Bug #2553: New lighttpd breaks connections from Safari on iOS - pfSense - pfSense bugtracker

Bug #2553

New lighttpd breaks connections from Safari on iOS

Added by Jim P 10 months ago. Updated 9 months ago.

Status:

Resolved

Start date:

07/18/2012

Priority:

High

Due date:

Assignee:

% Done:

100%

Category:

Web Interface

Target version:

2.1

Affected version:

2.0.x

Affected Architecture:

Description

After the recent lighttpd upgrade to 1.4.31, iOS clients have issues connecting with Safari (Chrome on iOS is OK)

Error on the iOS client is:

Cannot Open Page
Safari cannot open the page because it could not establish a secure connection to the server. [OK]

The error seems to be an issue with mobile Safari and self-signed certificates, or certificates in general.

In lighttpd's changelog (http://redmine.lighttpd.net/versions/28) they list this:

ssl: disable client initiated renegotiations
ssl: support mitigating BEAST attack

There is a knob for ssl.disable-client-renegotiation to enable/disable but toggling that in lighttpd didn't help the client connect at all.

The BEAST attack mitigation involved changing the cipher order. If I use the "old" or "new" value for ssl.ciphers it does connect:
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2814/diff/branches/lighttpd-1.4.x/doc/config/lighttpd.conf
Works (theirs):

ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

Does not work (ours):

ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"

Because we bumped lighty to fix those CVEs on both 2.0.x and 2.1 this affects both branches.

Associated revisions

Revision d4f8cb1a
Added by Jim P 10 months ago

Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553

Revision 3cd2ea2c
Added by Jim P 10 months ago

Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553

History

#1 Updated by Jim P 10 months ago

Description updated (diff)

#2 Updated by Jim P 10 months ago

Had a moment to iterate over our options and see which was causing the problem.

If I take out

TLSv1+HIGH

Then it works.

#3 Updated by Jim P 10 months ago

Our list expands to:

# openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH'
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5

So I used that list directly, and tried each cipher one by one, and found that the cipher breaking Safari is:

DHE-RSA-AES256-SHA

So if we use the ssl.cipher-list equivalent like so, it continues to work:

ssl.cipher-list = "DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH"

Commit pending, confirmed to work on 2.0.2 and 2.1 for me.

#4 Updated by Jim P 10 months ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset 3cd2ea2c5c7a5bd98ce0efc8de5f568d3226c8ea.

#5 Updated by Warren Baker 10 months ago

I cant seem to find anything on developer.apple.com to give insight into what iOS supports.
On http://developer.apple.com/library/ios/#DOCUMENTATION/AppleApplications/Reference/SafariWebContent/CreatingContentforSafarioniPhone/CreatingContentforSafarioniPhone.html they mention the following:

Use Security Features

Safari on all platforms uses the same SSL implementation to provide end-to-end security. The same encryption that prevents listening on the wire is just as secure when used in a wireless situation, whether through Wi-Fi, 3G, or EDGE. Specifically, Safari supports:

SSL 2, SSL 3, and TLS with many popular cipher suites
RSA keys up to 4096
HTTPS
iOS Note: Note that the Diffie-Hellman protocol, DSA keys, and self-signed certificates are not available on iOS.

#6 Updated by Jim P 9 months ago

Applied in changeset d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.

#7 Updated by Jim P 9 months ago

Status changed from Feedback to Resolved

Also available in: Atom PDF

pfSense

Issues

Custom queries