Closed Bug 341271 Opened 19 years ago Closed 18 years ago

Firefox incorrectly requires keyEncipherment key usage in server certificate for SSL

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 237877

People

(Reporter: shawn1941, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 I've been experiencing the error -8102 when attempting to access certain SSL sites, and after searching the web, I've found that so have a lot of other people. These sites all are browsable by Internet Explorer, but not by Firefox. Specifically, I found a closed bug report on bugzilla for bug 143280. I believe this bug was closed inappropriately, and since I cannot reopen the bug report, I'm submitting anew report. In one of the comments listed for 143280, one of the official replies indicates this: "To be valid as an SSL server cert with an RSA public key, the cert must be allowed for key encipherment, which this cert is not." This is not true. An RSA key can be used with a verification certificate through the use of the ciphersuite DHE_RSA. It is true for the 'RSA' ciphersuite, an encryption certificate must be used, but RFC 2246 states that with DHE_RSA, the corresponding key type is "RSA public key which can be used for signing.", and so it is not necessary to have keyEncipherment set. As such, any valid certificate using RSA as the key type without key encipherment set (unless key usage is not defined) will be rejected incorrectly. I have verified this to be true on a number of sites that are not publicly available, so I used a site that was listed in another bug reported, tagged as a duplicate to 143280. Thank you. Reproducible: Always Steps to Reproduce: 1.Go to https://www.ultimatix.net using Internet Explorer, don't worry about the warning, it just means it's not signed by a trusted CA. 2.Examine the certificate's key usage, it will only contain the digital signature and non-repudiation bits. 3.Now visit with Firefox, and it will complain that it's completely invalid.
Component: Security → Libraries
Product: Firefox → NSS
I thought I would just add exactly where in the RFC the information on this can be found. I understand why the mistake was made, as in section 7.4.2. 'Server certificate', it states the key types that are allowed with the given cipher suites: Key Exchange Algorithm Certificate Key Type RSA RSA public key; the certificate must allow the key to be used for encryption. [ other ciphersuites omitted for the sake of brevity ] DHE_RSA RSA public key which can be used for signing. So, unfortunately I believe that the 'RSA' line was misinterpreted to mean the entire RSA algorithm, instead of the RSA cipher suite, where the premaster secret is exchanged by being encrypted for the server's certificate. DHE_RSA involves a normal Diffie-Hellman key exchange with an ephemeral key, where the server's portion is signed using the given key, using a 'server key exchange' message (I believe... it's been a while since I read the whole spec.).
Hi, Any updates on this bug? This has been confirmed here as well http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400947 There's been no movement here on this bug for quite some time and it still persists. Regards, Siddhesh
QA Contact: firefox → libraries
I'm sure the reason this bug has not been looked at or confirmed is because there seems to be a general attitude that IE is 'insecure', and that's why it allows the certificate to be used in an SSL exchange. The problem is that the use of such an inappropriate certificate during an SSL exchange would be indicative of a problem in the web server, in our case, Apache. The fact that Apache, the golden boy of the open source community, allows the use of a RSA verification certificate for an SSL session should be a clear message to those who work on Firefox that it is acceptable. Opera and Konqueror also accept the verification certificate as valid, so it's only Firefox that doesn't. Again, this is a misinterpretation of the SSL spec. There is a cipher suite named 'RSA' which is essentially RSA with an encryption cert. RSA with a verification cert is achieved through a Diffie-Hellman key exchange, where the exchanged parts are signed by the server to provide authentication (prevent man-in-the-middle attacks). This is perfectly valid, and has long been in the SSL spec. Unfortunately, the SSL spec indicates (paraphrasing) 'For RSA, an encryption certificate must be used'. This refers to the cipher suite, not the algorithm. Please fix this.
> I'm sure the reason this bug has not been looked at or confirmed is because No, it's because this bug is a duplicate of one or more other old NSS bugs, and resolving duplicates bugs is a low priority task.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
(In reply to comment #4) > > I'm sure the reason this bug has not been looked at or confirmed is because > No, it's because this bug is a duplicate of one or more other old NSS bugs, > and resolving duplicates bugs is a low priority task. > I apologize then, although it has been almost a year since this was submitted, so I would have expected it to be marked as a duplicate by now. Thanks for clearing this up.
You need to log in before you can comment on or make changes to this bug.