Skip to content

releases

  • in releases
  • 3 min read

1.4.34

Important changes

There have been some important security fixes pending (which you should already have gotton through your favorite distribution); I am sorry for the delayed release (we probably should communicate security bugs on our page and mailing lists too for those who are not following oss-security).

We updated the “standard” ssl cipher string recommendation to ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"; see below for the detailed reasons.

Regression warning

The fix for lighttpd SA-2013-01 (CVE-2013-4508, “Using possibly vulnerable cipher suites with SNI”) includes a regression:

Each SSL_CTX also gets loaded with all values for ssl.ca-file from all blocks in the config.

This means that your ssl.ca-files must not contain cyclic chains and should use unique subject names.

See Debian Bug - #729555 for more details.

Security fixes

OpenSSL cipher string recommendation

The cipher string recommendation is based on ssllabs’ SSL/TLS Deployment Best Practices 1.3 / 17 September 2013:

  • BEAST is considered mitigated on client side now and new weaknesses have been found in RC4, so it is strongly advised to disable RC4 ciphers (HIGH doesn’t include RC4)
  • It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, so you might want to support 3DES for now - just remove the !3DES parts below; replace it with +3DES !MD5 at the end to prefer AES128 over 3DES and to disable the 3DES variant with MD5).
  • It prefers ciphersuites with “Forward Secrecy” and ECDHE over DHE (alias EDH); remove +kEDH +kRSA if you don’t want that.
  • SRP and PSK are not supported anyway, excluding those (!kSRP !kPSK) just keeps the list smaller (easier to review)
  • As almost all keys these days are RSA limiting to aRSA+HIGH make the lists even smaller. Use HIGH instead of aRSA+HIGH for a more generic version.
  • If you want to enforce “Forward Secrecy” (breaks some clients) replace +kRSA with -kRSA.

Not included on purpose:

  • STRENGTH: the list from HIGH is already ordered, reordering is not required. STRENGTH also prefers 3DES over AES128.
  • !SSLv2, !EXPORT, !eNULL, !DES, !RC4, !LOW: HIGH shouldn’t include those ciphers in recent openssl versions, no need to remove them. If you are using an old version, appending !RC4 !NULL should fix it (and does no harm in recent versions). Consider upgrading too - you probably are missing TLS1.2.
  • !MD5: HIGH might include a 3DES cipher with MD5 on old systems; !3DES should remove MD5 too.
  • !aNULL, !ADH: doesn’t matter on server side, and clients should always verify the server certificate, which fails when the server doesn’t have one.

You can check the cipher list with: openssl ciphers -v 'aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK' | column -t (use single quotes as your shell won’t like ! in double quotes).

The default DH-parameters included in lighttpd are only 1024-bit; some implementations out there can’t handle more, and you can’t negotiate them. To fix this you have two options:

  • Remove the DH ciphers: replace +kEDH with -kEDH.
  • Use 4096-bit paramters and break clients with which you would negotiate DH but only support 1024-bit paramters. Put the following (in gnutls included) parameters in a file and set them with the ssl.dh-file option:
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU=
-----END DH PARAMETERS-----

Downloads

  • in releases
  • 2 min read

1.4.33

Time to get some fixes out; nothing special, just many small fixes - and some new features.

Downloads

  • in releases
  • 2 min read

1.4.32

Important changes

One important denial of service (in 1.4.31) fix: CVE-2012-5533.

Downloads

External references

1.4.31 - Diablo servers are down again, back to work

Important changes

Many important changes - fixed a segfault (crash on first https request), disabled mmap due to possible crash if the file is truncated while reading and more.

If you still want to use mmap you can use ./configure --enable-mmap, but check #2391 before.

Downloads

  • in releases
  • 2 min read

1.4.30 - Faster than santa, your first present this year!

And lighttpd 1.4 is still alive :)

Especially for ssl users this release should be important: by setting

ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

you can mitigate BEAST attacks.\ Also check your site with Qualys SSL Labs Server Test

Important changes

  • [mod_auth] Fix signedness error in http_auth (CVE-2011-4362)
  • ssl: disable client initiated renegotiations
  • ssl: support mitigating BEAST attack
  • fix connection stalls

Downloads

In the comments for 1.4.29 we were asked for a launchpad repository for ubuntu. This is not going to happen (launchpad sucks), but we have repositories for some dists on build.opensuse.org.\ Checkout GetLighttpd, or server:http/lighttpd or home:stbuehler/lighttpd on build.opensuse.org.\

1.4.29

Important changes

  • solve name conflict of md5 functions with OpenSSL lib
  • mod_proxy, mod_cgi and other mod_*cgi fixes
  • ssl improvements
  • Native solaris ports fdevent handler “solaris-eventports”

Downloads

  • in releases
  • 1 min read

1.4.28

1.4.27 introduced some serious bugs in our fdevent system; one resulted in segfaults with FreeBSD; this should be fixed now.

Downloads

  • in releases
  • 2 min read

1.4.27 - P != NP for N != 1 and P != 0

It has been a long time since the last release again, and again we have many bug fixes - and some small new features, check the following summary or the complete list below.

There have been fixes for ssl (SNI handling and the SSL_CTX_set_options fix) and mod_cgi and mod_proxy (response handling).

There is a new fdevent handler “libev”; “linux-rtsig” got removed.

And we bind now IPv6 sockets to IPv6 only in almost all cases (we disable “dual-stack”), see IPv6-Config for details.

Downloads

  • in releases
  • 1 min read

1.4.26 - Chinese dragon

There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection and an OOM/DoS vulnerability)

Downloads

  • in releases
  • 1 min read

Security Announce: slow request DoS/OOM attack

Li Ming reported a serious bug in lighttpd:

If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes.

See:

The bug is tracked as CVE-2010-0295.

As far as we know all versions are affected.