Bug #2977
closedSSL routines:ciphersuite_cb:no cipher match
Description
After upgrading from 1.4.50 (where the issue was not present) to 1.4.54 the server fails to start with
SSL routines:ciphersuite_cb:no cipher match
This happens with
ssl.cipher-list = "CHACHA20-POLY1305-SHA256:AES-256-GCM_SHA384:AES-128-GCM-SHA256" ssl.cipher-list = "CHACHA20_POLY1305_SHA256:AES_256_GCM_SHA384:AES_128_GCM_SHA256" ssl.cipher-list = "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" ssl.cipher-list = "TLS-CHACHA20-POLY1305-SHA256:TLS-AES-25-_GCM-SHA384:TLS-AES-128-GCM-SHA256"
And similarly happens also with
ssl.openssl.ssl-conf-cmd = ("Ciphersuites" => "named cipher suite")
I am basically coding illiterate, just it would seem that with https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/8efa6a34f4a055bb184a5303e94bafdb994bbddd/diff/src/mod_openssl.c
CONST_STR_LEN("HIGH")
the cipher suite is constraint to HIGH and thus causes the failure and in turn preventing to user to set a customised cipher order/list
Updated by stbuehler over 4 years ago
Hi!
Can you please post the full error message? We need to see where it fails (and whether it is actually about failing to start or failing to accept connections from old clients).
HIGH shouldn't prevent your server from starting; the only reason I can think of why it might fail is if you're using small keys which are not acceptable anymore.
Also you didn't mention which OS you're on and which openssl versions your 1.4.50 and 1.4.54 were linked with; more recent openssl versions became more strict about lots of things (i.e. again small keys, ...).
Updated by Anonymous over 4 years ago
It fails to start
/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
(mod_openssl.c.983) SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
(server.c.1240) Initialization of plugins failed. Going down.
Set to HIGH the server starts but it prevents me from setting the order to cipher suites the server sets for the client.
That is with
ssl.openssl.ssl-conf-cmd = ( "Protocol" => "-ALL, +TLSv1.3" )
key size being of the private key that been used for the cert generation? Which is in this case
RSA Private-Key: (2048 bit, 2 primes)
And for sake of completeness
lighttpd - 1.4.54-1.0
lighttpd-https-cert - 5-0.0
lighttpd-mod-alias - 1.4.54-1.0
lighttpd-mod-cgi - 1.4.54-1.0
lighttpd-mod-fastcgi - 1.4.54-1.0
lighttpd-mod-openssl - 1.4.54-1.0
lighttpd-mod-proxy - 1.4.54-1.0
lighttpd-mod-redirect - 1.4.54-1.0
lighttpd-mod-setenv - 1.4.54-1.0
OpenSSL 1.1.1c
Is my assumption about the cipher suite being constraint to HIGH, as introduced in mod_openssl.c, wrong then?
Updated by stbuehler over 4 years ago
This seems to work fine on my system:
ssl.cipher-list = "HIGH" ssl.openssl.ssl-conf-cmd = ( "Protocol" => "-ALL, +TLSv1.3" )
Perhaps you can try to find the minimal config that isn't starting for you and post that.
Updated by Anonymous over 4 years ago
HIGH works, as I mentioned in previous post.
Not working after the update from .5*0* to .5*4*
ssl.cipher-list = "CHACHA20-POLY1305-SHA256:AES-256-GCM-SHA384:AES-128-GCM-SHA256"
and neither is
ssl.openssl.ssl-conf-cmd = ( "Ciphersuites" => "CHACHA20-POLY1305-SHA256:AES-256-GCM-SHA384:AES-128-GCM-SHA256" )
either ending up with
SSL routines:ciphersuite_cb:no cipher match
Updated by stbuehler over 4 years ago
- Status changed from New to Invalid
- Target version deleted (
1.4.x)
Well, openssl ciphers '...' doesn't like your cipherstring either, so I'd say openssl got more strict about parsing those, and your 1.4.50 binary was linked against an older version.
$ openssl ciphers -v 'CHACHA20-POLY1305-SHA256:AES-256-GCM-SHA384:AES-128-GCM-SHA256' Error in cipher list 140175423665280:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2549:
In any case there is nothing we can do about which ciphers openssl accepts or not.
Updated by Anonymous over 4 years ago
For TLS1.3 there is special value
-ciphersuites val Configure the TLSv1.3 ciphersuites to use
try
openssl ciphers -ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
Also available in: Atom