[openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Dec 15 16:32:42 UTC 2014
On Mon, Dec 15, 2014 at 05:24:03PM +0100, Tomas Mraz wrote:
> > This can break DANE TLSA verification, because the site's designated
> > trust anchor might no longer be in the shorter constructed chain.
> >
> > [Postfix not affected]
>
> Please enlighten me how this case could be broken by this change of
> default? If the trust anchor is not found in the trust list, the
> intermediate that is sent by the peer is followed anyway.
Yes, when a smaller list of trust anchors is employed the
"trusted-first" change does no harm, sorry about any confusion.
The DANE TLSA issue stands.
DANE TLSA PKIX-TA(0) records can designate the digest of a trust
anchor selected by the server operator. When TLS server transmits
a corresponding certificate chain it may not be safe to replace
that chain with a shorter chain, because the shorter chain may not
employ the designated trust anchor, causing DANE TLSA checks to
fail.
--
Viktor.
More information about the openssl-dev
mailing list