Project

General

Profile

Please update the 'standard' ssl cipher string recommendation

Added by mike4online over 2 years ago

The wiki page for configuring SSL in lighty (http://redmine.lighttpd.net/projects/1/wiki/docs_ssl) refers readers to the 1.4.34 release notes page (http://www.lighttpd.net/2014/1/20/1-4-34/) for recommended cipher suite order:

ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" 

However, using the order on this page (in lighttpd 1.4.31) leaves my web site with weak 'DHE' ciphers, according to the SSL scan at https://www.ssllabs.com/ssltest/.

I was able to remove the weak ciphers by modifying the cipher string to the following

ssl.cipher-list = "aRSA+HIGH:!3DES:+kEDH:+kRSA:!kSRP:!kPSK:!EDH" 

Please consider adopting the above revised cipher string as the newest recommendation.

Thank you.


Replies (1)

RE: Please update the 'standard' ssl cipher string recommendation - Added by stbuehler over 2 years ago

The examples prefer ciphersuites with “Forward Secrecy” and ECDHE over DHE (alias EDH)

I think this is exactly how it should be. If you don't want kEDH, maybe you don't want kRSA too?

If you want DH parameter with more bits (say 4096), you need to specify them as the default ones are 1024-bit.

Yes, 1024-bit are weak, otoh some (Java) implementations out there can't handle more, and you can't negotiate how many bits the other side can handle, and I don't want to break these with an update (lighttpd2 includes 4096-bit by default).

I updated the release notes with more information about this. Also lighttpd2 has this in the docs about DH-paramters.

    (1-1/1)