31 January 2019
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.
Let’s Encrypt soon will disable support for the TLS-SNI-01 domain validation method in the ACME protocol. In January of last year, a vulnerability in TLS-SNI-01 was discovered by Frans Rosén from Detectify. The deprecation will likely cause problems for users of some stable Linux distributions.
TLS-SNI-01 requires a user to temporarily serve a certificate with a special, invalid domain name via the TLS SNI extension. However, under many cloud provider’s settings, it’s possible for users to exploit this scenario and get positive validation for domains hosted by other users at the same cloud provider. This affected Heroku and Amazon CloudFront, for example.
Let’s Encrypt decided that this inherent vulnerability of the TLS-SNI-01 method is too much of a risk and therefore to deprecate it fully. But until now, there was still an exception in place for some providers and for certificate renewals.
The final deadline for TLS-SNI-01 is February 13, 2019, after which all current setups using this method will stop working. Let’s Encrypt certificates have a relatively short lifetime of ninety days, and it heavily relies on automated renewal. Let’s Encrypt sent out warning emails in recent weeks to those who still use TLS-SNI-01, but not all users will get them because providing an email address isn’t mandatory to use Let’s Encrypt.
Some Debian and Ubuntu users may not get the update in time. The last stable version of Debian (Stretch) provides Certbot certificate automation software in version 0.10.2. This version of Certbot offers plugins for Apache and NGINX that use TLS-SNI-01. This was changed in version 0.21.0, which was released shortly after the discovery of the vulnerability in TLS-SNI-01 and uses the alternative HTTP-01 method.
Debian was alerted about this problem in January of 2018. The Certbot package has been updated in the stretch-updates repository—which is not Debian’s main stable repository but an additional repository used for updates between releases. Whether users of Debian’s stable branch will get the update depends on their configuration. Newer Debian installations use the stretch-updates repository by default, but older versions that have been updated over time may not do so.
Ubuntu’s older stable release, Xenial (16.04), which is a long-term support release and thus still gets updates, ships with an even older version of the Let’s Encrypt software. There is an open bug report in Ubuntu’s bug tracker, but no reaction from the Ubuntu developers. Another bug report discusses backporting a newer version, but it’s unclear whether it will be handled in time or whether users of Ubuntu Xenial will end up with a broken HTTPS setup soon.
This subscription is just for the newsletter; we won't send you anything else.
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof SSL and TLS, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 1,500 students who have benefited from more than a decade of deep TLS and PKI expertise.