enterprise-support team mailing list archive

Thread
Date

[Bug 1834671] Re: TLSv1.3 client certificate authentication with renegotiation unsupported in browsers

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Olivier Tilloy <olivier.tilloy@xxxxxxxxxxxxx>
Date: Thu, 19 Sep 2019 08:35:12 -0000
Reply-to: Bug 1834671 <1834671@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is implemented in firefox, but not enabled by default indeed. See
https://hg.mozilla.org/mozilla-central/rev/1bb8ad865648:

  // Turn off post-handshake authentication for TLS 1.3 by default,
  // until the incompatibility with HTTP/2 is resolved:
  // https://tools.ietf.org/html/draft-davidben-http2-tls13-00
  pref("security.tls.enable_post_handshake_auth", false);

And chrom{e,ium} isn't even considering implementing it until the
specification is clarified.

** Changed in: chromium (Ubuntu Bionic)
       Status: New => Confirmed

** Changed in: chromium (Ubuntu Disco)
       Status: New => Confirmed

** Changed in: chromium (Ubuntu Eoan)
       Status: New => Confirmed

** Changed in: firefox (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: firefox (Ubuntu Disco)
       Status: New => Fix Released

** Changed in: firefox (Ubuntu Eoan)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1834671

Title:
  TLSv1.3 client certificate authentication with renegotiation
  unsupported in browsers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1834671/+subscriptions

References

[Bug 1834671] [NEW] TLSv1.3 client certificate authentication with renegotiation unsupported in browsers
From: Andreas Hasenack, 2019-06-28