Considering the impact on mod_ssl, I'm making these assumptions:
1. no HTTP/SSL client initiates a renegotiation of its own accord
2. many mod_ssl configurations do not require a renegotiation to be
performed at all
3. some mod_ssl configurations, typically requiring client cert auth in
a per-directory/location context, do require the server to initiate a
The longer term plan to fix the vulnerability is to upgrade all clients
and servers to support a new TLS extension which allows renegotiations
to be performed securely.
Disabling renegotiation completely and unconditionally at SSL toolkit
level will break a significant number of installs - I don't think we
could deploy that change.
In the short term, I think it would be useful to have a new SSL_OP_*
flag which enables rejection of a client-initiated handshake in an SSL
server. This will fix the issue for 90% of sites without breaking the
remaining 10% (case 3 above), and is a change that can be deployed