Feature #2364

Add honor-cipher-order config option to mitigate BEAST attack

Added by stj almost 8 years ago. Updated almost 8 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


Recently, some vulnerability named "BEAST" was detected when using CBC ciphers in TLS v1.0.
More info about the vulnerability can be found here:

There is no fix for the issue except to turn of TLS v1.0 completely or to disable all CBC ciphers by using "ssl.cipher-list". However, this has issues because it will lock out several non-compatible clients so it is not a "real" option.
For Apache, there is a recommendation that does not fix the problem but mitigates it.
The recommendation is to prefer non-CBC ciphers over CBC ciphers. This will reduce the probability of CBC ciphers to be used, but they still can be used if no other ciphers are supported by the client.

For lighttpd, there is no option like Apache's HonorCipherOrder so in lighttpd the cipher is selected in client preference order, not server preference order.

I have attached a patch that does add a config option "ssl.honor-cipher-order" (a bool flag, default is "disable" in order to be downwards-compatible).
By setting the flag to true in the config, the cipher order will be selected in server preference order. Thus, there is the possibility to mitigate BEAST attacks. The flag is passed to openssl when set (openssl already has a flag for this).

The attached patch is for 1.4.29.
The impact should be rather minimal, and the patch should be downwards-compatible so I hope this can added to a new release.

honor-cipher-order.diff (2.68 KB) honor-cipher-order.diff stj, 2011-11-04 12:36

Associated revisions

Revision 0f96222e (diff)
Added by stbuehler almost 8 years ago

[ssl] add option to honor server cipher order, true by default (fixes #2364)

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9

Revision 2810 (diff)
Added by stbuehler almost 8 years ago

[ssl] add option to honor server cipher order, true by default (fixes #2364)



Updated by stbuehler almost 8 years ago

  • Target version set to 1.4.30

I'm sick of having to workaround ssl bugs in applications...


Updated by stbuehler almost 8 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2810.

Also available in: Atom