Bug #2553
closedNew lighttpd breaks connections from Safari on iOS
100%
Description
After the recent lighttpd upgrade to 1.4.31, iOS clients have issues connecting with Safari (Chrome on iOS is OK)
Error on the iOS client is:
Cannot Open Page Safari cannot open the page because it could not establish a secure connection to the server. [OK]
The error seems to be an issue with mobile Safari and self-signed certificates, or certificates in general.
In lighttpd's changelog (http://redmine.lighttpd.net/versions/28) they list this:- ssl: disable client initiated renegotiations
- ssl: support mitigating BEAST attack
There is a knob for ssl.disable-client-renegotiation to enable/disable but toggling that in lighttpd didn't help the client connect at all.
The BEAST attack mitigation involved changing the cipher order. If I use the "old" or "new" value for ssl.ciphers it does connect:
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2814/diff/branches/lighttpd-1.4.x/doc/config/lighttpd.conf
Works (theirs):
ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
Does not work (ours):
ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"
Because we bumped lighty to fix those CVEs on both 2.0.x and 2.1 this affects both branches.
Updated by Jim Pingle over 12 years ago
Had a moment to iterate over our options and see which was causing the problem.
If I take out
TLSv1+HIGH
Then it works.
Updated by Jim Pingle over 12 years ago
Our list expands to:
# openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH' DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
So I used that list directly, and tried each cipher one by one, and found that the cipher breaking Safari is:
DHE-RSA-AES256-SHA
So if we use the ssl.cipher-list equivalent like so, it continues to work:
ssl.cipher-list = "DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH"
Commit pending, confirmed to work on 2.0.2 and 2.1 for me.
Updated by Jim Pingle over 12 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 3cd2ea2c5c7a5bd98ce0efc8de5f568d3226c8ea.
Updated by Warren Baker over 12 years ago
I cant seem to find anything on developer.apple.com to give insight into what iOS supports.
On http://developer.apple.com/library/ios/#DOCUMENTATION/AppleApplications/Reference/SafariWebContent/CreatingContentforSafarioniPhone/CreatingContentforSafarioniPhone.html they mention the following:
Use Security Features Safari on all platforms uses the same SSL implementation to provide end-to-end security. The same encryption that prevents listening on the wire is just as secure when used in a wireless situation, whether through Wi-Fi, 3G, or EDGE. Specifically, Safari supports: SSL 2, SSL 3, and TLS with many popular cipher suites RSA keys up to 4096 HTTPS iOS Note: Note that the Diffie-Hellman protocol, DSA keys, and self-signed certificates are not available on iOS.
Updated by Jim Pingle over 12 years ago
Applied in changeset d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.
Updated by Jim Pingle over 12 years ago
- Status changed from Feedback to Resolved