Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

Both Mozilla and Chrome have announced their first plans to enable DNS over HTTPS (DoH) in some situations. But they will start with a very slow rollout and will disable DoH in many situations.

Mozilla will enable DoH for its US customers in an upcoming version of Firefox, but there will be several exceptions. DoH won’t be enabled when Firefox detects DNS configurations in which the local DNS resolver gives different answers than a remote one, which Mozilla calls split horizon networks. With a canary domain, network operators also can signal the browser that DoH should be disabled. By default, DoH will be disabled in Firefox with enterprise policies. The detection of split horizon will likely mean that DoH also can be force-disabled by a network attacker.

Google will take an even softer route with DoH: Chrome will only enable it when the locally configured DNS server is in a list of servers that are upgradable to DoH.

DNS over HTTPS tunnels DNS queries over an encrypted channel. It’s been criticized for two separate reasons. First, tunneling DNS queries to a centralized DNS server creates a single point where all these queries can be observed. Mozilla right now uses a DoH server provided by Cloudflare. The second reason is that network operators are concerned that DoH takes away control. Some systems use local DNS filtering as parental control or security measures.

Short news

• OpenSSL published a security advisory announcing fixes for three low-severity security issues: a timing issue with ECDSA, a Bleichenbacher attack on CMS/PKCS #7, and an issue with random numbers and forks.
• A research paper investigates cache side-channel attacks on the widely used random number generator CTR_DRBG.
• In a blog post, Scott Helme lists examples of extended validation certificates with various kinds of wrong and faulty information.
• Mozilla announced the details of its plan for the deprecation of TLS 1.0 and 1.1.
• Chrome developer Emily Stark announced plans for automatic upgrades of mixed content. In some cases of mixed content, the browser will automatically try to fetch the resource over HTTPS.
• The Exim mail server announced a buffer overflow vulnerability in the parsing of SNI names in TLS connections.
• Go 1.13 enables TLS 1.3 by default.
• The Linux kernel developers are discussing the behavior of the getrandom() function. A change in the filesystem layer unexpectedly caused some systems to hang on boot because they used getrandom() in its default mode, which blocks if the random number generator hasn’t been properly seeded yet. Several proposals for changes involve making getrandom() less secure by default.
• A research paper investigates how semantics of the HTTP protocol in an encrypted stream can be analyzed through side channels.
• Researchers have looked at a large number of incidents involving certificate authorities, involving 1300 incidents where CAs have broken rules from the CA/Browser Forum and from browser root programs.