SHA1 root CA

[benjam...@gmail.com]

Hello,

are root (Enterprise) CA certificates wich are based on SHA1 handled as untrusted by Firefox 51?
The end certificate is sign using sha256 and trusted by a intermidiate ca wich uses also sha256. Only the root ca is based on sha1.
Chrome and IE are not complaining about the root cert.

Thanks!

[Hanno Böck]

On Wed, 1 Mar 2017 00:44:54 -0800 (PST)
benjaminpill--- via dev-security-policy

The signatures on root certificates are mostly irrelevant, as they're
pure self-signatures that have no real meaning. I think they're
only there because the certificate format X.509 requires certificates to
have a signature on themselve.

Therefore afaik it's generally considered okay if root certificates have
SHA1 signatures. You probably wouldn't create new ones with such
signatures, but there is no risk for the ecosystem in keeping existing
ones.

--
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[benjam...@gmail.com]

so why is Firefox complaining with this error message:

SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED

[Hanno Böck]

On Wed, 1 Mar 2017 02:21:21 -0800 (PST)

benjaminpill--- via dev-security-policy
<dev-secur...@lists.mozilla.org> wrote:

> so why is Firefox complaining with this error message:
>
> SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED

Can you be more specific? Where are you seeing that error message?

[benjam...@gmail.com]

when connecting to a webserver

screenshot of the error message: http://imgur.com/a/BIQUm

[Pascal Ernster]

[2017-03-01 11:21] benjaminpill--- via dev-security-policy:

> so why is Firefox complaining with this error message:
>
> SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED

Check the about:config setting "security.pki.sha1_enforcement_level".
Valid values currently range from 0 to 4, with the following meanings:

> enum class SHA1Mode {
> Allowed = 0,
> Forbidden = 1,
> // There used to be a policy that only allowed SHA1 for certificates issued
> // before 2016. This is no longer available. If a user has selected this
> // policy in about:config, it now maps to Forbidden.
> UsedToBeBefore2016ButNowIsForbidden = 2,
> ImportedRoot = 3,
> ImportedRootOrBefore2016 = 4,
> };

Source:
https://dxr.mozilla.org/mozilla-central/source/security/certverifier/CertVerifier.h#164

You'll probably want either value 3 or value 4.


regards
Pascal

[Hanno Böck]

On Wed, 1 Mar 2017 02:36:22 -0800 (PST)

benjaminpill--- via dev-security-policy
<dev-secur...@lists.mozilla.org> wrote:

> when connecting to a webserver
>
> screenshot of the error message: http://imgur.com/a/BIQUm

It would be helpful if you told us which webserver. The error message
looks to me that it's web webpages certificate, not the root, that's
signed with sha1. But I may be wrong, would have to check.
Sometimes error messages are misleading and sometimes strange things
happen when websites send all kinds of wrong certs within a chain.

[Gervase Markham]

On 01/03/17 10:36, benjam...@gmail.com wrote:
> screenshot of the error message: http://imgur.com/a/BIQUm

That error message will not occur if only the root CA is SHA-1 signed,
because Firefox does not check the signatures on root CAs. There must be
some other certificate in the chain that Firefox has built which is
SHA-1 signed.

You will need to provide the full certificate chain as constructed by
Firefox. If you get the error by visiting the site, then click
"Advanced" then "Add Exception" then "View" then the "Details" tab, then
select all the certificates in the chain in turn and click Export,
making sure you save them as PEM files, you can paste them into a
message to this group.

Gerv

[benjam...@gmail.com]

Could RSASSA-PSS as the used signature algorithm be the Problem?

[Gervase Markham]

On 03/03/17 10:16, benjam...@gmail.com wrote:
> Could RSASSA-PSS as the used signature algorithm be the Problem?

Yes, we don't support that. Although we may at some point:
https://bugzilla.mozilla.org/show_bug.cgi?id=1088140

Gerv