enterprise-support team mailing list archive

Thread
Date

[Bug 1834671] [NEW] TLSv1.3 client certificate authentication with renegotiation unsupported in browsers

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Andreas Hasenack <andreas@xxxxxxxxxxxxx>
Date: Fri, 28 Jun 2019 17:13:50 -0000
Reply-to: Bug 1834671 <1834671@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

This is mostly a place holder bug, as more information becomes
available.

What is known so far is that a certain configuration of client
certificate authentication using TLSv1.3 is not working with most (all
at this point?) browsers, resulting in the server returning this error
message:

Forbidden

You don't have permission to access / on this server.
Reason: Cannot perform Post-Handshake Authentication.
Apache/2.4.38 (Ubuntu) Server at disco-apache-client-cert.lxd Port 443


It also logs it to error.log:
[Fri Jun 28 16:59:24.596425 2019] [ssl:error] [pid 1391:tid 139642783385344] [client 10.0.100.1:41452] AH10129: verify client post handshake
[Fri Jun 28 16:59:24.596493 2019] [ssl:error] [pid 1391:tid 139642783385344] [client 10.0.100.1:41452] AH10158: cannot perform post-handshake authentication
[Fri Jun 28 16:59:24.596513 2019] [ssl:error] [pid 1391:tid 139642783385344] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received


These are upstream bugs about it:
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1511989
Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=911653
Apache2 (invalid): https://bz.apache.org/bugzilla/show_bug.cgi?id=62975


One server workaround is to disable TLSv1.3. Something like this:

SSLProtocol all -SSLv3 -TLSv1.3

("-TLSv1.3" is what was added to that default config)

Sample server config to show the problem (minus the SSL certificate parameters):
<Location />
    SSLVerifyClient require
    Require ssl-verify-client
</Location>

Another workaround is to move the SSLVerifyClient config to the vhost
level. It it applied to the whole vhost, and there are no exceptions in
specific blocks, then a re-negotiation isn't triggered and the problem
doesn't happen.

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: apache2 (Ubuntu Disco)
     Importance: Undecided
         Status: New

** Affects: apache2 (Ubuntu Eoan)
     Importance: Undecided
         Status: New

** Also affects: apache2 (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Also affects: apache2 (Ubuntu Disco)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1834671

Title:
  TLSv1.3 client certificate authentication with renegotiation
  unsupported in browsers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1834671/+subscriptions

Follow ups

[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Mathew Hodson, 2020-03-05
[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Olivier Tilloy, 2019-12-03
[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Olivier Tilloy, 2019-09-19
[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Andreas Hasenack, 2019-09-04
[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Matthias Klose, 2019-09-04
[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Andreas Hasenack, 2019-08-20