OoO En cette nuit nuageuse du mercredi 21 décembre 2011, vers 01:24, Nico Golde <nion@debian.org> disait : > When using CBC ciphers on an SSL enabled virtual host to communicate with > certain client, a so called "BEAST" attack allows man-in-the-middle > attackers to obtain plaintext HTTP traffic via a blockwise > chosen-boundary attack (BCBA) on an HTTPS session. Technically this is > no lighttpd vulnerability. However, lighttpd offers a workaround to > mitigate this problem by providing a possibility to disable CBC ciphers. > This updates includes this option by default. System administrators > are advised to read the NEWS file of this update (as this may break older > clients). The NEWS file is a bit misinformed: To minimze the risk of this attack it is recommended either to disable all CBC ciphers (beware: this will break older clients), or pursue clients to use safe ciphers where possible at least. To do so, set ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" ssl.honor-cipher-order = "enable" ECDHE-RSA-AES256-SHA384 and AES256-SHA256 cipher suites are still using CBC. However, they are only compatible with TLS 1.2 which is not vulnerable to the attack. More important, lighttp uses OpenSSL which is not compatible with TLS 1.2. Therefore, the above cipher list is the same as: RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM (you can check the output of "openssl ciphers") I also think that "this will break older clients" is a bit alarming. Even IE6 supports RC4-SHA. It would be better to say "it may break very old clients". -- Vincent Bernat ☯ http://vincent.bernat.im panic("bad_user_access_length executed (not cool, dude)"); 2.0.38 /usr/src/linux/kernel/panic.c
Attachment:
pgprNpg8MvkLz.pgp
Description: PGP signature