Feature #2364

Add honor-cipher-order config option to mitigate BEAST attack

Added by stj about 3 years ago. Updated almost 3 years ago.

Status:FixedStart date:2011-11-04
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:1.4.30
Missing in 1.5.x:No

Description

Recently, some vulnerability named "BEAST" was detected when using CBC ciphers in TLS v1.0.
More info about the vulnerability can be found here:
http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html

There is no fix for the issue except to turn of TLS v1.0 completely or to disable all CBC ciphers by using "ssl.cipher-list". However, this has issues because it will lock out several non-compatible clients so it is not a "real" option.
For Apache, there is a recommendation that does not fix the problem but mitigates it.
The recommendation is to prefer non-CBC ciphers over CBC ciphers. This will reduce the probability of CBC ciphers to be used, but they still can be used if no other ciphers are supported by the client.

For lighttpd, there is no option like Apache's HonorCipherOrder so in lighttpd the cipher is selected in client preference order, not server preference order.

I have attached a patch that does add a config option "ssl.honor-cipher-order" (a bool flag, default is "disable" in order to be downwards-compatible).
By setting the flag to true in the config, the cipher order will be selected in server preference order. Thus, there is the possibility to mitigate BEAST attacks. The flag is passed to openssl when set (openssl already has a flag for this).

The attached patch is for 1.4.29.
The impact should be rather minimal, and the patch should be downwards-compatible so I hope this can added to a new release.

honor-cipher-order.diff Magnifier (2.68 KB) stj, 2011-11-04 12:36

Associated revisions

Revision 2810
Added by stbuehler almost 3 years ago

[ssl] add option to honor server cipher order, true by default (fixes #2364)

History

#1 Updated by stbuehler about 3 years ago

  • Target version set to 1.4.30

I'm sick of having to workaround ssl bugs in applications...

#2 Updated by stbuehler almost 3 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2810.

Also available in: Atom