Open Bug 949918 Opened 11 years ago Updated 6 months ago

Add support for the PreferredSignatureAlgorithms OCSP request extension to the OCSP stapling extension in the ClientHello

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

+++ This bug was initially created as a clone of Bug #943651 +++

RFC 6990 section 4.4.7 defines an OCSP request extension wherein the OCSP request can indicate that the client supports/prefers additional signature algorithms.

RFC 6066 section 8 defines the status_request (OCSP stapling) extension. Part of the status_request extension is a sequence of OCSP request extensions that the client supports. We should add the PreferredSignatureAlgorithms extension to this list of extensions. We will need to be weary of compatibility risk, though.
There may be a compatibility issue with OpenSSL if we do this. See:
https://www.mail-archive.com/openssl-dev@openssl.org/msg33359.html

> Hi,
> we got a problem with OCSP stapling and nginx.
> But nginx is just a socket processor for OpenSSL,
> so looks like I should describe the problem here.

> During the handshake some browsers send TLS
> extension "certificate status"
> with more than 5 bytes in it.
> In Nginx error_log it looks like:

> [crit] 8721#0: *35 SSL_do_handshake() failed (SSL: error:0D0680A8:asn1
> encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D08303A:asn1 enco
> ding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:1408A0E3:SSL
> routines:SSL3_GET_CLIENT_HELLO:parse tlsext) while SSL handshaking, client:

> If we disable OCSP stapling - everything works fine. Looks like the problem
> is on the browser side and in OpenSSL tls ext parsing function. But can we
> make it just ignore the incorrect (?) tls extension than dropping SSL
> hanshake?
> 
> Here is a list of user-agents which we were able to get on the same IPs
> after disabling OCSP stapling.
> 
> Opera/9.80 (Windows NT 5.1) Presto/2.12.388 Version/12.16
> Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.16
> Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16
> Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/31.0.1650.63 Safari/537.36

I tried to reproduce this with Opera 9 and Opera 12.16 but I found that the status_request extension in the client hello is 5 bytes, like NSS also uses.
No longer blocks: 942515
See Also: → 942515
Severity: normal → S3
Severity: S3 → N/A
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.