|
65025
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSL error "ca key too small" is reported at info level instead of error level
|
2020-12-22
|
|
64970
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
drop unmaintained ocsp support from mod_ssl
|
2020-12-09
|
|
64966
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
"SSLStaplingReturnResponderErrors off" still returning errors to client
|
2020-12-08
|
|
64847
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Incomplete SSL virtual host config seems to work but tells php it is not using SSL
|
2020-10-24
|
|
61818
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
OCSP "SSLUseStapling on" completely blocking the server when something is off with the responder
|
2020-10-12
|
|
64781
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl_ct does not send SCT extension with TLS 1.3
|
2020-09-30
|
|
31418
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
SSLUserName is not usable by other modules
|
2020-09-26
|
|
52616
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)
|
2020-09-26
|
|
64264
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
Potential memory leak: forget to free the return value of OpenSSL API 'SSL_get_peer_certificate'
|
2020-08-22
|
|
64554
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Wrong soft link causes config file not loaded
|
2020-06-24
|
|
64531
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl doesn't log client IP although it would be available many times
|
2020-06-17
|
|
64434
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Implement TLS 1.3 random record padding to mitigate BREACH
|
2020-05-14
|
|
64306
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Error "AH01977: failed reading line from OCSP server" with local OCSP proxy due to timeout
|
2020-05-08
|
|
57360
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Fail gracefully on certificate/key mismatch
|
2020-05-01
|
|
64352
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Add an equivalent of SSLOpenSSLConfCmd for proxy HTTPS connections
|
2020-04-15
|
|
57121
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
ocsp stapling should not pass temporary server outages to clients
|
2020-04-04
|
|
64263
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
TLSv1.3 with SSLVerifyClient optional inside a Location returns 403
|
2020-04-03
|
|
64262
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Unsafe error handling: when using OpenSSL API
|
2020-03-25
|
|
60182
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLStaplingFakeTryLater Deviates From Documented Behavior of Only Being Effective When SSLStaplingReturnResponderErrors is On
|
2020-03-18
|
|
61453
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
OCSP Stapling: SSLStaplingFakeTryLater responses cached too long
|
2020-03-17
|
|
64135
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts
|
2020-02-21
|
|
64124
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
TLS1.3 sessions not resumable after graceful restart
|
2020-02-13
|
|
60947
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Segfault on startup when using mod_ssl with APR-crypto
|
2020-01-13
|
|
64071
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
[PATCH] Add wolfSSL SSL/TLS support and configure option
|
2020-01-10
|
|
60739
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLProtocol settings seem to have no effect
|
2019-12-10
|
|
63171
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLProxy: SSLOCSPResponderCertificateFile not loaded on HTTP to HTTPS proxy
|
2019-11-25
|
|
63925
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Wrong "cert does not match for name"
|
2019-11-14
|
|
63391
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Provide ability to log key material for session decryption
|
2019-11-14
|
|
63924
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLProxyMachineKeyFile
|
2019-11-14
|
|
45058
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Mod_SSL does not set AUTH_TYPE with client certificate authentication
|
2019-09-11
|
|
63096
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
TLS 1.3: Client certificates don't work if they are optional on virtual host but required on location
|
2019-08-01
|
|
55942
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
400 - Bad Request on POST (Windows Server 2012 Hyper-V with SSL)
|
2019-06-19
|
|
63426
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Excessive logging: AH02227: Failed to set r->user to 'SSL_CLIENT_S_DN' & AH02261: Re-negotiation handshake failed
|
2019-05-13
|
|
59798
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Apache crashes with child process exited with status 3221226356
|
2019-03-19
|
|
61929
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Configure mod_ssl for send empty distinguished names list
|
2019-02-11
|
|
63097
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
TLS 1.3: Support "SSLOptions OptRenegotiate"
|
2019-01-21
|
|
14104
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
not documented: must restart server to load new CRL
|
2019-01-09
|
|
58901
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Download of large file is aborted in SSL_write on EINTR
|
2019-01-06
|
|
63000
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLCA* based directives never honoured for the client certificate auth for providing the CA names
|
2018-12-10
|
|
58007
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
400 Bad Request with fully qualified domain name over HTTPS
|
2018-09-06
|
|
61081
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
per-domain SNI (to override per-vhost SNI)
|
2018-08-29
|
|
34270
|
Apache h
|
mod_ssl
|
bugs
|
NEED
|
---
|
Large POSTs over SSL from Internet Explorer do not complete successfully
|
2018-06-19
|
|
62400
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
OCSP Stapling should not serve OCSP responses from the cache even after they expire
|
2018-05-23
|
|
58288
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Semaphore amount increase until crash when enabling SSLProxyCACertificateFile
|
2018-05-07
|
|
62346
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"
|
2018-05-02
|
|
62153
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
compile apache with custom openssl 1.0.2 folder as static shows a warning at httpd start
|
2018-03-02
|
|
61984
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl has SSLProxyVerify set to none by default
|
2018-01-10
|
|
61574
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl RFC: change uniqueness logic for SSLCADNRequest*
|
2017-09-29
|
|
59049
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Apache doesn't recover from OCSP decode error
|
2017-09-22
|
|
61500
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
unable to compile mod_ssl_ct using CMAKE and win32
|
2017-09-18
|
|
61531
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLStaplingReturnResponderErrors should return last cached response if is an error upstream
|
2017-09-17
|
|
61436
|
Apache h
|
mod_ssl
|
bugs
|
NEED
|
---
|
Permissive TLS connection allowed when connecting from localhost
|
2017-08-17
|
|
60456
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
export SSL_CLIENT_SAN_IPaddr variable
|
2017-08-08
|
|
60943
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl enables all of OpenSSL's built-in engines, even when in FIPS mode.
