[UE] Unable to get SHA-256 to work
Added by sksinha_rm about 1 year ago
I am running lighttpd 1.4.68 on Petalinux Xilinx SDK 2018.3. I need to use SHA-256 on a protected page.
I had following cipher-list in my lighttpd.conf:ssl.openssl.ssl-conf-cmd = ("CipherString" => "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA")
OR
ssl.openssl.ssl-conf-cmd = ("CipherString" => "EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384")
auth.require = (
"/" => (
"method" => "digest",
"algorithm" => "SHA-256",
"realm" => "protected pages",
"require" => "user=tester",
)
I have encoded password with SHA256 and added in lighttpd.user. Above (1st option of Cipher-list) works fine with md5 encoded password .
But, neither cipher-list seems to work with SHA-256.
I am using latest firefox on windows to connect. Console output(of response header) of a GET request is like:
WWW-Authenticate
Digest realm="protected pages", charset="UTF-8", algorithm=SHA-256, nonce="63ee28ef:26a81f50f9271a7c7c9f042f948cf1a5fd58af1a0c1ba85f705fb46c98765008", qop="auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
but status is :Status 401 Unauthorized
Security: connection is
Protocol version: TLSv1.2
Cipher suite:TLS_RSA_WITH_AES_128_GCM_SHA256
SHA-256 Fingerprint:A0:1B:7C:97:39:01:F0:85:99:85:FE:CA:D5:17:61:C8:5D:6B:14:DE:89:73:AB:67:2A:41:48:E1:4B:48:4D:4F
SHA1 Fingerprint:F6:4F:79:F3:B4:80:03:2D:CB:E4:8D:C0:72:30:23:8C:FF:A3:64:39
Looks all TLS handshake for SHA-256 looks ok. Do I need to add something else in lighttpd.conf, am I missing something.
Similar issue on Edge and Chrome.
Any help or pointer will be very helpful.
Thanks in advance.
Replies (4)
[UE] RE: Unable to get SHA-256 to work - Added by gstrauss about 1 year ago
RE: Unable to get SHA-256 to work - Added by sksinha_rm about 1 year ago
Issue resolved. Issue im copying password to lighttpd.user file, copied with an extra space. Thanks for help and suggestions.
RE: [UE] Unable to get SHA-256 to work - Added by sksinha_rm about 1 year ago
Is there any mechanism to salt password with some random number? I am unable to understand the use of "userhash". Any help/pointers will be useful.
RE: [UE] Unable to get SHA-256 to work - Added by gstrauss about 1 year ago
RTFM and ask a more intelligent question that is more specific and shows that you tried to read the documentation. If you do not understand something specific in the documentation, ask a specific question referencing that specific part of the documentation. You failed to search for the word "salt" in mod_auth. It is unlikely that I will respond further here. You've wasted enough of my time by failing to try to read the documentation (and failing to demonstrate that you tried to read the documentation). I'm not going to read the documentation to you.