Bug 64781 - mod_ssl_ct does not send SCT extension with TLS 1.3
Summary: mod_ssl_ct does not send SCT extension with TLS 1.3
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-30 06:42 UTC by jannis+bugzilla-apache
Modified: 2020-09-30 06:42 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jannis+bugzilla-apache 2020-09-30 06:42:39 UTC
mod_ssl_ct can be configured to send Static SCTs within the signed_certificate_timestamp extension of the ServerHello message.

This works well when a client connects via TLS 1.2, but when a client connects via TLS 1.3, the module does not send the extension.

The module should send the extension during a TLS 1.3 ServerHello as well, when the client indicates support for it in its ClientHello message.

I have set up a test server for this on https://ct.demo.pinterjann.is. You can verify the problem using OpenSSL s_client:

$ openssl s_client -connect ct.demo.pinterjann.is:443 -ct -ctlogfile ctlogfile -tls1_2

$ openssl s_client -connect ct.demo.pinterjann.is:443 -ct -ctlogfile ctlogfile -tls1_3

When the client connects via TLS 1.2, the server sends an additional statically configured SCT using the signed_certificate_timestamp extension (Cloudflare Nimbus2020). When the client connects via TLS 1.3, the server does not send any SCTs (OpenSSL will then only print the Precertificate SCTs embedded in the server certificate).