Source: lighttpd Version: 1.4.35-2 Severity: minor In version 1.4.30-1, the following line was included in default conf-available/10-ssl.conf as mitigation for BEST attack:
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" NEWS file refers to [1] which back then [2] suggested using the above cipherlist. But BEST affected only CBC suites in TLS 1.0 and there was never any reason to disable AES-GCM. Referenced blog post also gave no justification for it. GCM suites have been, and still are, considered the best choice available in OpenSSL so it's definitely a bad idea to disable them by default. Please check the updated post [1]. [1] http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html [2] https://web.archive.org/web/20111216165019/http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
