Open Bug 1845855 Opened 2 years ago Updated 2 years ago

hook up client authentication when neqo supports it

Categories

(Core :: Security: PSM, enhancement, P5)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: edelbitter, Unassigned)

References

Details

(Whiteboard: [psm-blocked])

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

  1. connect to TLSv1.3 server that sends satisfiable "Certificate Request" in Handshake

Actual results:

a) when using HTTP/1.1: Certificate, intermediates and signature sent
b) when using HTTP/2: Certificate, intermediates and signature sent
c) when using HTTP/3: Certificate section sent, length=0 (server may then refuse "400 Bad Request" or ask for alternate auth)

Expected results:

x) client certificate sent, regardless of HTTP version

Server-Side Mitigation:
d) entirely disable HTTP/3 again
e) detect Firefox & add header "Alt-Svc: clear"

Not workable Mitigation:
f) trust (fast/parallel) fallback: too disruptive with multiple requests; also may flip flop

Diagnostic Hints:

The combination mTLS and HTTP/3 is not common yet. It is entirely possible that this was broken from the very day HTTP/3 was enabled.

https://searchfox.org/mozilla-central/search?q=SSL_GetClientAuthDataHook

security/manager/ssl/nsNSSIOLayer.cpp

https://searchfox.org/mozilla-central/search?q=SSL_AuthCertificateHook

security/manager/ssl/nsNSSIOLayer.cpp
hird_party/rust/neqo-crypto/bindings/bindings.toml
third_party/rust/neqo-crypto/src/agent.rs

Mind peculiarities around NS_HTTP_LOAD_ANONYMOUS, upgrade/fallback/coalescing behaviour would ideally match HTTP/2

Bug found while searching for dupes, might share common diagnostic steps:

https://bugzilla.mozilla.org/show_bug.cgi?id=1839600
https://bugzilla.mozilla.org/show_bug.cgi?id=1761946
https://bugzilla.mozilla.org/show_bug.cgi?id=1091857

Reproduction is easier when disabling extra connections:

network.trr.mode = 5
network.webtransport.enabled = false
security.tls.version.max = 4
security.tls.version.min = 4
security.tls.enable_0rtt_data = false
network.http.max-connections = 1
browser.urlbar.speculativeConnect.enabled = false
network.http.http3.backup_timer_delay = 0
network.dns.httpssvc.http3_fast_fallback_timeout = 0
network.http.http3.alt-svc-mapping-for-testing = example.org;h3=":443"
network.http.http3.enable_0rtt = false
network.http.http3.parallel_fallback_conn_limit = 0

Packet captures more readable when disabling retry

e.g for nginx/1.25.1 + OpenSSL/3.0 use:

server {
    server_name example.org;
    listen [::]:443 quic reuseport;
    quic_retry off;
    http3 on;
    ssl_verify_client on;
    ssl_client_certificate /etc/ssh/ca.example.org.crt.
    ssl_certificate /etc/ssl/example.org.secp384r1.crt;
}

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security: PSM
Product: Firefox → Core

neqo, the library that implements quic in Firefox, doesn't support client authentication yet: https://github.com/mozilla/neqo/issues/112

Severity: -- → N/A
Type: defect → enhancement
Priority: -- → P5
See Also: → https://github.com/mozilla/neqo/issues/112
Summary: Firefox fails to act on otherwise working client certificate requests when using QUIC → hook up client authentication when neqo supports it
Whiteboard: [psm-blocked]
Version: Firefox 115 → Trunk
You need to log in before you can comment on or make changes to this bug.