Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

On September 30, the root certificate with the common name DST Root CA—owned by the company IdenTrust—expired. Notably, this certificate was used by Let’s Encrypt to cross-sign its intermediate certificates in the past.

Technically, two expiration events happened on this day: the old Let’s Encrypt intermediate certificate expired a few hours before the root certificate. Both events caused a number of problems.

The intermediate expiration mainly caused issues with hosts still serving the expired intermediate. In such a situation, many client applications are unable to validate the leaf certificate for that site. Although this issue was widespread, it was relatively simple to understand and easy to fix by delivering the new certificate.

The more complicated problems stemmed from pathfinding issues in a number of applications. In a situation where multiple paths to a root certificate are possible, a correctly working TLS/PKI implementation should be able to find a working path. But as it turned out, many implementations would fail if they first found a path to an expired root or intermediate certificate.

Many of these issues already surfaced last year when the so-called AddTrust certificate owned by Sectigo expired. We covered this in our June 2020 newsletter. At the time, Google engineer Ryan Sleevi wrote a detailed explanation of these pathfinding issues.

As recent events show, many of these problems haven’t been fixed yet. Ian Haken from Netflix analyzed these issues in more detail and developed a test suite for certificate pathfinding issues. Hopefully this will lead to better TLS software and fewer certificate pathfinding issues in the future.

Scott Helme has collected links to issues caused by the DST Root CA expiration on Twitter, and he explained some of them in a blog post.

It should be noted here that none of the issues were the fault of Let’s Encrypt. Instead, they resulted from a combination of software bugs and server misconfigurations.

Short news

• Curl now supports experimental post-quantum algorithms when using the WolfSSL library, as explained by Curl developer Daniel Stenberg in a blog post.
• File-based HTTP domain control validation for wildcard certificates will be deprecated due to a ballot decision by the CA/Browser Forum. The Hashed Out blog explains the details.
• NSS released version 3.71. Its main change is the addition of some new root certificates.
• Cloudflare has introduced a feature to recommend more secure configurations between Cloudflare and the origin server.
• OpenSSL announced plans to provide a fully working QUIC implementation in its next major version. Developers from other projects had previously hoped that OpenSSL would include an API that is already provided by BoringSSL and is maintained in an OpenSSL fork called quictls. But given the latest decision, that API won’t be included. Daniel Stenberg from Curl explains the details in a blog post.
• Apple announced that future versions of its operating systems will remove support for the old TLS 1.0 and 1.1 protocol versions.
• A major vulnerability in the random number usage of a JavaScript library called keypair has been identified. This vulnerability led to duplicate keys being generated. It was used in the GitKraken software to generate SSH keys, so users of GitHub and other code-hosting platforms were affected.

PKI Jobs

This month we're trying something new. We're adding some very interesting jobs we've come across in the last month:

• Staff Software Engineer, Chrome Security (Web PKI) - via @estark37
• Compliance Expert: Amazon Trust Services (PKI) - via @seakoz
• Principal Product Manager - AWS Certificate Manager - via @seakoz
• Software Engineer Cryptography Specialist (Bouncy Castle) - via @primetomas

If you know of similar jobs that our readers might be interested in, for example cryptography, TLS, or PKI, let us know and we may add them to future newsletters.