TLSv1.3 client certificate authentication with renegotiation unsupported in browsers

Bug #1834671 reported by Andreas Hasenack on 2019-06-28
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Undecided
Olivier Tilloy
Bionic
Undecided
Olivier Tilloy
Disco
Undecided
Olivier Tilloy
Eoan
Undecided
Olivier Tilloy

Bug Description

This is mostly a place holder bug, as more information becomes available.

What is known so far is that a certain configuration of client certificate authentication using TLSv1.3 is not working with most (all at this point?) browsers, resulting in the server returning this error message:

Forbidden

You don't have permission to access / on this server.
Reason: Cannot perform Post-Handshake Authentication.
Apache/2.4.38 (Ubuntu) Server at disco-apache-client-cert.lxd Port 443

It also logs it to error.log:
[Fri Jun 28 16:59:24.596425 2019] [ssl:error] [pid 1391:tid 139642783385344] [client 10.0.100.1:41452] AH10129: verify client post handshake
[Fri Jun 28 16:59:24.596493 2019] [ssl:error] [pid 1391:tid 139642783385344] [client 10.0.100.1:41452] AH10158: cannot perform post-handshake authentication
[Fri Jun 28 16:59:24.596513 2019] [ssl:error] [pid 1391:tid 139642783385344] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

These are upstream bugs about it:
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1511989
Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=911653
Apache2 (invalid): https://bz.apache.org/bugzilla/show_bug.cgi?id=62975

One server workaround is to disable TLSv1.3. Something like this:

SSLProtocol all -SSLv3 -TLSv1.3

("-TLSv1.3" is what was added to that default config)

Sample server config to show the problem (minus the SSL certificate parameters):
<Location />
    SSLVerifyClient require
    Require ssl-verify-client
</Location>

Another workaround is to move the SSLVerifyClient config to the vhost level. It it applied to the whole vhost, and there are no exceptions in specific blocks, then a re-negotiation isn't triggered and the problem doesn't happen.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu Disco):
status: New → Confirmed
Changed in apache2 (Ubuntu):
status: New → Confirmed
Andreas Hasenack (ahasenack) wrote :

There is nothing that needs fixing in Apache here, it's a client (i.e., browser) issue.

Changed in apache2 (Ubuntu Disco):
status: Confirmed → Invalid
Changed in apache2 (Ubuntu Eoan):
status: Confirmed → Invalid
Changed in firefox (Ubuntu Eoan):
assignee: nobody → Olivier Tilloy (osomon)
Changed in firefox (Ubuntu Disco):
assignee: nobody → Olivier Tilloy (osomon)
Matthias Klose (doko) wrote :

seen with bionic as well

Andreas Hasenack (ahasenack) wrote :

This can be enabled in firefox 68+ by going to "about:config" and setting security.tls.enable_post_handshake_auth to true. It's disabled by default (from upstream), not sure why.

Changed in apache2 (Ubuntu Bionic):
status: New → Invalid
Will Cooke (willcooke) on 2019-09-10
Changed in firefox (Ubuntu Bionic):
assignee: nobody → Olivier Tilloy (osomon)
Olivier Tilloy (osomon) wrote :

This is implemented in firefox, but not enabled by default indeed. See https://hg.mozilla.org/mozilla-central/rev/1bb8ad865648:

  // Turn off post-handshake authentication for TLS 1.3 by default,
  // until the incompatibility with HTTP/2 is resolved:
  // https://tools.ietf.org/html/draft-davidben-http2-tls13-00
  pref("security.tls.enable_post_handshake_auth", false);

And chrom{e,ium} isn't even considering implementing it until the specification is clarified.

Changed in chromium (Ubuntu Bionic):
status: New → Confirmed
Changed in chromium (Ubuntu Disco):
status: New → Confirmed
Changed in chromium (Ubuntu Eoan):
status: New → Confirmed
Changed in firefox (Ubuntu Bionic):
status: New → Fix Released
Changed in firefox (Ubuntu Disco):
status: New → Fix Released
Changed in firefox (Ubuntu Eoan):
status: New → Fix Released
Olivier Tilloy (osomon) on 2019-12-03
no longer affects: chromium (Ubuntu Bionic)
no longer affects: chromium (Ubuntu Disco)
no longer affects: chromium (Ubuntu Eoan)
Mathew Hodson (mhodson) on 2020-03-05
no longer affects: apache2 (Ubuntu)
no longer affects: apache2 (Ubuntu Bionic)
no longer affects: apache2 (Ubuntu Disco)
no longer affects: apache2 (Ubuntu Eoan)
no longer affects: chromium (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers