New issue
Advanced search Search tips

Issue 478225 link

Starred by 14 users

Issue metadata

Status: Duplicate
Merged: issue 477623
Owner: ----
Closed: Apr 2015
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Chrome TLS no longer supports secp521r1 in elliptic curve certificates

Reported by rse...@gmail.com, Apr 17 2015

Issue description

I have Version 42.0.2311.90 (64-bit).  In an update that took effect for me yesterday, the TLS handshake from Chrome changed.  The previous version supported three elliptic curve types, including secp521r1.  After the update secp521r1 is no longer supported.  As far as I know, there is no security related reason to drop support for secp521r1.

I can supply relevant packet captures if it would help.

 

Comment 1 by hdf...@gmail.com, Apr 17 2015

Same here on Windows. Also, the current Chromium (44.0.2374.0) has the same problem. (That's why I started to think, that this was intentional.) Can test here: https://www.ssllabs.com/ssltest/viewMyClient.html

Comment 2 by lindqv...@gmail.com, Apr 19 2015

Just to confirm, I see the same behavior (dropped support for secp521r1) in both OS X (42.0.2311.90 64-bit) and Windows (42.0.2311.90 m) versions of Chrome.

Comment 3 by hdf...@gmail.com, Apr 19 2015

Same on 64 bit version, and still present in Chromium 44.0.2375.0. Could we change the OS of this report to All?

After a bit of looking around, I'm starting to think, the problem might be coming from the BoringSSL library.
( https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/src/ssl/t1_lib.c&q=secp521r1&sq=package:chromium&dr=C&l=351 )
Here maybe? It says:
static const uint16_t eccurves_default[] = {
    23, /* X9_64_prime256v1 */
    24, /* secp384r1 */
};

Comment 4 by hdf...@gmail.com, Apr 19 2015

I'm starting to be more and more certain, that I may have bullseyed the problematic line right of the bat.
https://boringssl.googlesource.com/boringssl/+/e9fc3e547e557492316932b62881c3386973ceb2%5E!
I don't really understand the reasoning behind it.

Comment 5 Deleted

Comment 6 by rse...@gmail.com, Apr 19 2015

I'm thinking this function looks awfully suspicious.  It explicitly checks for two curves (not including secp521r1), and rejects all others.

https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/src/crypto/x509/x509_cmp.c&cl=GROK&l=368

Comment 7 by hdf...@gmail.com, Apr 19 2015

Yes, I have noticed that code segment as well, but that code section has not changed for a long time, and I think, it was never any different, and in Chrome 41 all was still working fine.

Comment 8 by hdf...@gmail.com, Apr 20 2015

Interesting, secp521r1 is supported on the Linux version of Chrome 42.0.2311.90 (64-bit). So it's only a Windows/OSX problem.
Labels: TE-NeedsFurtherTriage
 Issue 481114  has been merged into this issue.
Labels: -TE-NeedsFurtherTriage Cr-Internals-Network-SSL
Mergedinto: 477623
Status: Duplicate
After upgrading to 46.0.2490.71 (64-bit) on Linux it seems that it was removed here also. I can't connect to websites using secp521r1 anymore.

Comment 14 by n...@calyx.com, Apr 1 2017

I am curious to know if there are any updates on this issue
There are no changes in plans. Chrome does not support P-521.

Sign in to add a comment