Support TLSv1.3 PHA in POST requests with cert authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
[Impact]
Apache is lacking proper support for post-handshake-auth in TLSv1.3 POST requests using certificate authentication. This is used by freeipa, but any client doing a TLSv1.3 POST with certificate authentication is impacted and would need to downgrade the protocol to TLSv1.2.
This was fixed in debian[1] via patches from upstream[2]. There is an upstream bug report[3] requesting the backport of these patches from trunk.
It's also being shipped in Fedora[4] already.
[Test Case]
$ lxc launch ubuntu-daily:focal ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this other bug report and place them in /etc/apache2:
cd /etc/apache2
wget https:/
These certs are luckily still valid until june 2020, so they can be used for this bug as well.
Adjust permissions of the key file:
chmod 0640 /etc/apache2/
chgrp www-data /etc/apache2/
Download the client certificate and key files and place them in /root:
cd /root
wget https:/
Create this vhost file (caution, lines may wrap, in particular LogFormat: it should be one long line):
cat > /etc/apache2/
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" protocol=
ErrorLog \${APACHE_
CustomLog \${APACHE_
SSLEngine on
<FilesMatch "\.(cgi|
<Directory /usr/lib/cgi-bin>
<Location />
</Location>
</VirtualHost>
</IfModule>
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
Verify that cert authentication is required:
root@ubuntu:~# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:
Verify that a GET request with the client certificate works:
root@ubuntu:~# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 10918 100 10918 0 0 969k 0 --:--:-- --:--:-- --:--:-- 969k
Verify that POST request with the client certificate fails:
root@ubuntu:~# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 142 0 0 100 142 0 12909 --:--:-- --:--:-- --:--:-- 14200
curl: (22) The requested URL returned error: 403 Forbidden
Server logs for the above:
==> /var/log/
[Mon Apr 13 14:49:03.357183 2020] [ssl:error] [pid 12248:tid 139782462109440] [client 10.0.100.38:41002] AH02263: Re-negotiation handshake failed: Client certificate missing
==> /var/log/
10.0.100.38 - - [13/Apr/
With the fixed packages, the POST request works:
root@ubuntu:~# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 11060 100 10918 100 142 101k 1352 --:--:-- --:--:-- --:--:-- 102k
And the server log confirms it was a POST request, using certificates, and TLSv1.3:
==> /var/log/
10.0.100.38 - - [13/Apr/
To test the error message changed by tlsv13-
root@ubuntu:~# curl --output index.html https:/
% Total % Received % Xferd Average Speed Time Time Time Current
100 139k 0 0 100 139k 0 27.1M --:--:-- --:--:-- --:--:-- 27.1M
curl: (22) The requested URL returned error: 413 Request Entity Too Large
And in the server log:
==> /var/log/
[Mon Apr 13 15:00:37.446562 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH02018: request body exceeds maximum size (1024) for SSL buffer
[Mon Apr 13 15:00:37.446620 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH10228: could not buffer message body to allow TLS Post-Handshake Authentication to proceed
==> /var/log/
10.0.100.38 - - [13/Apr/
[Regression Potential]
TLSv1.3 has introduced changes that generated bugs in the past. The PHA change in particular is still to this day impacting many clients. Clients who claim to support TLSv1.3, negotiate this version of the protocol, but don't implement it fully and lack PHA.
Regressions can happen, but we should be able to back this change out in that case. It also gives some comfort knowing that this change is already applied upstream (but not backported to 2.4), and in other distributions (debian and fedora). It's also good that we have a simple test case.
[Other Info]
If this can't make it into focal prior to release, it can become an SRU, but the versioning might have to be changed then (i.e., become 2.4.41-4ubuntu2.1 instead of 2.4.41-4ubuntu3).
1. https:/
2. https:/
3. https:/
4. https:/
Related branches
- Bryce Harrington (community): Approve
- Canonical Server Core Reviewers: Pending requested
- Timo Aaltonen: Pending requested
-
Diff: 196 lines (+168/-0)4 files modifieddebian/changelog (+9/-0)
debian/patches/buffer-http-request-bodies-for-tlsv13.diff (+134/-0)
debian/patches/series (+2/-0)
debian/patches/tlsv13-add-logno.diff (+23/-0)
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in apache2 (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → In Progress |
description: | updated |
This bug was fixed in the package apache2 - 2.4.41-4ubuntu3
---------------
apache2 (2.4.41-4ubuntu3) focal; urgency=medium
[ Timo Aaltonen ] http-request- bodies- for-tlsv13. diff, d/p/tlsv13- add-logno. diff:
* d/p/buffer-
mod_ssl: Add patches to fix TLS 1.3 client cert authentication for POST requests.
Closes: #955348, LP: #1872478
-- Andreas Hasenack <email address hidden> Mon, 13 Apr 2020 14:19:17 -0300