Project

General

Profile

Bug #3009

closed

lighttpd uses wrong pem-file

Added by rk 6 months ago. Updated 6 months ago.

Status:
Duplicate
Priority:
Normal
Category:
TLS
Target version:
ASK QUESTIONS IN Forums:
No

Description

lighttpd sometimes delivers the wrong pem-file with simple-vhost.
Instead of delivering the ssl.pemfile of the vhost, it uses the generic server-ssl.pemfile.

Example:
- Configuration excerpt from lighttpd.conf (or: from lighttpd -p ) below.
- For example2.de it uses the "/var/lib/acme/example1.com/full.pem" instead of "/var/lib/acme/www.example2.de/full.pem". WHY?


    simple-vhost.server-root       = "/srv/www/" 
    simple-vhost.document-root     = "/" 
    $SERVER["socket"] == ":443" {
        ssl.engine             = "enable" 
        ssl.use-sslv2          = "disable" 
        ssl.use-sslv3          = "disable" 
        ssl.honor-cipher-order = "enable" 
        ssl.cipher-list        = "EECDH+AESGCM:EECDH+AES256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128...
        ssl.dh-file            = "/var/lib/dhparams/lighttpd.pem" 
        ssl.ec-curve           = "secp384r1" 
        ssl.pemfile            = "/var/lib/acme/example1.com/full.pem" 
        ssl.ca-file            = "/etc/ssl/letsencrypt--current.ca" 

    } # end of $SERVER["socket"] == ":443" 

    $SERVER["socket"] == "[::]:443" {
        # block 4
        ssl.engine             = "enable" 
        ssl.use-sslv2          = "disable" 
        ssl.use-sslv3          = "disable" 
        ssl.honor-cipher-order = "enable" 
        ssl.cipher-list        = "EECDH+AESGCM:EECDH+AES256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128...
        ssl.dh-file            = "/var/lib/dhparams/lighttpd.pem" 
        ssl.ec-curve           = "secp384r1" 
        ssl.pemfile            = "/var/lib/acme/example1.com/full.pem" 
        ssl.ca-file            = "/etc/ssl/letsencrypt--current.ca" 

    } # end of $SERVER["socket"] == "[::]:443" 

    $HTTP["host"] =~ ".*example2.de" {
        # block 42
        ssl.use-sslv2          = "disable" 
        ssl.use-sslv3          = "disable" 
        ssl.honor-cipher-order = "enable" 
        ssl.cipher-list        = "EECDH+AESGCM:EECDH+AES256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128...
        ssl.pemfile            = "/var/lib/acme/www.example2.de/full.pem" 
        ssl.ca-file            = "/etc/ssl/letsencrypt--current.ca" 
    }


Related issues

Is duplicate of Feature #2842: Lighttpd Returns Wrong Cert In Multi-cert Set-upFixedActions
#1

Updated by rk 6 months ago

It looks like:
  • lighttpd silently(!!) ignores "older" certificates (Public Key Algorithm: rsaEncryption, beginning with "-----BEGIN PRIVATE KEY-----") for vhosts, when the "main" certificate is a "newer type" (Public Key Algorithm: id-ecPublicKey, beginning with "-----BEGIN EC PRIVATE KEY-----").
  • If I change the main certificate to a rsaEncryption-type, everything works well.

Example:
- server containing 3 domains: domain-ec.example, domain-rsa1.example, domain-rsa2.example
- domain-ec.example uses a id-ecPublicKey-certificate, domain-rsa*.example use rsaEncryption-certificates
- There's a $HTTP["host"] =~ ".*domain-ec.example" { like entry for each domain, each containing ssl.pemfile.
- Now: Depending on what's written in the $SERVER["socket"] ":443", the server deliveres different certificates.

