Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

With the release of version 83 of Mozilla’s Firefox web browser, Mozilla announced the browser’s support of an optional HTTPS-only mode. This was previously available in Firefox Nightly versions and in advanced settings, but the latest version makes it officially available for all users.

In this mode, the Firefox browser will refuse to connect to HTTP hosts by default. If a user enters an HTTP URL or clicks a link pointing to an HTTP target, the browser will automatically try to upgrade that connection to HTTPS. When that isn’t possible, the browser will show a full-page warning and an option to continue to the HTTP site.

That such a mode is feasible is a sign of how far the HTTPS-only web has come. The warning page rarely shows up in everyday internet usage because web pages that can’t be loaded over secure connections are rare these days.

It’s noteworthy that such an HTTPS-only mode can prevent a number of possible attacks that were still possible even in a web mostly run by HTTPS. One possible threat is from legacy links. If a user clicks on an old HTTP link to a page that has switched to HTTPS by default, the first connection will still happen over HTTP, which is a possible point for an attacker to forward the user to a manipulated web page or perform an SSL stripping attack. Such attacks can be mitigated with HSTS, but even many HTTPS-only web pages aren’t using HSTS yet.

Another possible attack can come from badly configured redirects. For example, it’s not uncommon to find redirects from the main domain to the WWW subdomain that first perform a redirect to HTTP and then back to HTTPS. Ideally, such legacy links and bad redirects should all be fixed, but with HTTPS-only mode, Firefox users now have a way to prevent such attacks from happening in an imperfect web.

Short news

• NSS version 3.59 was released with only minor changes.
• Go’s crypto library had a vulnerability by which certain math functions would panic on very large inputs, which could be triggered via X.509 certificates.
• Scott Helme explains the new Intermediate certificates from Let’s Encrypt.
• GitHub had a problem with an expired certificate for githubassets.com, which caused downtime.
• OpenSSL released alpha 8 of the upcoming version 3.0.0.
• In a blog post, Let’s Encrypt’s Jacob Hoffman-Andrews explains the problems the certificate authority will face with the upcoming switch to its own root certificate. Particularly problematic are old Android phones, on which Let’s Encrypt’s own root is not in the root store. Using Firefox on these devices can alleviate some of the problems, as it comes with its own root store.
• Apple’s OCSP server was down for a short time, causing delays in opening apps on Mac computers. This subsequently led to a discussion about the possible privacy impacts of OCSP checking developer certificates. Ars Technica has an overview of the discussion.
• LWN.net gives an overview of problems with HTTPS certificates that projects for embedded operating systems like OpenWRT have.
• ZeroSSL is now offering free certificates via the ACME protocol, making it a possible alternative to Let’s Encrypt. Scott Helme covers it in a blogpost. Buypass is another CA offering free certificates via ACME.