[jitsi-dev] DTLS fingerprints and Firefox


#1

A quick heads-up regarding a soon-to-be Firefox compatibility issue:

I've been doing some testing with the videobridge and the latest libjitsi, which enforces the DTLS fingerprint check (videobridge issue #78). I've found that this breaks compatibility with Firefox. It seems that Firefox is sending a self-signed certificate that uses a SHA-1 hash, but sends a SHA-256 fingerprint in the SDP. This falls foul of the code in verifyAndValidateCertificate(), which expects the same hash function to be used in both cases.

Regards,
Gavin

···

________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.


#2

A quick heads-up regarding a soon-to-be Firefox compatibility issue:

I've been doing some testing with the videobridge and the latest libjitsi,
which enforces the DTLS fingerprint check (videobridge issue #78). I've
found that this breaks compatibility with Firefox. It seems that Firefox is
sending a self-signed certificate that uses a SHA-1 hash, but sends a
SHA-256
fingerprint in the SDP. This falls foul of the code in
verifyAndValidateCertificate(), which expects the same hash function to be
used in both cases.

It's a requirement of RFC 4572 (Section 5) that the same hash algorithm is
used in the certificate and in the SDP.

Regards,
Gavin

Ingo


#3

Ingo,

Thanks, I also noticed those RFC references in the source. I agree that according the RFC, Firefox is behaving incorrectly. If you just want to wait for Firefox to become RFC-compliant then that's fine, but I thought I'd provide some prior warning.

Regards,
Gavin

···

-----Original Message-----
From: dev [mailto:dev-bounces@jitsi.org] On Behalf Of Ingo Bauersachs
Sent: 19 August 2015 13:49
To: 'Jitsi Developers' <dev@jitsi.org>
Subject: Re: [jitsi-dev] DTLS fingerprints and Firefox

A quick heads-up regarding a soon-to-be Firefox compatibility issue:

I've been doing some testing with the videobridge and the latest
libjitsi, which enforces the DTLS fingerprint check (videobridge issue
#78). I've found that this breaks compatibility with Firefox. It
seems that Firefox is sending a self-signed certificate that uses a
SHA-1 hash, but sends a
SHA-256
fingerprint in the SDP. This falls foul of the code in
verifyAndValidateCertificate(), which expects the same hash function
to be used in both cases.

It's a requirement of RFC 4572 (Section 5) that the same hash algorithm is used in the certificate and in the SDP.

Regards,
Gavin

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev
________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.


#4

Dear Gavin,

If you just want to wait for Firefox to become RFC-compliant then that's fine, but I thought I'd provide some prior warning.

Thank you very much! We all appreciate your feedback.

I agree with you and Ingo on the subject of Firefox appearing to be
inconsistent with the RFC. I searched through Firefox's Bugzilla and
didn't find an issue related to that behavior. Would you mind
reporting it to Mozilla?

As to whether we should merely wait for Firefox to be fixed, I'd like
to share the following throughts:

RFC 4572 says: This ensures that the security properties required for
the certificate also apply for the fingerprint. It also guarantees
that the fingerprint will be usable by the other endpoint, so long as
the certificate itself is.

Since in this case the certificate's signature algorithm is SHA-1 and
the certificate fingerprint sent by Firefox is computed using SHA-256,
the check on the Videobridge would have to compute the certificate
fingerprint using an "upgraded" hash function i.e. SHA-256. Maybe we
could allow such an "upgrade" because it satisfies the security
properties required for the certificate? What do you think? Ingo?

Best regards,
Lyubo Marinov

···

2015-08-19 8:34 GMT-05:00 Llewellyn, Gavin <gavin.llewellyn@acision.com>:


#5

RFC 4572 says: This ensures that the security properties required for
the certificate also apply for the fingerprint. It also guarantees
that the fingerprint will be usable by the other endpoint, so long as
the certificate itself is.

Since in this case the certificate's signature algorithm is SHA-1 and
the certificate fingerprint sent by Firefox is computed using SHA-256,
the check on the Videobridge would have to compute the certificate
fingerprint using an "upgraded" hash function i.e. SHA-256. Maybe we
could allow such an "upgrade" because it satisfies the security
properties required for the certificate? What do you think? Ingo?

That's reasonable, I was actually thinking the same. But a bug at Mozilla
should be logged anyway so they do it correctly in the future.

Best regards,
Lyubo Marinov

Ingo


#6

I submitted PR for libjitsi some time ago regarding the configuration of
the algorithms; maybe now would be a good time to modify / commit it?

Paul

···

On Wed, Aug 19, 2015 at 3:59 PM Ingo Bauersachs <ingo@jitsi.org> wrote:

> RFC 4572 says: This ensures that the security properties required for
> the certificate also apply for the fingerprint. It also guarantees
> that the fingerprint will be usable by the other endpoint, so long as
> the certificate itself is.
>
> Since in this case the certificate's signature algorithm is SHA-1 and
> the certificate fingerprint sent by Firefox is computed using SHA-256,
> the check on the Videobridge would have to compute the certificate
> fingerprint using an "upgraded" hash function i.e. SHA-256. Maybe we
> could allow such an "upgrade" because it satisfies the security
> properties required for the certificate? What do you think? Ingo?

That's reasonable, I was actually thinking the same. But a bug at Mozilla
should be logged anyway so they do it correctly in the future.

> Best regards,
> Lyubo Marinov

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev