OCSP stapling problems

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OCSP stapling problems

Hanno Böck-4
Hello,

I wanted to bring up an issue regarding OCSP stapling.
I filled this bug shortly after Firefox 27 came out:
https://bugzilla.mozilla.org/show_bug.cgi?id=972304

Short conclusion: If you have enabled OCSP stapling on your server this
will break the possibility to add certificate exceptions with Firefox
27.

I find it a bit worrying that this issue hasn't received any attention
yet. To make this clear: This made me disable OCSP stapling on my
production machines with customers. And it's a serious regression to
the previous version 26.

I think it's pretty obvious that OCSP stapling is an important feature
and to regain *really workiung* certificate revocation support in
browsers it's an important building block. So I think we should reach
out to server operators to enable it.
However, the longer this issue stays in Firefox the harder it will be,
because usually Server operators don't enable anything if it causes any
kind of trouble, no matter how much sense it makes in terms of security.

I'd prefer disabling OCSP stapling for now if it's causing such
regressions.

cu,
--
Hanno Böck
http://hboeck.de/

mail/jabber: [hidden email]
GPG: BBB51E42

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling problems

Brian Smith-19
On Tue, Mar 11, 2014 at 3:20 AM, Hanno Böck <[hidden email]> wrote:

> I wanted to bring up an issue regarding OCSP stapling.
> I filled this bug shortly after Firefox 27 came out:
> https://bugzilla.mozilla.org/show_bug.cgi?id=972304
>
> Short conclusion: If you have enabled OCSP stapling on your server this
> will break the possibility to add certificate exceptions with Firefox
> 27.
>
> I find it a bit worrying that this issue hasn't received any attention
> yet. To make this clear: This made me disable OCSP stapling on my
> production machines with customers. And it's a serious regression to
> the previous version 26.
>

First, it is important to point out to others reading this that this
problem only affects certificates that don't chain to a trusted root CA
and/or which are considered invalid by Firefox for some other reason.
AFAICT, there is no problem with OCSP stapling in Firefox for valid
(according to Firefox) certificates.

In Firefox 30 (or so), we will switch to a different way of verifying
certificates, including a different way of processing OCSP responses. In
the new way, we won't validate the OCSP response at all for a certificate
that we do not trust, whether it is stapled or not. I believe this will
resolve the issue you are experiencing.

Because we're overhauling all of the certificate verification processing,
and because this is an issue that only affects invalid certificates, and
because there is a workaround (disable OCSP stapling until Firefox 30 is
released), this isn't going to be a high priority. I understand that can be
frustrating but we'll never get the new certificate processing turned on if
we keep going back to fix these issues with the old certificate processing.

It would be great if you could test the new way of doing certificate/OCSP
verification. To do so, please download Firefox 30 Nightly from
http://nightly.mozilla.org/. After you install it, go to about:config and
add a new entry:

1. Right click in the list of preferences and choose New -> Boolean.
2. Enter the name security.use_insanity_verification
3. Change the value of the new pref to "true."

You may have to clear your cache and restart your browser for the change to
fully take effect.

If you try this, let me know if it resolves the issue for you.

Cheers,
Brian
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling problems

Hanno Böck-4
On Tue, 11 Mar 2014 11:01:26 -0700
Brian Smith <[hidden email]> wrote:

> First, it is important to point out to others reading this that this
> problem only affects certificates that don't chain to a trusted root
> CA and/or which are considered invalid by Firefox for some other
> reason. AFAICT, there is no problem with OCSP stapling in Firefox for
> valid (according to Firefox) certificates.
>
> In Firefox 30 (or so), we will switch to a different way of verifying
> certificates, including a different way of processing OCSP responses.
> In the new way, we won't validate the OCSP response at all for a
> certificate that we do not trust, whether it is stapled or not. I
> believe this will resolve the issue you are experiencing.
>
> Because we're overhauling all of the certificate verification
> processing, and because this is an issue that only affects invalid
> certificates, and because there is a workaround (disable OCSP
> stapling until Firefox 30 is released), this isn't going to be a high
> priority. I understand that can be frustrating but we'll never get
> the new certificate processing turned on if we keep going back to fix
> these issues with the old certificate processing.
I feel extremely uncomfortable with this. Basically this would mean
that this will make it into an ESR release of FF and maybe into a
Debian release, which will mean in effect I won't be able to
re-enable OCSP stapling for several years to come.

Let me just point out what my situation is, because I don't think I'm
alone with this:
I'm running a server with dozends of customers, all having their own
webpage. They have an option to use their own certs, but a lot of them
don't do that.
They access the backends of their CMSes by adding exceptions to the
cert warnings to their browsers.

Now I know it'd be better to tell them that they should all get their
real certificates. But frankly, it's not realistic that all of them
will. And the realistic alternative is that they start avoiding https
altogether if the possibility to add exceptions is taken away from them.

