Bulletproof TLS Newsletter #49
Disabling insecure Let’s Encrypt validation will cause broken HTTPS setups for Debian and Ubuntu users
31 January 2019
Author: Hanno Böck

This issue was distributed to 49,011 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. Disabling insecure Let’s Encrypt validation will cause broken HTTPS setups for Debian and Ubuntu users
  2. Short news

Disabling insecure Let’s Encrypt validation will cause broken HTTPS setups for Debian and Ubuntu users

Let’s Encrypt soon will disable support for the TLS-SNI-01 domain validation method in the ACME protocol. In January of last year, a vulnerability in TLS-SNI-01 was discovered by Frans Rosén from Detectify. The deprecation will likely cause problems for users of some stable Linux distributions.

TLS-SNI-01 requires a user to temporarily serve a certificate with a special, invalid domain name via the TLS SNI extension. However, under many cloud provider’s settings, it’s possible for users to exploit this scenario and get positive validation for domains hosted by other users at the same cloud provider. This affected Heroku and Amazon CloudFront, for example.

Let’s Encrypt decided that this inherent vulnerability of the TLS-SNI-01 method is too much of a risk and therefore to deprecate it fully. But until now, there was still an exception in place for some providers and for certificate renewals.

The final deadline for TLS-SNI-01 is February 13, 2019, after which all current setups using this method will stop working. Let’s Encrypt certificates have a relatively short lifetime of ninety days, and it heavily relies on automated renewal. Let’s Encrypt sent out warning emails in recent weeks to those who still use TLS-SNI-01, but not all users will get them because providing an email address isn’t mandatory to use Let’s Encrypt.

Some Debian and Ubuntu users may not get the update in time. The last stable version of Debian (Stretch) provides Certbot certificate automation software in version 0.10.2. This version of Certbot offers plugins for Apache and NGINX that use TLS-SNI-01. This was changed in version 0.21.0, which was released shortly after the discovery of the vulnerability in TLS-SNI-01 and uses the alternative HTTP-01 method.

Debian was alerted about this problem in January of 2018. The Certbot package has been updated in the stretch-updates repository—which is not Debian’s main stable repository but an additional repository used for updates between releases. Whether users of Debian’s stable branch will get the update depends on their configuration. Newer Debian installations use the stretch-updates repository by default, but older versions that have been updated over time may not do so.

Ubuntu’s older stable release, Xenial (16.04), which is a long-term support release and thus still gets updates, ships with an even older version of the Let’s Encrypt software. There is an open bug report in Ubuntu’s bug tracker, but no reaction from the Ubuntu developers. Another bug report discusses backporting a newer version, but it’s unclear whether it will be handled in time or whether users of Ubuntu Xenial will end up with a broken HTTPS setup soon.

Short news