Post

Replies

Boosts

Views

Activity

Reply to BoringSSL certificate verification failure when connecting to secure websocket on iOS
Thanks for that insight @meaton, very helpful!I tried a few things but still no luck and same output from Xcode and Console 😟Re-created the letsencrypt certificate and enaled "OCSP Must Staple" support. Verified with Qualys Server Test tool.Correctly configured NGINX with OCSP support (the previous certificate did not have the "CT Precertificate SCTs" extension)Checked the generated certificate with openssl and I now see the embedded SCT.Tried connecting to the end-point from the device and got the same errors as before. (No TLS-provided SCTs, etc)I'm wondering if the old certificate is cached on the device. If it is, how would I clear it? I had HSTS enabled with 20 day max age on the domain so not sure if that affects anything on iOS.Below is the output from running "openssl x509 -in cert.pem -text" (only showing relevant data)Certificate: Data: X509v3 extensions: Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ TLS Feature: status_request X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32: 7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58 Timestamp : May 1 21:02:14.817 2020 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:2F:2C:22:85:50:DD:FD:DA:62:E9:60:BA: 95:6C:49:03:1E:9E:F9:6C:9F:AA:A0:17:65:7F:D7:D3: A4:E7:CC:02:02:21:00:D4:2F:55:CF:F6:57:AC:BF:3E: E5:8B:F5:A2:00:47:2D:C4:5E:A4:10:EE:D7:D6:B4:FF: 9E:21:1D:CC:6A:89:53 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 07:B7:5C:1B:E5:7D:68:FF:F1:B0:C6:1D:23:15:C7:BA: E6:57:7C:57:94:B7:6A:EE:BC:61:3A:1A:69:D3:A2:1C Timestamp : May 1 21:02:14.843 2020 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:17:63:1D:8E:76:CA:E0:A2:5C:42:92:7C: BC:06:60:C7:9B:46:BB:59:63:8F:E1:8A:BE:52:CB:15: FD:C4:DE:09:02:20:28:EF:48:E1:4B:BD:9D:05:29:52: FC:D9:5A:8B:82:08:9D:1A:A0:58:F0:33:FB:05:5E:E7: 56:A0:AE:64:84:C7Viewing the certificate from Firefox or Safari indicates the embedded SCT log provider is Cloudfare and Google and the OSCP url seems valid.For reference I found these 2 articles about how LetsEncrypt approaches embedding SCTs:Signed Certificate Timestamps embedded in certificatesEngineering deep dive: Encoding of SCTs in certificates
May ’20
Reply to BoringSSL certificate verification failure when connecting to secure websocket on iOS
Success! Connecting the secure websocket end-point now works. The changes I made (substituted my real domain with domain.example.com):Re-create letsencrypt certificate with "OCSP Must Staple" supportcertbot --nginx --hsts --staple-ocsp --must-staple -d domain.example.com Update NGINX config:* Properly support OCSP* Removed HTTP/2 from server block* ssl_trusted_certificate has to specify a certificate with embedded SCT (Signed Certificate Timestamps)Update iOS websocket library (Starscream) to latest version (v4.0.3)* This latest version uses URLSessionWebSocketTask for iOS 13+ and for iOS 12 seems to be overriding the verification to return true if certificate pinning is disabled. Still need to try with cert pinning enabled to see what happensNGINX Update map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream ws-signal { server localhost:8080; } server { listen 443 ssl; listen [::]:443 ssl; server_name domain.example.com; ssl_certificate /etc/letsencrypt/live/domain.example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/domain.example.com/privkey.pem; # managed by Certbot # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/domain.example.com/fullchain.pem; resolver 8.8.8.8 8.8.4.4; location /ws { proxy_pass http://ws-signal; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; } }Xcode and Console logs are below:XCode (iOS 12.4.6 device)2020-05-04 15:16:49.015893-0700 ViewLive[234:4296] [Common] _BSMachError: port 13d13; (os/kern) invalid capability (0x14) "Unable to insert COPY_SEND" websocket is connected: ["Strict-Transport-Security": "max-age=15552000; includeSubDomains", "Connection": "upgrade", "Upgrade": "websocket", "Date": "Mon, 04 May 2020 22:16:49 GMT", "Server": "nginx", "Sec-WebSocket-Accept": "/eit0Y/X5rQ5VC5+1V6s3gJTd7I="]Console (iOS 12.4.6 device -- no boring ssl warnings/failures)default 15:16:48.972613-0700 [C11 domain.example.com:443 tcp, tls, indefinite] start default 15:16:48.973726-0700 nw_connection_report_state_with_handler_locked [C11] reporting state preparing default 15:16:49.602958-0700 nw_endpoint_flow_protocol_connected [C11.1 76.90.112.55:443 in_progress channel-flow (satisfied)] Transport protocol connected default 15:16:50.021828-0700 nw_endpoint_flow_protocol_connected [C11.1 76.90.112.55:443 in_progress