- $SERVER["socket"]  ":443": ssl.pemfile = ".../domain-ec.example/full.pem" 
- domain-ec.example: uses domain-ec.example-pemfile
- domain-rsa1.example: uses domain-ec.example-pemfile (!)
- domain-rsa2.example: uses domain-ec.example-pemfile (!)
- $SERVER["socket"] == ":443": ssl.pemfile = ".../domain-rsa1.example/full.pem" 
- domain-ec.example: uses domain-ec.example-pemfile
- domain-rsa1.example: uses domain-rsa1.example-pemfile
- domain-rsa2.example: uses domain-rsa2.example-pemfile
#2

Updated by gstrauss 6 months ago

mod_simple_vhost: I can understand your desire for such a feature, but this has never worked the way you suggest and has never been documented to work the way you suggest.

Unless you have a huge number of domains, you might consider generating your lighttpd config instead of using mod_simple_vhost. If you do have a huge number of domains, then you might consider leveraging SAN in certs.

[Edit] You're not using mod_simple_vhost. Why did you say simple-vhost in your report?

lighttpd supports SNI. Similar to advice given in some of your historical posts, please consider using the latest version of lighttpd. More importantly, you should upgrade your openssl libraries, as that is more likely the source of the behavior you are seeing.

#3

Updated by rk 6 months ago

According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL, that's exactly the way to use SSL/TLS with multiple domains.

So, is it intentional that lighttpd silently (!) -- without any error or warning -- ignores domain-specific rsaEncryption-certificates if the default ssl.pemfile is a id-ecPublicKey-certificate?

If yes: Why?
If no: How can this be fixed?

#4

Updated by rk 6 months ago

[Edit] You're not using mod_simple_vhost. Why did you say simple-vhost in your report?

I am using mod_simple_vhost. I don't know if this has anything to do with this problem or with SNI (since I don't know the lighttpd-sourcecode), but I am definitely using it here.

lighttpd supports SNI. Similar to advice given in some of your historical posts, please consider using the latest version of lighttpd. More importantly, you should upgrade your openssl libraries, as that is more likely the source of the behavior you are seeing.

I am using lighttpd 1.4.55, and according to https://redmine.lighttpd.net/projects/lighttpd/wiki, that's the latest release; probably with openssl 1.1.1f. So, upgrading won't help.

#5

Updated by gstrauss 6 months ago

lighttpd is not openssl. lighttpd uses openssl (or whatever TLS libraries lighttpd was built with, e.g. LibreSSL, BoringSSL, WolfSSL, etc)

If you comment out ssl.cipher-list then lighttpd defaults to ssl.cipher-list = "HIGH". You might temporarily test with ssl.cipher-list = "LOW" Similarly, you might test inverting ssl.honor-cipher-order

.

FYI: mod_simple_vhost is independent from mod_openssl. mod_simple_vhost does not configure SSL certificates. mod_openssl does, so you have to configure ssl.pemfile in lighttpd.conf for SNI in $HTTP["host"] conditions, which is what it looks like you are doing.

.

Actually, ssl.cipher-list = "LOW" won't work for you, as those ciphers were removed in openssl 1.1.0.
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Try ssl.cipher-list = "MEDIUM"

#6

Updated by gstrauss 6 months ago

  • Status changed from New to Duplicate
  • ASK QUESTIONS IN Forums set to No
#7

Updated by gstrauss 6 months ago

  • Is duplicate of Feature #2842: Lighttpd Returns Wrong Cert In Multi-cert Set-up added
#8

Updated by gstrauss 6 months ago

If certificates for your hosts are of different types from that of the default certificate for the socket, then the certificate types for the hosts should be listed in ssl.cipher-list before the certificate type of the default certificate for the socket.

This is the default (truncated) order on my system, and I suspect openssl ciphers will show similar ordering on your system

ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384" 

but try the following for your desire to prefer the RSA certs for your SNI hosts before the EC cert you defined as the default for the socket:
ssl.cipher-list = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384" 

For more details, see https://redmine.lighttpd.net/issues/2842?#note-18

Also available in: Atom