|
2017-03-30
|
|
60843
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl_ct sends empty SCT TLS extension
|
2017-03-09
|
|
46037
|
Apache h
|
mod_ssl
|
bugs
|
NEED
|
---
|
Configuration of trusted OCSP responder certificates
|
2017-03-02
|
|
44503
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
Errors during SSL handshake
|
2017-03-02
|
|
60457
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLOCSPEnable setting is not inherited from server config into vhost config
|
2016-12-08
|
|
60186
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Adding a SSL Verify directive to accept expired client certificate
|
2016-09-29
|
|
60028
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl does not accept expired client certificates even with SSLVerifyClient optional_no_ca
|
2016-08-22
|
|
59957
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Suppress or reduce severity of AH01906 for self-signed certificates
|
2016-08-07
|
|
57553
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
mod_ssl_ct causes connection failures when configured 'empty'
|
2016-07-05
|
|
59626
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl configuration directives ExportCertData and StdEnvVars, and other ssl environment variables can't be used with a fastcgi authenticator
|
2016-05-24
|
|
57949
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
new mod_ssl environment variable SSL_{CLIENT|SERVER}_EXT_KEYUSAGE_purpose
|
2015-05-25
|
|
57131
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
OCSP Stapling scalability concern
|
2015-05-23
|
|
57680
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLSessionCacheTimeout has no effect
|
2015-03-09
|
|
57646
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLEngine inside If directive
|
2015-02-27
|
|
57510
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Engine keyform support for private keys
|
2015-02-08
|
|
56028
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Add http/1.0, http/1.1 NPN advertisement to enable TLS False Start
|
2015-01-27
|
|
57327
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl seg fault on exit
|
2014-12-08
|
|
54918
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Implement RFC 6797 HTTP Strict Transport Security (HSTS)
|
2014-11-12
|
|
57159
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
mod_ssl OCSP Stapling directives don't support per-certificate settings
|
2014-10-28
|
|
56843
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Support different OCSP stapling max ages
|
2014-08-12
|
|
56508
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Requiring SNI - SSLStrictSNIVHostCheck semantics
|
2014-07-16
|
|
53156
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
CRL validation fails if CRL is missing
|
2014-07-03
|
|
56587
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Many VirtualHost's with SSLEngine On
|
2014-06-03
|
|
56475
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Allow TLS record size to be configured
|
2014-04-30
|
|
49277
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Expose a variable to identify SSL Session renegotiated
|
2014-03-26
|
|
55467
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Support for OpenSSL custom TLS extensions and supplemental data
|
2014-02-18
|
|
56135
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Add DC to list of x509 components
|
2014-02-13
|
|
42687
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Fully delegate certificate & key semantics to the SSLCryptoDevice
|
2013-11-30
|
|
45054
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSLVerifyClient optional_no_ca is broken
|
2013-11-21
|
|
55458
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
allow to configure what mod_ssl responds when one doesn't talk TLS/SSL to the port
|
2013-08-20
|
|
45801
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
SSLRequireSSL with strictrequire and satisfy any does not behave as expected
|
2013-08-07
|
|
53899
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSL_OP_ALL disables the mitigation code for CVE-2011-3389
|
2013-06-23
|
|
40513
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
Seeding PRNG with 0 bytes of entropy
|
2013-04-22
|
|
54830
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Make SSLPProxyMachineCertificateFile configurable per location
|
2013-04-11
|
|
54385
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
SSL configuration independent from virtual hosts, automatic certificate selection.
|
2013-01-08
|
|
52874
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Support Use TrustedFirst checking when verifying client certificate chain
|
2012-03-13
|
|
52495
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
CACertificate, CADNCertificate, CARevocation, CertificateChain, Certifcate and CertificateKey per directory context
|
2012-02-04
|
|
42688
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
engine managed keys: per process openssl context
|
2011-12-19
|
|
43997
|
Apache h
|
mod_ssl
|
bugs
|
REOP
|
---
|
Only issue "Init: SSL server IP/Port conflict" if certificates are different.
|
2011-05-10
|
|
49717
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
PATCH: Enable SSL Timeout
|
2011-02-12
|
|
47514
|
Apache h
|
mod_ssl
|
bugs
|
NEW
|
---
|
Personal data and restrictions based on subject directory attributes extension
|
2009-07-13
|