I hope this explains better what my worries about this are.


> It would be great if you could test the new way of doing
> certificate/OCSP verification. To do so, please download Firefox 30
> Nightly from http://nightly.mozilla.org/. After you install it, go to
> about:config and add a new entry:

I'll do that.

--
Hanno Böck
http://hboeck.de/

mail/jabber: [hidden email]
GPG: BBB51E42

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling problems

Hanno Böck-4
In reply to this post by Brian Smith-19
On Tue, 11 Mar 2014 11:01:26 -0700
Brian Smith <[hidden email]> wrote:

> It would be great if you could test the new way of doing
> certificate/OCSP verification. To do so, please download Firefox 30
> Nightly from http://nightly.mozilla.org/. After you install it, go to
> about:config and add a new entry:
>
> 1. Right click in the list of preferences and choose New -> Boolean.
> 2. Enter the name security.use_insanity_verification
> 3. Change the value of the new pref to "true."

I did that now with latest nightly and it indeed fixes the issue.

However, I'd really like to stress again that I'd find it a very
worrying signal if this issue will stay unfixed for three more major
firefox versions to come. I'm pretty sure if at some point we want to
get real certificate validation again and advocate for
widespread enabling of OCSP stapling this issue will hit us and prevent
adoption.

--
Hanno Böck
http://hboeck.de/

mail/jabber: [hidden email]
GPG: BBB51E42

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling problems

David Keeler-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/14/14 07:18, Hanno Böck wrote:
> However, I'd really like to stress again that I'd find it a very
> worrying signal if this issue will stay unfixed for three more
> major firefox versions to come. I'm pretty sure if at some point we
> want to get real certificate validation again and advocate for
> widespread enabling of OCSP stapling this issue will hit us and
> prevent adoption.

Here's my take on the situation:
OCSP stapling is a way for a site operator to opt in to an enhanced
security situation. By enabling it, they're saying, "I want to
increase the assurance that my users are communicating with this site
over a secure channel that no one is eavesdropping on or tampering with".
However, when a site operator instructs users to add an exception,
this causes a decreased security situation. This is because a
man-in-the-middle attacker can simply present any certificate
whatsoever and users will click through to add an exception. At that
point, there is no expectation of security.
The question is, what's the right thing for Firefox to do? Does it
take OCSP stapling as an indication that it should be more strict and
secure? Or does it allow certificate exceptions that leave users open
to attack?
I don't know the right answer to this, but luckily there's a way to
have our cake and eat it too. As far as I can tell, the underlying
issue is that the CA that issued the certificate you're expecting
users to add an exception for is not in Mozilla's root certificate
program. Until it is, all your users (should) need to do is download
the CA certificate and import it by going to Preferences -> Advanced
- -> Certificates -> View Certificates -> Authorities and clicking
"Import..." (After that, they may have to find it in the list of
authorities, select it, click "Edit Trust..." and make sure the "This
certificate can identify websites" box is checked.) If this doesn't
work, please file a bug.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTIzRSAAoJEJBTbq/bQjV9EW0P/0SZLDuIzDGlsT1adsHj3yis
ycB/nVMP/bJGzo7w9CgNd8EnSnGPax5BrwBq8YZhGwVQLkRkyL6Q61RvQfDz2NqT
Mi/8Pfs771N+MFflv/r2h8mLjeV2CEssc+SmnmfiUk+YD76le9XhlTO75wipnX6m
Ltco4947auS5oRE5Ohcy2HYTgaXHCiOw0DiR33E4Q9HLF3/OhQYWyeJGN5mz59vJ
5AvFi4Jl/dSXpdB0bs++PxnY5UutDCqHI0McFN57A0Hc2WLWCkOsq1T/a21wMWb8
bEkS+Zh2kTo9WBNIVjVA/oVPJrNVy9w3FNLlwrmAsyUxBcIcPZ9QjZtp/cykHEnC
dmi6YPvzttvdy5WjM/wJKaprSCdkPw49pbt2i7wqkCTKaeT3O1iR9cOsg1RD42dO
7S/Bis+GsLJm5vUsE1dyU6owUI0grudqnkukH6b5dYSGXCHHnn4QfcR6TlKexjnw
6aKvBtYga463tyqJDnB3x9CtooGgzdqGREpg5o95RJ7dnBuZVW7tiCMRLGlJC7UF
HiiAi80s/Qy6DVXsgf96YkJ+AW7ACgfmbTyqy71+6DaC6BD2xSV4aa6pW3Fkb0h9
hy1OwD/vkZ15Qaw97I09rqrR4yM6H5KPszSBx6AjMwoFLWJ0k3T1QW0JFlKp9Mf7
xaWTjAsS+y+3cPcOyxgF
=2klC
-----END PGP SIGNATURE-----
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto