News

ISRG to replace Apache-httpd C components with Rust for security reasons

By admin
Spread the love

The Internet Security Research Group will replace components of Apache HTTP Server implementation httpd to make the web server more secure. The code goes from C to Rust to prevent memory bugs.

The project is funded by Google and led by the ISRG, the same organization behind Let’s Encrypt’s SSL certificates. The project aims to make httpd more secure by transferring key components piece by piece from C to Rust, the organization writes. The first step is a new module called mod_tls, which should replace the current mod_ssl. That is the default in httpd. The new module is built with the Rustls library for tls, instead of OpenSSL. “We hope mod_tls will one day replace mod_ssl,” the developers write.

In the future, other modules should also be replaced by modules written in Rust. A specific timeline is not yet known for this. According to the organization, C as a development language is insecure in terms of memory. The developers refer to a list of bugs in Apache, where memory bugs are common.

Rust, the language designed by Mozilla, would be much better suited for that. The problem is that Apache is already 26 years old and therefore uses many old components. “It is very difficult to completely convert httpd to Rust in one go. Fortunately, we can incrementally solve the security problem in httpd memory,” writes the ISRG.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

‘AMD wants to sell Radeon RX 7700 and RX 7800 series from September’