65900 – SSL still enabled without SSLEngine

Bug 65900 - SSL still enabled without SSLEngine

Summary: SSL still enabled without SSLEngine

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.4.52
Hardware:	PC Linux

Importance:	P2 minor (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-19 23:21 UTC by jhilgeman
Modified:	2022-02-19 23:21 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jhilgeman 2022-02-19 23:21:30 UTC

Had a barebones setup with a single conf file where the only 4 references to SSL were:

1. The LoadModule for mod_ssl.
2. Listen 443 https
3. Certificate and key specified inside a single vhost.

The "SSLEngine on" directive was removed completely and the server restarted.

After the restart, tried to access a file via HTTPS and could see the handshake occur and a successful file retrieval via HTTPS.

Same setup on Windows using an Apache Lounge build on the same version seems to partially work (although the error log indicates a bad request).

The documentation for SSLEngine indicates the default value is "SSLEngine off" and the documentation for the other 3 related directives do not indicate that they enable the SSL engine.