HOB-SSL – The Alternative to OpenSSL
Why mod_hob_ssl is superior to mod_ssl:
Many website operators put their faith in Apache, the open source standard for webserver services. Apache can also provide HTTPS connections with the associated encryption module mod_ssl. Yet in spite of the wide distribution of this module, every now and then new vulnerabilities keep getting found. Most are due to neither the protocol nor the algorithms, but are simply to be traced back to clumsy programming. With its closed-source SSL implementation, awarded multiple certificates, HOB has developed the alternative encryption module described below.
The components of mod_hob_ssl are also part of the Common Criteria EAL 4+ certification, the highest security level evaluation for a pure software solution.
The random number generator (seed generation) in mod_hob_ssl was developed with the utmost care and provides an entropy of at least 50 bits (= more than 100 million possible combinations). This random number generator was also certified in accordance with the Common Criteria EAL 4+.
HOB provides highly qualified technical support in the event a customer has questions regarding the proper use of mod_hob_ssl. Such dedicated support cannot be found for OpenSSL.
HOB has strict guidelines for dealing with any eventual security flaws: The customer will be informed and will promptly receive a patch.
The configuration tool (Security Manager) is more user-friendly than text-based configuration files found in other SSL solutions.
mod_hob_ssl has no unnecessary features, which present an opportunity of attack (such as Heartbeat in OpenSSL, which led to the Heartbleed vulnerability).
HOB has a conservative security model, with greater focus on security itself. For example, with one of the most recent security gaps discovered in OpenSSL (CVE 2016-0701) – a private exponent for the Diffie-Hellman key exchange was, in certain cases, reused. This gap has now been exploited in an attack:
At HOB, the utmost care is taken to prevent such vulnerabilities.