mod_tls

Prossimo Initiative
Project Status: In progress
mod_tls logo

The Story

The Apache httpd server is an incrediby popular HTTP server. Server software like httpd is security critical because its primary job is to handle network requests and perform complex processing. It's a difficult job to perform securely even without having to worry about managing memory.

Unfortunately, Apache httpd is written in C, so manual memory management is a major concern. Like almost every other HTTP server written in C, it has a long history of memory safety vulnerabilities. The Internet is not going to provide the level of security that we need until the most popular HTTP servers are written in memory safe code.

That's why we've contracted with Stefan Eissing of Greenbytes to write mod_tls, a new TLS module for Apache that is intended to replace the existing mod_ssl some day. The mod_tls module uses the largely memory safe Rustls TLS library instead of OpenSSL, bringing a much greater degree of security to a critical component of httpd. If we can show that this works well enough, we hope to bring memory safety to additional httpd modules and get them included into official httpd packages.

From our Blog

February 2, 2021

A Memory Safe TLS Module for the Apache HTTP Server

The Apache HTTP Server, httpd, is an important piece of the Internet’s infrastructure. Hundreds of millions of websites use it every day to serve requests. As such, improvements to httpd security have broad impact.

Read more

Sponsors