channel-flow (satisfied)] Output protocol connected default 15:16:50.185451-0700 nw_connection_report_state_with_handler_locked [C11] reporting state ready default 15:17:48.618618-0700 success removing entry for host firebaseremoteconfig.googleapis.com config 0x280160f80 default 15:17:48.619211-0700 TIC TCP Conn Cancel [6:0x28347c000]XCode (iOS 13.4.1 device)websocket is connected: ["Server": "nginx", "Upgrade": "websocket", "Strict-Transport-Security": "max-age=15552000; includeSubDomains", "Date": "Mon, 04 May 2020 22:27:32 GMT", "Sec-WebSocket-Accept": "KaMepQ15ll91KPt6r2BxmQqoW+I=", "Connection": "upgrade"]Console (iOS 13.4.1 device)default 15:27:31.983995-0700 [C11 1FF387F7-5917-466E-AAD1-40CF48D84A09 domain.example.com:443 tcp, tls, indefinite] start default 15:27:31.987035-0700 nw_connection_report_state_with_handler_on_nw_queue [C11] reporting state preparing default 15:27:32.388881-0700 tcp_output [C11.1:2] flags=[S] seq=3061544366, ack=0, win=65535 state=SYN_SENT rcv_nxt=0, snd_una=3061544366 default 15:27:32.393637-0700 tcp_input [C11.1:2] flags=[S.] seq=385384344, ack=3061544367, win=65160 state=SYN_SENT rcv_nxt=0, snd_una=3061544366 default 15:27:32.393783-0700 nw_flow_connected [C11.1 76.90.112.55:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0, ipv4, ipv6, dns)] Transport protocol connected default 15:27:32.393929-0700 boringssl_context_set_handshake_config(1471) [0x13dfd6bd0] set tls_handshake_config_standard default 15:27:32.394277-0700 boringssl_context_set_min_version(324) [0x13dfd6bd0] set 0x0301 default 15:27:32.394325-0700 boringssl_context_set_max_version(308) [0x13dfd6bd0] set 0x0304 default 15:27:32.394372-0700 boringssl_context_set_cipher_suites(843) [0x13dfd6bd0] Ciphersuite string: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA default 15:27:32.394421-0700 boringssl_context_set_remote_address(2555) [0x13dfd6bd0] Saving remote IPv4 address default 15:27:32.394471-0700 boringssl_session_install_association_state(1262) [0x13dfd6bd0] Client session cache miss default 15:27:32.394517-0700 boringssl_session_set_peer_hostname(1154) [0x13dfd6bd0] SNI domain.example.com default 15:27:32.394623-0700 boringssl_context_set_fallback(374) [C11.1:1][0x13dfd6bd0] set false default 15:27:32.394668-0700 boringssl_context_set_session_ticket_enabled(440) [C11.1:1][0x13dfd6bd0] set false default 15:27:32.394718-0700 boringssl_context_set_false_start(410) [C11.1:1][0x13dfd6bd0] set false default 15:27:32.394767-0700 boringssl_context_set_enforce_ev(400) [C11.1:1][0x13dfd6bd0] set false default 15:27:32.394813-0700 boringssl_context_set_ats_enforced(1285) [C11.1:1][0x13dfd6bd0] set false default 15:27:32.394857-0700 boringssl_context_set_ats_minimum_rsa_key_size(1294) [C11.1:1][0x13dfd6bd0] set 0 default 15:27:32.394902-0700 boringssl_context_set_ats_minimum_ecdsa_key_size(1303) [C11.1:1][0x13dfd6bd0] set 0 default 15:27:32.395034-0700 boringssl_context_set_ats_minimum_signature_algorithm(1313) [C11.1:1][0x13dfd6bd0] set 0 default 15:27:32.395085-0700 nw_protocol_boringssl_begin_connection(497) [C11.1:1][0x13dfd6bd0] early data disabled default 15:27:32.395129-0700 boringssl_context_info_handler(1970) [C11.1:1][0x13dfd6bd0] Client handshake started default 15:27:32.395260-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Writing SSL3_RT_HANDSHAKE 512 bytes default 15:27:32.395322-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS client enter_early_data default 15:27:32.395369-0700 boringssl_context_add_handshake_message_pending(578) [C11.1:1][0x13dfd6bd0] Adding message(1) default 15:27:32.395556-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS client read_server_hello default 15:27:32.395602-0700 boringssl_context_add_handshake_message_pending(578) [C11.1:1][0x13dfd6bd0] Adding message(2) default 15:27:32.395648-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.395694-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.395776-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.395824-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.396337-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.396384-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.396848-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 122 bytes default 15:27:32.396898-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_hello_retry_request default 15:27:32.396944-0700 boringssl_context_add_handshake_message_pending(578) [C11.1:1][0x13dfd6bd0] Adding message(2) default 15:27:32.396994-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Writing SSL3_RT_CHANGE_CIPHER_SPEC 1 bytes default 15:27:32.397039-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_server_hello default 