elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled
x-ref:
"Using X25519 Key exchange"
https://redmine.lighttpd.net/issues/2833
"SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
https://github.com/openssl/openssl/issues/1437
It has been removed from OpenSSL 1.1.0.
Here is the relevant CHANGES entry:
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means
that the "-no_ecdhe" option has been removed from s_server.
[Kurt Roeckx]
(similar to Apache mod_ssl SSLOpenSSLConfCmd directive)
(experimental)
This new directive is for use with OpenSSL only, and is not currently
available in LibreSSL.
https://wiki.openssl.org/index.php/Manual:SSL_CONF_cmd(3)
lighttpd takes "file commands" not "command line commands" as
openssl SSL_CONF_cmd() appears to permit only one mode at a time.
lighttpd processes this directive after all other ssl.* directives
have been applied for the $SERVER["socket"] scope.
x-ref:
"Option to disable TLS session tickets"
https://redmine.lighttpd.net/issues/2758
"Allow to selectively disable TLS 1.0, 1.1 and 1.2 versions"
https://github.com/lighttpd/lighttpd1.4/pull/84
github: closes #84
error if ssl.engine in wrong section of config.
ssl.engine is valid only in global scope or $SERVER["socket"] condition
x-ref:
"HTTPS requests timeout when cert not set for socket"
https://redmine.lighttpd.net/issues/2837
set ssl.read-ahead = "disable" by default (modifies commit f4e1357d)
Given various reports from users of embedded systems, the default is
being changed to do the sane thing for these systems. This is the
right setting on slow embedded systems for which decoding SSL input
is slower than receiving that input over the network.
On the other hand, for faster systems, ssl.read-ahead = "enable" is
recommended for a slight performance gain and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
remove erroneous call to SSL_set_shutdown()
(historical from commit:3888c103)
(erroneous since lighttpd 1.4.40 moved to bidirectional input/output)
x-ref:
"wstunnel sample config"
https://redmine.lighttpd.net/boards/2/topics/7600
copy small mem chunks into single large buffer before SSL_write()
to reduce number times write() called underneath SSL_write() and
potentially reduce number of packets generated if socket TCP_NODELAY
set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope
It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)
On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
ssl.ca-dn-file is used to send list of valid CA DNs to client for client
cert verification. If ssl.ca-dn-file is not specified, then the CAs in
ssl.ca-file are used.
client certs are validated against the set of certs from both
ssl.ca-dn-file and ssl.ca-file, but issuer of cert provided by
client must be in ssl.ca-dn-file if ssl.ca-dn-file is specified.
(certs should not need to be in to both ssl.ca-file and ssl.ca-dn-file)
(thx m4t)
If lighttpd is started privileged, then SSL/TLS modules need to be
initialized prior to chroot (optional) and prior to dropping privileges
in order to be able to read sensitive files such as private certificates
(thx m4t)
provide a safer X590_NAME_oneline() with return value semantics similar
to those of snprintf() and use safer_X509_NAME_oneline() to set
SSL_CLIENT_S_DN when client cert is validated.
The manpage for X509_NAME_oneline() says:
The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.
Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
github: closes #63, closes #83
x-ref:
"support SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN"
https://redmine.lighttpd.net/issues/2693https://github.com/lighttpd/lighttpd1.4/pull/63https://github.com/lighttpd/lighttpd1.4/pull/83
ignore client verification error if not enforced
e.g. *not* ssl.verifyclient.enforce = "enable"
github: closes #83
x-ref:
"ignore client verification error if not enforced"
https://github.com/lighttpd/lighttpd1.4/pull/83
(original patch by mackyle)
The ssl.ca-dn-file option provides independent control of
the "certificate_authorities" field (see RFC 5246 section
7.4.4 Certificate Request) separate from the actual list
of trusted certificate authorities used for client
certificate verification.
It may be necessary to send a hint that includes the DN
of a non-root client CA in order to receive the correct
certificate from the client, but such a non-root CA really
does not belong in the trusted client root CA list.
Signed-off-by: Kyle J. McKay mackyle@gmail.com
github: closes #64
x-ref:
"add support for ssl.cadn-file"
https://redmine.lighttpd.net/issues/2694https://github.com/lighttpd/lighttpd1.4/pull/64
If lighttpd.conf is invalid, some modules may not have initialized their
per-context config structures, but will have their free-functions
called, which should not be run on uninitialized per-context configs.
x-ref:
"Segfault with simple-vhost.debug = "enable""
https://redmine.lighttpd.net/issues/2798
inherit ssl.* from global scope if $SERVER["socket"] contains
ssl.engine = "enable" and no other ssl.* settings
(In earlier versions of lighttpd, specifying ssl.engine = "enable"
without specifying ssl.pemfile was a configuration error, so this
change should not break any pre-existing and previously working
configs)
x-ref:
https://github.com/pfsense/FreeBSD-ports/pull/284
re-patch mod_openssl config within the request so that per-request
settings can be applied, such as activating client cert verification
for specific URL paths.
(This can be used in conjunction with auth.backend = "extern"
to require auth to occur)
x-ref:
"SSL : authenticate only clients for a particular URL"
https://redmine.lighttpd.net/issues/2245
large code move, but minimal changes made to code (besides whitespace),
so that code builds
next: need to isolate openssl data structures and config parsing
Glenn Strauss
Gaël PORTAY