ISRG (Internet Security Research Group), which is the founder of the Let’s Encrypt project and promotes HTTPS and the development of technologies to improve Internet security, presented a project for the development of a new module with the implementation of the TLS protocol for the Apache HTTP server. The new module, which will be offered under the name mod_tls, will act as an alternative to the current module mod_ssl.
The module will be initially developed using secure programming techniques. In particular, the code will be written in Rust, which focuses on safe memory handling, provides automatic memory management, and provides a means to achieve high parallelism in job execution. Using Rust will reduce the risk of vulnerabilities caused by accessing a memory area after it is freed and overflowing the buffer.
In mod_tls it was decided not to use the OpenSSL library, but to implement the TLS protocol based on the Rustls library, which uses cryptographic primitives from ring and functions for working with certificates from libwebpki … Development will be done by Stefan Eissing, one of the Apache httpd committers. The work will be funded by Google. Mod_tls is expected to replace mod_ssl in the default httpd configuration in the future.