If you’re updating your debian stable (squeeze) and using Lighttpd as your web server, you might come across a security notice on how to fix your lighttpd against the BEAST attack.
lighttpd (1.4.28-2+squeeze1) stable-security; urgency=high This releases includes an option to force Lighttpd to honor the cipher order in ssl.cipher-list. This mitigates the effects of a SSL CBC attack commonly referred to as "BEAST attack". See [1] and CVE-2011-3389 for more details. To minimze the risk of this attack it is recommended either to disable all CBC ciphers (beware: this will break older clients), or pursue clients to use safe ciphers where possible at least. To do so, set ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" ssl.honor-cipher-order = "enable" in your /etc/lighttpd/conf-available/10-ssl.conf file or on any SSL enabled host you configured. If you did not change this file previously, this upgrade will update it automatically. [1] http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
There’s a mistake on this note however. Instead of
ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you should use
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
After testing that this actually works I have then confirmed this with Arno Töll, who said:
You’re right. I forgot to correct that in the Squeeze NEWS file. I
didn’t do so in the Wheezy version though. Luckily I did it properly
in the configuration file.Unfortunately I don’t think I can fix that easily, as updates to
Debian Stable have very high barriers to avoid regressions.
A little strange situation, considering people who would want to protect themselves would naturally follow this guide. Those people cannot be notified of the correct fix (apparently as a result of the high-bureaucracy involved…). The notice has the potential to not only leave people vulnerable, but might also give them a false sense of security… This goes to show that despite the relatively high profile of this issue, and the high scrutiny in Debian stable, mistakes still happen.
Lucikly, as Arno Töll indicated, if you use the updated 10-ssl.conf file included in the release, the configuration directive there is correct. If you update your lighttpd configuration manually, make sure to use the correct directive.
