OCSP stapling broken with 1.15.4

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OCSP stapling broken with 1.15.4

Bernardo Donadio
Hi.

I've noticed that OCSP stapling was broken by 1.15.4, as you may see below:

---------- nginx 1.15.4 with OpenSSL 1.1.1 final --------
$ openssl s_client -connect bcdonadio.com:443 -tlsextdebug -status
CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "extended master secret" (id=23), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bcdonadio.com
verify return:1
OCSP response: no response sent
---
Certificate chain
 0 s:/CN=bcdonadio.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[long ASCII-armored certificate here]
-----END CERTIFICATE-----
subject=/CN=bcdonadio.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3520 bytes and written 326 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
[long session id here]
    Session-ID-ctx:
    Master-Key:
[long master key here]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
[long session ticket here]
    Start Time: 1538394643
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
---------- nginx 1.15.4 with OpenSSL 1.1.1 final --------

---------- nginx 1.15.3 with OpenSSL 1.1.1 final --------
$ openssl s_client -connect bcdonadio.com:443 -tlsextdebug -status
CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "status request" (id=5), len=0
TLS server extension "extended master secret" (id=23), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bcdonadio.com
verify return:1
OCSP response:
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    Produced At: Sep 30 06:00:00 2018 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
      Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
      Serial Number: 0338F3E6D2512FBF1BC91E766E237FE3E319
    Cert Status: good
    This Update: Sep 30 06:00:00 2018 GMT
    Next Update: Oct  7 06:00:00 2018 GMT

    Signature Algorithm: sha256WithRSAEncryption
         08:c1:47:f6:db:c1:21:da:14:6f:69:ee:8e:fd:b7:ad:82:4c:
         fa:d9:b8:03:93:a3:eb:ba:48:41:f7:d6:70:24:4a:79:e0:9a:
         a5:59:ea:d0:e6:ab:e1:ab:bf:60:b9:b4:0a:e1:18:de:a4:f6:
         73:ee:74:82:16:f2:88:4f:df:62:18:fc:ec:64:4b:00:46:13:
         25:ad:37:35:bc:e1:cc:96:d2:8b:af:26:62:5a:c3:f7:72:ad:
         d5:da:1b:70:96:c6:b6:e6:2b:06:5f:ab:61:49:ca:1a:a2:ac:
         b7:eb:91:1e:73:d3:e2:b1:dd:d9:f2:bc:58:e1:3f:07:78:f6:
         4b:d5:46:a8:89:80:9b:dd:d1:99:8f:2a:06:06:13:f4:93:dd:
         19:b3:ca:b6:77:3d:fa:eb:e4:11:58:ba:e4:41:f0:8a:df:9e:
         9a:81:96:49:16:12:ec:5a:eb:49:67:4f:bc:44:0e:4d:a3:c4:
         f4:f1:a0:43:aa:d4:fb:5f:59:7e:b8:a9:52:81:63:05:f2:37:
         b6:23:5a:59:82:95:3a:cf:23:8a:ee:89:40:40:bb:93:81:68:
         5a:38:b4:d0:e4:ff:eb:d7:c4:e6:de:27:50:73:d6:0e:53:97:
         33:4c:e9:44:21:d6:e6:eb:a4:73:c7:68:3a:af:a6:0a:6e:fa:
         df:92:ec:c2
======================================
---
Certificate chain
 0 s:/CN=bcdonadio.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[long ASCII-armored certificate here]
-----END CERTIFICATE-----
subject=/CN=bcdonadio.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4064 bytes and written 326 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
[long session id here]
    Session-ID-ctx:
    Master-Key:
[long master key here]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
[long session ticket here]
    Start Time: 1538396356
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
---------- nginx 1.15.3 with OpenSSL 1.1.1 final --------

This problem was also noticed here:
https://community.centminmod.com/threads/nginx-announce-nginx-1-15-4.15672/page-2#post-67107

There are no messages on nginx error log about any failed attempt to
contact the OCSP stapling server. Should I bisect or do you guys already
have some idea about which commit broke this?
--
Bernardo Donadio
IT Automation Engineer at Stone Payments
https://bcdonadio.com/


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling broken with 1.15.4

A. Schulze

Bernardo Donadio:

