Closed Bug 1910094 Opened 1 year ago Closed 1 year ago

Firefox Accepts Certificate with Key Usage: Key Encipherment, While Chrome Rejects It

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Other Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 970760

People

(Reporter: 2295456556, Unassigned)

Details

Attachments

(7 files)

[51.159.29.21.der]18f33e521721751687.crt
1.24 KB, application/x-x509-ca-cert
Details
[51.159.29.21.der]18f33e521721751687.der
880 bytes, application/x-x509-ca-cert
Details
[51.159.29.21.der]18f33e521721751687CA.crt
1.05 KB, application/x-x509-ca-cert
Details
[51.159.29.21.der]18f33e521721751687CA.der
739 bytes, application/x-x509-ca-cert
Details
hosts.png
56.57 KB, image/png
Details
nginx_config.png
50.41 KB, image/png
Details
rsa_pri_2048.pem
1.69 KB, application/octet-stream
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0

Steps to reproduce:

1.Generating a mutated digital certificate with an additional Subject Alternative Name (SAN) of "ypj.test.com", along with its corresponding root CA and private key.
2.Configuring an Nginx web server to use the mutated certificate and private key in HTTPS mode.
3.Setting up the local machine (127.0.0.1) as the server and mapping "ypj.test.com" to 127.0.0.1 in the hosts file.
4.Adding the root CA to the system's trusted root certificate store using certutil.
5.Running nginx.exe. Accessing the URL "https://ypj.test.com:443" in a web browser, where the certificate's SAN matches the URL.

Firefox-version-113.0

Actual results:

Firefox accepts a terminal certificate with key usage set to "Key Encipherment", whereas Chrome rejects the same certificate and displays the error "ERR_SSL_KEY_USAGE_INCOMPATIBLE".
Key Encipherment is typically used for encrypting key exchanges rather than for server authentication. Accepting such a certificate could mean that Firefox allows the use of non-standard certificates, thereby increasing security risks. Additionally, users switching between different browsers may encounter inconsistent behavior, which could lead to user confusion and undermine trust in the browser's reliability.

Expected results:

Both Firefox and Chrome should consistently handle the terminal certificate. Ideally, if the certificate is not suitable according to the standards, both browsers should reject it or provide a clear and consistent error message.

Attached image hosts.png
Attached image nginx_config.png
Attached file rsa_pri_2048.pem

This is essentially bug 970760. Incidentally, the baseline requirements section 7.1.2.7.11 states that for RSA public keys, "the keyEncipherment bit MAY be asserted to support older protocols, such as TLS 1.2, when using insecure ciphersuites."

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: 970760
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: