600 2023-04-11
65922 Apache h mod_ssl bugs NEW --- modules/ssl/ssl_util_ssl.c: Add check for BIO_read 2023-06-06
66657 Apache h mod_ssl bugs NEW --- Support for OCSP Caching 2023-06-19
66664 Apache h mod_ssl bugs NEW --- Request for crl fallback enabling 2023-06-27
66677 Apache h mod_ssl bugs NEW --- Enable OCSP https URI 2023-07-05
64263 Apache h mod_ssl bugs NEW --- TLSv1.3 with SSLVerifyClient optional inside a Location returns 403 2023-10-13
68143 Apache h mod_ssl bugs NEW --- Global ECC certificate takes precedence on local RSA certificate 2023-11-14
66199 Apache h mod_ssl bugs NEW --- RFC 9266: Channel Bindings for TLS 1.3 support 2023-11-18
64306 Apache h mod_ssl bugs NEW --- Error "AH01977: failed reading line from OCSP server" with local OCSP proxy due to timeout 2024-01-12
68863 Apache h mod_ssl bugs NEW --- Requests using a DH-key of 2048 bytes are blocked since httpd/2.4.59 2024-04-08
110 bugs found.
CSV Feed iCal

as

File a new bug in the "mod_ssl" component of the "Apache httpd-2" product