updating lighttpd on debian squeeze against the BEAST

If you’re updating your debian stable (squeeze) and using Lighttpd as your web server, you might come across a security notice on how to fix your lighttpd against the BEAST attack.

lighttpd (1.4.28-2+squeeze1) stable-security; urgency=high

 This releases includes an option to force Lighttpd to honor the cipher order
 in ssl.cipher-list. This mitigates the effects of a SSL CBC attack commonly
 referred to as "BEAST attack". See [1] and CVE-2011-3389 for more details.

 To minimze the risk of this attack it is recommended either to disable all CBC
 ciphers (beware: this will break older clients), or pursue clients to use safe
 ciphers where possible at least. To do so, set

 ssl.ciphers =  "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 ssl.honor-cipher-order = "enable"

 in your /etc/lighttpd/conf-available/10-ssl.conf file or on any SSL enabled
 host you configured. If you did not change this file previously, this upgrade
 will update it automatically.

 [1] http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html

There’s a mistake on this note however. Instead of

ssl.ciphers =  "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

you should use

ssl.cipher-list =  "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

After testing that this actually works I have then confirmed this with Arno Töll, who said:

You’re right. I forgot to correct that in the Squeeze NEWS file. I
didn’t do so in the Wheezy version though. Luckily I did it properly
in the configuration file.

Unfortunately I don’t think I can fix that easily, as updates to
Debian Stable have very high barriers to avoid regressions.

A little strange situation, considering people who would want to protect themselves would naturally follow this guide. Those people cannot be notified of the correct fix (apparently as a result of the high-bureaucracy involved…). The notice has the potential to not only leave people vulnerable, but might also give them a false sense of security… This goes to show that despite the relatively high profile of this issue, and the high scrutiny in Debian stable, mistakes still happen.

Lucikly, as Arno Töll indicated, if you use the updated 10-ssl.conf file included in the release, the configuration directive there is correct. If you update your lighttpd configuration manually, make sure to use the correct directive.

Leave a Reply

css.php