PKI bug of the day
Kai Dietrich / 2011-11-03T18:45 / filed under: security pki wtf

You know, those web browsers with ssl support ... they have a reason why they basically ignore any OCSP/CRL errors.

Today I stumbled uppon a root certificate of a not-so-small international CA. Opinions differ, but generally CA roots should also be revokable and thus have an OCSP responder configured. Said certificate is one of the better roots and thus has a responder https://ocsp.some-ca.com set.

Now when you contact this responder something unexpected happens:

~ $ openssl s_client -host ocsp.some-ca.com -port 443
CONNECTED(00000003)
3125948630696:error:140770FC:SSL routines:\
  SSL23_GET_SERVER_HELLO:\
  unknown protocol:s23_clnt.c:683:

...

hmm ... something went wrong. tcpdump + wireshark shed some light on the problem: SYN, SYN-ACK, ACK ... tcp up, that's good ... now we send the SSL Client Hello. What we didn't expect was the reply from the server. A blatant (unencrypted):

HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Thu, 03 Nov 2011 17:45:54 GMT
Connection: close

Indeed, openssl is right: that doesn't look like an SSL handshake. It looks more like a slap with a large trout.