OCSP Stapling

OCSP Stapling (PKIX)

[27] OCSP Stapling は、 TLS handshake において OCSP応答TLSサーバーからTLSクライアントへと送信するものです。 これによってクライアントは別途 OCSPサーバーに照会することなくサーバー証明書失効していないか確認できます。

[28] OCSP応答CA により署名されていますから、 直接の送信元が誰であっても (正しく署名されていることが確認できる限りは) 信用できます。

仕様書

構文

[63] OCSP応答はいくつでも含めることができますが、 通常は1つだけ (中間証明書のものは含めない) とするようです。

OCSP must-staple

[30] OCSP must-staple は、 OCSP stapling を必須とする証明書のフラグです。

[66] tlsfeature 証明書拡張に値 5 を指定することにより、有効となります。

[31] TLSサーバー証明書OCSP must-staple が有効な場合、 当該 TLS handshakeOCSP stapling によって証明書の有効性を検証できない場合、 失敗しとして扱わなければなりません。

[40] Let's Encrypt などいくつかの CAmust-staple フラグ付き証明書を発行している (フラグを付けるオプションを提供している) ようです。 OpenSSLmust-staple フラグ付き証明書を発行できます。

[67] しかし実際にフラグを立てた証明書はなかなか見かけません。

[41] クライアントとしては Firefox が対応しています。 Chrome は対応の予定が無いようです >>37

[69] 以来数年が経過し、状況が変わる見込みはなさそうです。この技術は失敗したと考えていいのかもしれません。

利用例

[29] OCSP stapling を利用した Webサイトの例:

[38] OCSP stapling + must-staple の例:

関連

[23] OCSP Multi-Stapling もあります。

歴史

[2] Security/Server Side TLS - MozillaWiki ( 版) https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling

[3] CA:RevocationPlan - MozillaWiki ( ()) https://wiki.mozilla.org/CA:RevocationPlan

[4] OCSP Stapling in Firefox | Mozilla Security Blog ( ()) https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/

[5] Improving Revocation: OCSP Must-Staple and Short-lived Certificates | Mozilla Security Blog ( ()) https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/

[6] ImperialViolet - No, don't enable revocation checking ( (Adam Langley著, )) https://www.imperialviolet.org/2014/04/19/revchecking.html

[7] draft-hallambaker-muststaple-00 - X.509v3 Extension: OCSP Stapling Required ( ()) https://tools.ietf.org/html/draft-hallambaker-muststaple-00

[10] OCSP Must-Staple と OCSP Multi-Stapling、及び OneCRL|サイバートラスト ( ()) https://www.cybertrust.ne.jp/journal/ocsp-must-staple-ocsp-multi-stapling-onecrl.html

[11] Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support () https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/

[12] Issue 572734 - chromium - Support for OCSP Must-staple - Monorail ( ()) https://bugs.chromium.org/p/chromium/issues/detail?id=572734

[68] Reporting for OCSP stapling ("Expect-OCSP") [41246003] - Chromium, https://issues.chromium.org/issues/41246003

[13] 901698 – implement OCSP-must-staple (off by default) ( ()) https://bugzilla.mozilla.org/show_bug.cgi?id=901698

[14] [websec] Requiring OCSP Stapling as a directive in HSTS ( ()) https://www.ietf.org/mail-archive/web/websec/current/msg02297.html

[15] 921907 – Enable OCSP must-staple feature ( ()) https://bugzilla.mozilla.org/show_bug.cgi?id=921907

[16] JEP 249: OCSP Stapling for TLS ( ()) http://openjdk.java.net/jeps/249

[17] Bug 50740 – Enable OCSP Stapling by default ( ()) https://bz.apache.org/bugzilla/show_bug.cgi?id=50740

[18] 360420 – Implement OCSP Stapling in libSSL ( ()) https://bugzilla.mozilla.org/show_bug.cgi?id=360420

[19] gecko-dev/NSSCertDBTrustDomain.cpp at master · mozilla/gecko-dev ( ()) https://github.com/mozilla/gecko-dev/blob/master/security/certverifier/NSSCertDBTrustDomain.cpp

[24] OpenSSL ( (OpenSSL Foundation, Inc.著, )) https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html

[25] OpenSSL ( (OpenSSL Foundation, Inc.著, )) https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tlsext_status_cb.html

[26] nginx/ngx_event_openssl_stapling.c at master · nginx/nginx ( ()) https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl_stapling.c

[32] OpenSSL ( (OpenSSL Foundation, Inc.著, )) https://www.openssl.org/docs/manmaster/apps/x509v3_config.html#TLS-Feature-aka-Must-Staple

TLS Feature (aka Must Staple)

This is a multi-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply.

The supported names are: status_request and status_request_v2.

