Closed Bug 1722376 Opened 3 years ago Closed 3 years ago

CERTIFICATE - SECURITY - LETSENCRIPTY - MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Categories

(Core :: Security: PSM, defect)

Firefox 90
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: francielle, Unassigned)

Details

Attachments

(1 file)

Attached image TLS FEATURE MISSING.png

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36

Steps to reproduce:

Hi, I work at iCasei, a brazilian company, we create websites and we have issued security certificates for our customers' domains and recently it has often not worked in firefox browser. In my report I bring the case of a domain that had the certificate issued last week and it is no longer possible to access it by firefox browser, but we have more cases.

goto site https://fernandaerafaelcasamnabahia.com/

Actual results:

Got an error page: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Expected results:

Should load the mentioned site.

Group: firefox-core-security → crypto-core-security
Component: Untriaged → Security: PSM
Product: Firefox → Core

The certificate for that site has an extension called "TLS feature" that communicates to the browser that the server must include a stapled OCSP response in the TLS handshake. Since the server isn't including a stapled OCSP response, Firefox rejects the certificate. You need to either have your customers turn on OCSP stapling or you need to stop issuing certificates with that extension. See https://datatracker.ietf.org/doc/html/rfc7633

Group: crypto-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: