OCSP stapling broken with 1.15.4

Bernardo Donadio bcdonadio at bcdonadio.com
Mon Oct 1 12:34:12 UTC 2018


Hi.

I've noticed that OCSP stapling was broken by 1.15.4, as you may see below:

---------- nginx 1.15.4 with OpenSSL 1.1.1 final --------
$ openssl s_client -connect bcdonadio.com:443 -tlsextdebug -status
CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "extended master secret" (id=23), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bcdonadio.com
verify return:1
OCSP response: no response sent
---
Certificate chain
 0 s:/CN=bcdonadio.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[long ASCII-armored certificate here]
-----END CERTIFICATE-----
subject=/CN=bcdonadio.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3520 bytes and written 326 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
[long session id here]
    Session-ID-ctx:
    Master-Key:
[long master key here]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
[long session ticket here]
    Start Time: 1538394643
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
---------- nginx 1.15.4 with OpenSSL 1.1.1 final --------

---------- nginx 1.15.3 with OpenSSL 1.1.1 final --------
$ openssl s_client -connect bcdonadio.com:443 -tlsextdebug -status
CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "status request" (id=5), len=0
TLS server extension "extended master secret" (id=23), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bcdonadio.com
verify return:1
OCSP response:
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    Produced At: Sep 30 06:00:00 2018 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
      Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
      Serial Number: 0338F3E6D2512FBF1BC91E766E237FE3E319
    Cert Status: good
    This Update: Sep 30 06:00:00 2018 GMT
    Next Update: Oct  7 06:00:00 2018 GMT

    Signature Algorithm: sha256WithRSAEncryption
         08:c1:47:f6:db:c1:21:da:14:6f:69:ee:8e:fd:b7:ad:82:4c:
         fa:d9:b8:03:93:a3:eb:ba:48:41:f7:d6:70:24:4a:79:e0:9a:
         a5:59:ea:d0:e6:ab:e1:ab:bf:60:b9:b4:0a:e1:18:de:a4:f6:
         73:ee:74:82:16:f2:88:4f:df:62:18:fc:ec:64:4b:00:46:13:
         25:ad:37:35:bc:e1:cc:96:d2:8b:af:26:62:5a:c3:f7:72:ad:
         d5:da:1b:70:96:c6:b6:e6:2b:06:5f:ab:61:49:ca:1a:a2:ac:
         b7:eb:91:1e:73:d3:e2:b1:dd:d9:f2:bc:58:e1:3f:07:78:f6:
         4b:d5:46:a8:89:80:9b:dd:d1:99:8f:2a:06:06:13:f4:93:dd:
         19:b3:ca:b6:77:3d:fa:eb:e4:11:58:ba:e4:41:f0:8a:df:9e:
         9a:81:96:49:16:12:ec:5a:eb:49:67:4f:bc:44:0e:4d:a3:c4:
         f4:f1:a0:43:aa:d4:fb:5f:59:7e:b8:a9:52:81:63:05:f2:37:
         b6:23:5a:59:82:95:3a:cf:23:8a:ee:89:40:40:bb:93:81:68:
         5a:38:b4:d0:e4:ff:eb:d7:c4:e6:de:27:50:73:d6:0e:53:97:
         33:4c:e9:44:21:d6:e6:eb:a4:73:c7:68:3a:af:a6:0a:6e:fa:
         df:92:ec:c2
======================================
---
Certificate chain
 0 s:/CN=bcdonadio.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[long ASCII-armored certificate here]
-----END CERTIFICATE-----
subject=/CN=bcdonadio.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4064 bytes and written 326 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
[long session id here]
    Session-ID-ctx:
    Master-Key:
[long master key here]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
[long session ticket here]
    Start Time: 1538396356
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
---------- nginx 1.15.3 with OpenSSL 1.1.1 final --------

This problem was also noticed here:
https://community.centminmod.com/threads/nginx-announce-nginx-1-15-4.15672/page-2#post-67107

There are no messages on nginx error log about any failed attempt to
contact the OCSP stapling server. Should I bisect or do you guys already
have some idea about which commit broke this?
-- 
Bernardo Donadio
IT Automation Engineer at Stone Payments
https://bcdonadio.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20181001/0386f679/attachment.bin>


More information about the nginx mailing list