You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2022/02/19 23:21:30 UTC

[Bug 65900] New: SSL still enabled without SSLEngine

https://bz.apache.org/bugzilla/show_bug.cgi?id=65900

            Bug ID: 65900
           Summary: SSL still enabled without SSLEngine
           Product: Apache httpd-2
           Version: 2.4.52
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: jhilgeman@gmail.com
  Target Milestone: ---

Had a barebones setup with a single conf file where the only 4 references to
SSL were:

1. The LoadModule for mod_ssl.
2. Listen 443 https
3. Certificate and key specified inside a single vhost.

The "SSLEngine on" directive was removed completely and the server restarted.

After the restart, tried to access a file via HTTPS and could see the handshake
occur and a successful file retrieval via HTTPS.

Same setup on Windows using an Apache Lounge build on the same version seems to
partially work (although the error log indicates a bad request).

The documentation for SSLEngine indicates the default value is "SSLEngine off"
and the documentation for the other 3 related directives do not indicate that
they enable the SSL engine.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org