Example:

tlsfeature = status_request

[33] Diff - 6c7aed048ca0a335e02dfee10976c5dc8620783e^! - boringssl - Git at Google ( ()) https://boringssl.googlesource.com/boringssl/+/6c7aed048ca0a335e02dfee10976c5dc8620783e%5E!/

[34] Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). by robstradling · Pull Request #495 · openssl/openssl ( ()) https://github.com/openssl/openssl/pull/495

[35] DigiCert OCSP-Stapling Improves NGINX Server Security | DigiCert Blog ( ()) https://blog.digicert.com/digicert-ocsp-stapling-improves-nginx-security/

[36] How to simply check if a certificate has the OCSP must-staple attribute? - Information Security Stack Exchange ( ()) http://security.stackexchange.com/questions/119316/how-to-simply-check-if-a-certificate-has-the-ocsp-must-staple-attribute

[37] Feature request: OCSP Must Staple (RFC 7633) - Google グループ ( ()) https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/-pB8IFNu5tw

[42] Add support for OCSP Must-Staple · Issue #249 · ebekker/ACMESharp () https://github.com/ebekker/ACMESharp/issues/249

[43] Improving revocation : will Let's Encrypt support OCSP Must-staple? - Feature Requests - Let's Encrypt Community Support () https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/25

[44] Support OCSP must staple · Issue #104 · jetstack/kube-lego () https://github.com/jetstack/kube-lego/issues/104

[45] OCSP Must-Staple (TLS Feature extension) · Issue #3891 · pyca/cryptography () https://github.com/pyca/cryptography/issues/3891

[46] /docs/manmaster/man5/x509v3_config.html (OpenSSL Foundation, Inc.著, ) https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#TLS-Feature-aka-Must-Staple

[47] High-reliability OCSP stapling and why it matters () https://blog.cloudflare.com/high-reliability-ocsp-stapling/

[48] High-reliability OCSP stapling and why it matters () https://blog.cloudflare.com/high-reliability-ocsp-stapling/

Firefox enforces OCSP must-staple, returning the following error if such a certificate is presented without a stapled OCSP response.

Chrome provides the ability to mark a domain as “Expect-Staple”. If Chrome sees a certificate for the domain without a staple, it will send a report to a pre-configured report endpoint.

[49] OCSP Expect-Staple - Google ドキュメント () https://docs.google.com/document/d/1aISglJIIwglcOAhqNfK-2vtQl-_dWAapc-VLDh-9-BE/edit#heading=h.rkpittae54q

[50] 1323141 - tryLater OCSP response causes hard failure when stapled () https://bugzilla.mozilla.org/show_bug.cgi?id=1323141

[51] How to Resolve the "Secure Connection Failed" Certificate Error in Firefox | Alexander's Blog () https://www.zubairalexander.com/blog/how-to-resolve-the-secure-connection-failed-error-in-firefox/

[52] Can not access gogs.io by Firefox · Issue #3606 · gogits/gogs () https://github.com/gogits/gogs/issues/3606

[53] TLS/OSCP Issues on gogs.io with Firefox · Issue #3793 · gogits/gogs () https://github.com/gogits/gogs/issues/3793

[54] OCSP server sending expired responses + stapling breaks Chrome - Help - Let's Encrypt Community Support () https://community.letsencrypt.org/t/ocsp-server-sending-expired-responses-stapling-breaks-chrome/23964

[55] OCSP stapling should not be green "Yes" for sites with revoked certificates · Issue #142 · ssllabs/ssllabs-scan () https://github.com/ssllabs/ssllabs-scan/issues/142

[56] Secure Connection Failed | Firefox サポートフォーラム | Mozilla サポート () https://support.mozilla.org/ja/questions/1161980

The problem lies with Microsoft, whose servers   (in layman's terms)   send an expired assurance that their SSL certificate is still valid.

Unfortunately it turns out that Firefox is the only browser checking for this on each secure https site it is loading.

(whereas other browsers glance over that and only check for  :

https://en.wikipedia.org/wiki/Extended_Validation_Certificate).

[57] An error occurred during a connection to tools.usps.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT | Firefox Support Forum | Mozilla Support () https://support.mozilla.org/bm/questions/1179899

[58] 727255 - Invalid OCSP stapled responses don't cause a spec-mandated connection abort - chromium - Monorail () https://bugs.chromium.org/p/chromium/issues/detail?id=727255

[59] Security FAQ - The Chromium Projects () https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation-

[60] ocsp-stapling.md () https://gist.github.com/sleevi/5efe9ef98961ecfb4da8

[61] 50740 – Enable OCSP Stapling by default () https://bz.apache.org/bugzilla/show_bug.cgi?id=50740

[65] RFC 7633 には Transport Layer Security (TLS) Extensions () https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtmlIANA登録簿があると書いてあるが、 実際には存在せず、 他の場所にも見当たらず。