Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

Not long ago, Symantec—one of the largest certificate authorities (CAs)—sold its certificate business to competitor DigiCert. Now, another large certificate authority has been sold. Comodo’s certificate business is now owned by Francisco Partners.

This news is an indication that the CA industry is facing changes. The success of the free Let’s Encrypt CA raises questions about the fact that new business models and stricter security requirements set by browsers have reduced a once-major player like Symantec.

These changes are also reason for concern. In light of the Symantec changes, Mozilla issued a statement about trust issues at play when CAs change owners and merge.

Comodo’s new owner may raise an entirely different concern: Francisco Partners also owns 70 percent of NSO Group, which developed the government spyware Pegasus. This spyware made headlines in 2016 when Citizen Lab revealed that it was used with several zero-day vulnerabilities in iOS to attack Ahmed Mansoor, a human rights activist in the United Arab Emirates.

Recently, Francisco Partners tried to sell its shares of NSO Group.

Short news

• OpenSSL has fixed two security bugs. One is yet another carry bug in the bignum implementation of the modular exponentiation. There’ve been two similar bugs found previously. This bug was discovered by Google’s OSS-Fuzz project. The other vulnerability is an out-of-bounds read in the X.509 parser.
• Amazon announced details of its plan to move to its own certificate authority.
• A research paper presented at the IMC conference investigates the deployment of features improving the security of HTTPS, like Certificate Transparency, HSTS, HPKP, CAA, TLSA and SCSV.
• Cloudflare started operating a Certificate Transparency log.
• Recent versions of Chrome and Firefox introduced warnings when forms with password fields are used over insecure connections. Troy Hunt discovered a page that decided to avoid this by faking a password form with a custom font instead of deploying HTTPS.
• A USB audio driver from the company Savitech installed an unneeded root certificate.
• Certstream is a service that allows following a stream of newly added certificates to Certificate Transparency logs. It can be accessed via the webpage or an API.
• New ARM processors will get a flag to request constant time operations from the CPU. Constant time operations are important for cryptographic code in order to avoid timing attacks.
• The service fly.io describes in a detailed blogpost how they use Let’s Encrypt and ACME for certificate automation.
• Vlad Krasnov from Cloudflare wrote two blog posts about performance issues in crypto programming. He discovered an issue that turned out to be related to Go’s garbage collection and another one related to CPU frequency scaling, AVX-512, and a ChaCha20 implementation.
• The latest Mozilla Firefox security update contains a fix for a vulnerability regarding mixed content. Forwards from HTTP to HTTPS allowed having mixed content on an HTTPS page without a warning.
• A research paper published on Arxiv investigates the default TLS configurations of web and application servers.
• StartCom announced that it will terminate their business. The CA was removed from browsers after various incidents last year. Attempts to be included in browsers were faced with difficulties, and an audit by the company Cure53 revealed many security problems in their new infrastructure. Wosign, the company that bought StartCom before the problems began, probably will try to reapply for browser inclusion, now under the name WoTrust. This has led to a lengthy discussion on the Mozilla security policy mailing list.
• Curl has announced that it will only accept HTTPS mirrors in the future.
• Curl has fixed a minor security issue in its SSL/TLS code.
• NetTrack published a statistic about the marked share of certificate authorities, not surprisingly showing steep growth for Let’s Encrypt.
• Certificate Transparency redaction is a controversial proposal that would allow hiding host names in public logs. In the Mozilla wiki, the arguments for and against it are summarized.
• A research paper presents a faster way to do supersingular isogeny–based cryptography. Supersingular isogenies are a way to perform postquantum cryptography.
• November 30 was the deadline for a NIST call for postquantum algorithm standardization. Jean-Philippe Aumasson has a list of the known proposals.
• F5 has fixed a Bleichenbacher vulnerability in its load balancers, discovered by the author of this newsletter. More details about this will be available soon.
• Developers from Amazon’s s2n library write about their efforts to improve random number generators and address forking issues in particular. This includes a new feature in the Linux kernel and glibc and is also used by other implementations, like OpenSSL.
• DNS over TLS is getting some traction. The new Quad9 DNS server, available under the IP 9.9.9.9, supports DNS over TLS. The dutch company SURFnet also operates a DNS over TLS server.
• Tenta DNS is a DNS server written in Go that supports DNS over TLS.
• The AWS Certificate Manager supports certificate validation via DNS.
• A description of several security issues at drone producer DJI and their lack of professional communication with the security researcher received strong attention lately. The issues included the leakage of private keys of TLS certificates.
• We mentioned the problems in deploying TLS 1.3 in the last newsletter. The TLS 1.3 draft has now been changed to make it look more like TLS 1.2. A preliminary implementation and a test server is provided by Mozilla.
• We mentioned the ROCA vulnerability last month, a flaw in Infineon RSA chips. The full paper has been published now, and Dan Bernstein published a blog post describing how he and Tanja Lange were able to reverse engineer the vulnerability based on the preliminary information available. It was discovered that Spanish national ID cards were affected as well.
• The service Hardenize added a feature to monitor CertificateTransparency logs.