[pkg-lighttpd] Bug#744094: lighttpd: Default ssl.ciphers disables AES-GCM
Kacper Gutowski
mwgamera at gmail.com
Thu Apr 10 02:10:33 UTC 2014
Source: lighttpd
Version: 1.4.35-2
Severity: minor
In version 1.4.30-1, the following line was included in default
conf-available/10-ssl.conf as mitigation for BEST attack:
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
NEWS file refers to [1] which back then [2] suggested using the above
cipherlist. But BEST affected only CBC suites in TLS 1.0 and there
was never any reason to disable AES-GCM. Referenced blog post also
gave no justification for it. GCM suites have been, and still are,
considered the best choice available in OpenSSL so it's definitely a
bad idea to disable them by default. Please check the updated post [1].
[1] http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
[2] https://web.archive.org/web/20111216165019/http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
More information about the pkg-lighttpd-maintainers
mailing list