> Hi.
>
> I've noticed that OCSP stapling was broken by 1.15.4, as you may see below:
>
> ---------- nginx 1.15.4 with OpenSSL 1.1.1 final --------
> $ openssl s_client -connect bcdonadio.com:443 -tlsextdebug -status
> CONNECTED(00000003)
> TLS server extension "renegotiation info" (id=65281), len=1
> 0000 - 00                                                .
> TLS server extension "EC point formats" (id=11), len=4
> 0000 - 03 00 01 02                                       ....
> TLS server extension "session ticket" (id=35), len=0
> TLS server extension "extended master secret" (id=23), len=0
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = bcdonadio.com
> verify return:1
> OCSP response: no response sent


works here:


$ openssl11 version
OpenSSL 1.1.1  11 Sep 2018

$ echo | openssl11 s_client -connect andreasschulze.de:443 -servername  
andreasschulze.de -tlsextdebug -status 2>&1 | grep -i ocsp
OCSP response:
OCSP Response Data:
     OCSP Response Status: successful (0x0)
     Response Type: Basic OCSP Response


(webserver) # nginx -V
nginx version: nginx/1.15.4
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: --prefix=/usr ...

worth to mention: I'm using the configuration option "ssl_stapling_file"

If you don't use ssl_stapling_file, after a nginx restart the first  
TLS session will not contain OCSP data.
Did you try to measure twice?



Andreas


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling broken with 1.15.4

Bernardo Donadio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/1/18 10:04 AM, A. Schulze wrote:
> Did you try to measure twice?

Indeed, with further tests I think that the stapling is working...
sometimes.

I've restored the 1.15.4 package and have been making some requests.
Some of them are correctly stapled, others do not. There's no restart
between tests.

I'm not using the staple file, though. Is this behavior expected
without such configuration? Also, I've enabled ssl_early_data.

[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct  1 10:24:07 -03 2018
OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct  1 10:27:02 -03 2018
OCSP response: no response sent
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct  1 10:39:18 -03 2018
OCSP response: no response sent
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct  1 10:39:27 -03 2018
OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
^C

- --
Bernardo Donadio
IT Automation Engineer at Stone Payments
https://bcdonadio.com/
-----BEGIN PGP SIGNATURE-----

iQEyBAEBCAAdFiEE8FSjwkTqZIehCHZPeerwWqhCJOUFAluyJGgACgkQeerwWqhC
JOWYMwf3fY7w+Dg3vYolWg5C0ySB71TwzUIYSJgWB5ZUXy6gRqLg5TUmkQuP04Gb
EcxOR3BVmOaXox3vYkedXwzC3KK7DGYbuqL4QciVPAh/lzYSvLhWn8ufdKVHXFaa
xuNA9tNd6UAFcty4SGdOraVrJ3JAtm9R8LvFA/baX5D7PItwupDWA/FsvqjILNiB
pLZTS05m8b2RWthNWIXEik8L/arbbp8dFzYskJDez8cZCn3Uew8GnHsaU7/h10bT
arUh3AvUbvapZsE6tfz74ko6tk9LHQyk/dHLJo9xR/f3EK55WQgWrwSuBFlAF7Fe
3uEQoFBwxc0gFo3GyBa3mHCjrs1t
=JlI3
-----END PGP SIGNATURE-----
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: OCSP stapling broken with 1.15.4

Reinis Rozitis
> Indeed, with further tests I think that the stapling is working...
> sometimes.
>
>
> I'm not using the staple file, though. Is this behavior expected without such
> configuration? Also, I've enabled ssl_early_data.


Each nginx worker has it's own cache.
Depending on your worker_processes you might get that amount of responses without ocsp data.

rr

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling broken with 1.15.4

A. Schulze
In reply to this post by Bernardo Donadio


Am 01.10.18 um 15:43 schrieb Bernardo Donadio:
> I've restored the 1.15.4 package and have been making some requests.
> Some of them are correctly stapled, others do not. There's no restart
> between tests.

maybe you run multiple threads and for each thread there is one first request?

> I'm not using the staple file, though. Is this behavior expected
> without such configuration?
it's documented somewhere, I guess at nginx.org website


> Also, I've enabled ssl_early_data.
I don't use this option. Is it TLS1.3 / 0RTT related?

Andreas
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx