From 0f96222e7e3ca51767cf13144ec5d777b8869677 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Wed, 30 Nov 2011 19:59:24 +0000
Subject: [PATCH] [ssl] add option to honor server cipher order, true by
 default (fixes #2364)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2810 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS                     | 1 +
 doc/config/lighttpd.conf | 2 ++
 src/base.h               | 1 +
 src/configfile.c         | 6 ++++++
 src/network.c            | 4 ++++
 5 files changed, 14 insertions(+)

diff --git a/NEWS b/NEWS
index 29214dad..fb03e689 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ NEWS
   * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
   * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
   * [ssl] count renegotiations to prevent client renegotiations
+  * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
 
 - 1.4.29 - 2011-07-03
   * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
diff --git a/doc/config/lighttpd.conf b/doc/config/lighttpd.conf
index efe96be4..e5c6722b 100644
--- a/doc/config/lighttpd.conf
+++ b/doc/config/lighttpd.conf
@@ -394,6 +394,8 @@ server.upload-dirs = ( "/var/tmp" )
 ##   $SERVER["socket"] == "10.0.0.1:443" {
 ##     ssl.engine                  = "enable"
 ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
+##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+##     ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 ##     server.name                 = "www.example.com"
 ##
 ##     server.document-root        = "/srv/www/vhosts/example.com/www/"
diff --git a/src/base.h b/src/base.h
index 3f124da0..9c75cc96 100644
--- a/src/base.h
+++ b/src/base.h
@@ -277,6 +277,7 @@ typedef struct {
 	buffer *ssl_cipher_list;
 	buffer *ssl_dh_file;
 	buffer *ssl_ec_curve;
+	unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
 	unsigned short ssl_use_sslv2;
 	unsigned short ssl_use_sslv3;
 	unsigned short ssl_verifyclient;
diff --git a/src/configfile.c b/src/configfile.c
index ab55b441..ba79a0eb 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -106,6 +106,7 @@ static int config_insert(server *srv) {
 		{ "ssl.dh-file",                 NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 63 */
 		{ "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
 		{ "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
+		{ "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */
 
 		{ "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
 		{ "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
@@ -177,6 +178,7 @@ static int config_insert(server *srv) {
 		s->max_write_idle = 360;
 		s->use_xattr     = 0;
 		s->is_ssl        = 0;
+		s->ssl_honor_cipher_order = 1;
 		s->ssl_use_sslv2 = 0;
 		s->ssl_use_sslv3 = 1;
 		s->use_ipv6      = 0;
@@ -247,6 +249,7 @@ static int config_insert(server *srv) {
 		cv[62].destination = &(s->ssl_use_sslv3);
 		cv[63].destination = s->ssl_dh_file;
 		cv[64].destination = s->ssl_ec_curve;
+		cv[65].destination = &(s->ssl_honor_cipher_order);
 
 		cv[49].destination = &(s->etag_use_inode);
 		cv[50].destination = &(s->etag_use_mtime);
@@ -339,6 +342,7 @@ int config_setup_connection(server *srv, connection *con) {
 	PATCH(ssl_cipher_list);
 	PATCH(ssl_dh_file);
 	PATCH(ssl_ec_curve);
+	PATCH(ssl_honor_cipher_order);
 	PATCH(ssl_use_sslv2);
 	PATCH(ssl_use_sslv3);
 	PATCH(etag_use_inode);
@@ -405,6 +409,8 @@ int config_patch_connection(server *srv, connection *con, comp_key_t comp) {
 #endif
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
 				PATCH(ssl_ca_file);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
+				PATCH(ssl_honor_cipher_order);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
 				PATCH(ssl_use_sslv2);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
diff --git a/src/network.c b/src/network.c
index b3b22228..b987e27d 100644
--- a/src/network.c
+++ b/src/network.c
@@ -632,6 +632,10 @@ int network_init(server *srv) {
 						ERR_error_string(ERR_get_error(), NULL));
 				return -1;
 			}
+
+			if (s->ssl_honor_cipher_order) {
+				SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+			}
 		}
 
 		/* Support for Diffie-Hellman key exchange */