search

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.
https://badssl.com
Apache License 2.0
2.78k stars 186 forks source link

The reversed-chain.badssl.com endpoint is not currently replying with a reversed chain #503

Closed gurnec closed 2 years ago

gurnec commented 2 years ago

Instead reversed-chain.badssl.com is replying with this single certificate:

O = BadSSL Fallback. Unknown subdomain or no SNI., CN = badssl-fallback-unknown-subdomain-or-no-sni

along with an http response of:

HTTP/1.1 421 Misdirected Request ... If you have received this response, you are using a connection with the badssl.com fallback certificate. This means you are either trying to connect to an unknown subdomain, or your client does not support Server Name Indication (https:\//en.wikipedia.org/wiki/Server_Name_Indication).

Full details are below (s_client sets the SNI correctly by default.)

$ printf 'GET / HTTP/1.1\nHost: reversed-chain.badssl.com\nConnection: close\n\n' | openssl s_client -ign_eof reversed-chain.badssl.com:443
CONNECTED(00000003)
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = BadSSL Fallback. Unknown subdomain or no SNI., CN = badssl-fallback-unknown-subdomain-or-no-sni
   i:C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Intermediate Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE8DCCAtigAwIBAgIJAM28Wkrsl2exMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMjAwBgNVBAMMKUJhZFNTTCBJbnRlcm1lZGlh
dGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDgwODIxMTcwNVoXDTE4MDgw
ODIxMTcwNVowgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
FAYDVQQHDA1TYW4gRnJhbmNpc2NvMTYwNAYDVQQKDC1CYWRTU0wgRmFsbGJhY2su
IFVua25vd24gc3ViZG9tYWluIG9yIG5vIFNOSS4xNDAyBgNVBAMMK2JhZHNzbC1m
YWxsYmFjay11bmtub3duLXN1YmRvbWFpbi1vci1uby1zbmkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWe
sSssdj5swEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFC
xUbTFocnn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNEx
tt1NwMT8U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0Tb
ChKr3sMPR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm
/mtUmEAnhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjRTBDMAkG
A1UdEwQCMAAwNgYDVR0RBC8wLYIrYmFkc3NsLWZhbGxiYWNrLXVua25vd24tc3Vi
ZG9tYWluLW9yLW5vLXNuaTANBgkqhkiG9w0BAQsFAAOCAgEAsuFs0K86D2IB20nB
QNb+4vs2Z6kECmVUuD0vEUBR/dovFE4PfzTr6uUwRoRdjToewx9VCwvTL7toq3dd
oOwHakRjoxvq+lKvPq+0FMTlKYRjOL6Cq3wZNcsyiTYr7odyKbZs383rEBbcNu0N
c666/ozs4y4W7ufeMFrKak9UenrrPlUe0nrEHV3IMSF32iV85nXm95f7aLFvM6Lm
EzAGgWopuRqD+J0QEt3WNODWqBSZ9EYyx9l2l+KI1QcMalG20QXuxDNHmTEzMaCj
4Zl8k0szexR8rbcQEgJ9J+izxsecLRVp70siGEYDkhq0DgIDOjmmu8ath4yznX6A
pYEGtYTDUxIvsWxwkraBBJAfVxkp2OSg7DiZEVlMM8QxbSeLCz+63kE/d5iJfqde
cGqX7rKEsVW4VLfHPF8sfCyXVi5sWrXrDvJm3zx2b3XToU7EbNONO1C85NsUOWy4
JccoiguV8V6C723IgzkSgJMlpblJ6FVxC6ZX5XJ0ZsMI9TIjibM2L1Z9DkWRCT6D
QjuKbYUeURhScofQBiIx73V7VXnFoc1qHAUd/pGhfkCUnUcuBV1SzCEhjiwjnVKx
HJKvc9OYjJD0ZuvZw9gBrY7qKyBX8g+sglEGFNhruH8/OhqrV8pBXX/EWY0fUZTh
iywmc6GTT7X94Ze2F7iB45jh7WQ=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = BadSSL Fallback. Unknown subdomain or no SNI., CN = badssl-fallback-unknown-subdomain-or-no-sni

issuer=C = US, ST = California, L = San Francisco, O = BadSSL, CN = BadSSL Intermediate Certificate Authority

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1974 bytes and written 443 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 9B5F1FB69D3DC66B9C796794E5C5177FF82DC84B7FD5EF4AD3C129BC9E4D224F
    Session-ID-ctx: 
    Master-Key: BB90DB29DCBA71A068D5D406C4EF0CB54B285A5D0E33A2F7151C40E8D6C12E080A44DEDAD56ACF3546D824FFBCD8C31E
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - a2 82 a7 e0 ad dd 04 1e-a3 90 eb 94 92 4c 4b fc   .............LK.
    0010 - 55 0b 26 0a 0e 19 8b b1-ac f2 80 9b 7d 79 81 3e   U.&.........}y.>
    0020 - c0 ee 06 07 4a c1 2f 4a-ff 35 5a a5 4f 0d 09 e3   ....J./J.5Z.O...
    0030 - cd c4 1a 51 0b 9e 4c cf-2e 6a 3c 93 82 d4 df df   ...Q..L..j<.....
    0040 - ed ca cd 5a b6 6f ee 9d-d6 50 1f 6c 82 8e 55 ae   ...Z.o...P.l..U.
    0050 - 06 c2 ae 94 65 57 02 32-3b 84 56 55 4e 2f 93 09   ....eW.2;.VUN/..
    0060 - b7 0b ae 7b 0a 1a cf 8f-33 46 11 16 36 1f ab 54   ...{....3F..6..T
    0070 - 21 01 b5 0d 04 69 21 80-ff a3 c0 42 a9 f3 4d 31   !....i!....B..M1
    0080 - 30 0e e7 d0 1b 5f 1c f5-a1 df 4c 0e a7 b1 d0 76   0...._....L....v
    0090 - 12 c8 f6 25 71 92 a4 eb-a9 a3 51 af 7f 95 0d ef   ...%q.....Q.....
    00a0 - e0 71 32 2d 30 e5 99 37-03 66 1b 46 db 40 ca 56   .q2-0..7.f.F.@.V
    00b0 - fc a7 10 10 e1 76 95 33-74 03 cf 34 f1 f3 7b 2c   .....v.3t..4..{,
    00c0 - a9 e0 60 4d dd c8 93 da-13 4d 89 ef c8 1e 0b ac   ..`M.....M......

    Start Time: 1652288492
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
HTTP/1.1 421 Misdirected Request
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 11 May 2022 17:01:32 GMT
Content-Type: application/octet-stream
Content-Length: 284
Connection: close

If you have received this response, you are using a connection with the badssl.com fallback certificate. This means you are either trying to connect to an unknown subdomain, or your client does not support Server Name Indication (https://en.wikipedia.org/wiki/Server_Name_Indication).
janbrasna commented 2 years ago

Duplicate of #485

It's currently a known isssue:

(Only needs making sure the deployed prod test sets hide the case from #470 until there's a workaround for prod nginx…)

christhompson commented 2 years ago

The dashboard on the live site is now updated to include the removal, so reversed-chain shouldn't show up. I'll probably fully remove the remaining configs from the repo since I don't think we can support with Nginx, and as much as it would be fun to write a bunch of custom server TLS stuff I can't justify the time/maintenance burden :-)

gurnec commented 2 years ago

Thanks for the update, and sorry for the dup.