Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Maintained by Hanno Böck.

A critical vulnerability in the Saltstack configuration management software that was discovered in March by the F-Secure company was recently used for widespread attacks. Among the affected hosts was one of the Certificate Transparency logs operated by DigiCert.

The attackers had access to the private key of the CT2 log. According to DigiCert, other logs operated by the company were not affected.

The Google Chrome browser requires two so-called signed certificate timestamps (SCTs) for every valid TLS certificate. These SCTs have to come from different logs. Therefore, in a case like this in which one log is compromised, there is always a second SCT that is unaffected.

Devon O’Brien explained Google’s response to this incident. Certificates can have SCTs embedded or they can be delivered via TLS extensions or OCSP. For cases in which the SCTs from the compromised CT2 log are embedded, Chrome will continue to accept the certificates with SCTs from this log if they were issued before the incident. However, certificates that deliver their SCTs via TLS extensions or OCSP need to get a new SCT from a different log if they relied on the compromised log.

Short news

• Nettle released version 3.6 with support for a few new algorithms, including Ed448.
• Mozilla published a Firefox Security Newsletter with some TLS-related info about DNS over HTTPS (DoH), TLS 1.0/1.1 deprecation, and new verified crypto primitives in NSS.
• KEMTLS is a proposal for a different way to do TLS handshakes in a postquantum scenario with an authenticated key exchange.
• In a blog post, OpenSSL explains some changes to its security notification policy, particularly “to include the option of us giving prenotification to companies with which we have a commercial relationship.”
• A blog post explains some of the problems with AES-GCM.
• Microsoft announced optional DoH support for the latest Windows 10 Insider Preview Build. It is disabled by default.
• Chrome will start using DoH with the latest version, version 83.
• The Doyensec company blogged about a grammar-based fuzzer for ASN.1 and TLS certificates.
• Neil Craig, lead technical architect at the BBC, shares data about the usage of different TLS versions on the BBC web page, with a breakdown by country.
• OpenSSL released alpha 2 of the upcoming version 3.0.0.
• A blog post explains entropy collection for the random number generator in NetBSD.
• Python developer Christian Heimes reports that in various distributions, certificate validation in minimal installations of the Python package is broken because the ca-certificates package is not installed. There are bug reports for Ubuntu, Debian, and OpenWRT.
• Eric Lawrence explains the GREASE mechanism in a blog post.
• In a blog post, Microsoft announces DANE and DNSSEC support in Office 365 Exchange Online.
• LadderLeak is a new side-channel attack against elliptic curve signatures with the ECDSA algorithm. Soatok explains the attack in a blog post.