15:27:32.397083-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_encrypted_extensions default 15:27:32.397134-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 10 bytes default 15:27:32.397178-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_certificate_request default 15:27:32.397227-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: waiting for data to read [2] default 15:27:32.397275-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 3123 bytes default 15:27:32.399467-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_server_certificate default 15:27:32.399707-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_server_certificate_verify default 15:27:32.399780-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 264 bytes default 15:27:32.399876-0700 boringssl_context_copy_peer_sct_list(1003) [C11.1:1][0x13dfd6bd0] SSL_get0_signed_cert_timestamp_list returned no SCT extension data default 15:27:32.400002-0700 boringssl_helper_create_sec_trust_with_certificates(607) [C11.1:1][0x13dfd6bd0] SecTrustCreateWithCertificates result: 0 default 15:27:32.400289-0700 boringssl_helper_create_sec_trust_with_certificates(612) [C11.1:1][0x13dfd6bd0] SecTrustSetOCSPResponse result: 0 default 15:27:32.400340-0700 boringssl_helper_create_sec_trust_with_certificates(621) [C11.1:1][0x13dfd6bd0] No TLS-provided SCTs default 15:27:32.400415-0700 boringssl_context_certificate_verify_callback(2071) [C11.1:1][0x13dfd6bd0] Asyncing for verify block default 15:27:32.400499-0700 boringssl_session_handshake_incomplete(170) [C11.1:1][0x13dfd6bd0] Handshake incomplete: certificate evaluation result pending [16] default 15:27:32.407354-0700 boringssl_context_certificate_verify_callback_block_invoke_3(2080) [C11.1:1][0x13dfd6bd0] Returning from verify block default 15:27:32.407439-0700 boringssl_context_certificate_verify_callback(2047) [C11.1:1][0x13dfd6bd0] Setting trust result to ssl_verify_ok default 15:27:32.407522-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client read_server_finished default 15:27:32.407588-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 52 bytes default 15:27:32.407636-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client send_end_of_early_data default 15:27:32.407685-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client send_client_certificate default 15:27:32.407834-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client complete_second_flight default 15:27:32.407952-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Writing SSL3_RT_HANDSHAKE 52 bytes default 15:27:32.408000-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS 1.3 client done default 15:27:32.408046-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS client finish_client_handshake default 15:27:32.408413-0700 boringssl_context_info_handler(1983) [C11.1:1][0x13dfd6bd0] Client handshake state: TLS client done default 15:27:32.408483-0700 boringssl_context_copy_peer_sct_list(1003) [C11.1:1][0x13dfd6bd0] SSL_get0_signed_cert_timestamp_list returned no SCT extension data default 15:27:32.408567-0700 boringssl_helper_create_sec_trust_with_certificates(607) [C11.1:1][0x13dfd6bd0] SecTrustCreateWithCertificates result: 0 default 15:27:32.408718-0700 boringssl_helper_create_sec_trust_with_certificates(612) [C11.1:1][0x13dfd6bd0] SecTrustSetOCSPResponse result: 0 default 15:27:32.408809-0700 boringssl_helper_create_sec_trust_with_certificates(621) [C11.1:1][0x13dfd6bd0] No TLS-provided SCTs default 15:27:32.408889-0700 boringssl_context_add_handshake_message_pending(578) [C11.1:1][0x13dfd6bd0] Adding message(20) default 15:27:32.408955-0700 boringssl_context_info_handler(1974) [C11.1:1][0x13dfd6bd0] Client handshake done default 15:27:32.409006-0700 nw_protocol_boringssl_signal_connected(701) [C11.1:1][0x13dfd6bd0] TLS connected [version(0x0304) ciphersuite(0x1302) group(0x001d) peer_key(0x0804) alpn() resumed(0) offered_ticket(0) false_started(0) ocsp(0) sct(0)] default 15:27:32.409084-0700 nw_flow_connected [C11.1 76.90.112.55:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0, ipv4, ipv6, dns)] Output protocol connected default 15:27:32.409284-0700 nw_connection_report_state_with_handler_on_nw_queue [C11] reporting state ready default 15:27:32.409454-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 65 bytes default 15:27:32.409537-0700 boringssl_context_new_session_handler(1117) [C11.1:1][0x13dfd6bd0] New session available default 15:27:32.409588-0700 boringssl_context_message_handler(2258) [C11.1:1][0x13dfd6bd0] Reading SSL3_RT_HANDSHAKE 65 bytes default 15:27:32.409634-0700 boringssl_context_new_session_handler(1117) [C11.1:1][0x13dfd6bd0] New session available
May ’20