[tor-talk] Let's Encrypt Certificate Upgrade Blocks Tor. MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Drew at FoundingDocuments.org Drew at FoundingDocuments.org
Tue Jun 11 22:26:09 UTC 2019 

> Secure Connection Failed
> 
> An error occurred during a connection to foundingdocuments.org. A required TLS feature is missing. Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> 
> • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
> • Please contact the website owners to inform them of this problem.

Dear Tor-Talk, 

I accidentally blocked (at least) Tor users due to a security upgrade of my Let’s Encrypt certificates. I’m hoping someone can tell me what to do, besides going back to lesser security. Reloading over new circuits didn’t fix it, at least after 10 or so.  Safari loads my websites fine (from the shared server, please don’t laugh. :-) 

My main motivation for increasing the security of my certificates is the availability of tools to MITM my https connections on the vampire net. 

Best I can tell, if someone modifies my webpage between my https server and me, I will know about it. However, from what I can determine, it’s possible to run an http proxy with a local CA that can do things like strip off my encryption thus rendering the page in plain text. I’ve also gathered that techniques from RFCs can be used to prevent these MITM http proxies with local CAs from stripping the encryption. Thus when I manually (please don’t laugh :-) renewed my certs I added a few new options to the certbot client. 

In the security section I’d already been using --rsa-key-size 4096 so I’m sure that isn’t the issue. 
https://certbot.eff.org/docs/using.html#certbot-command-line-options

Before & After
certbot certonly --rsa-key-size 4096 --manual --preferred-challenges dns --cert-name Example.com -d Example.com -d www.Example.com

certbot certonly --rsa-key-size 4096 --must-staple --redirect --hsts --uir --staple-ocsp --manual --preferred-challenges dns --cert-name Example.com -d Example.com -d www.Example.com

All I did was add --must-staple --redirect --hsts --uir --staple-ocsp. 

--must-staple   Adds the OCSP Must Staple extension to the certificate. Autoconfigures OCSP Stapling for supported setups (Apache version >= 2.3.3 ). (default: False)
--redirect   Automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. (default: Ask)
--hsts   Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use SSL for the domain. Defends against SSL Stripping. (default: None)
--uir   Add the "Content-Security-Policy: upgrade-insecure-requests" header to every HTTP response. Forcing the browser to use https:// for every http:// resource. (default: None)
--staple-ocsp   Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS. (default: None)

I am guessing perhaps my Apache isn’t configured to deal with stapling?  But why would Tor Browser fail and not (at least) Safari? Is something regarding PKIX in Firefox missing or broken? A search of PKIX didn’t turn up much. 

How do I keep my security but unblock Tor Browser users? 

Thank you.

More information about the tor-talk mailing list