V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
parametrix
V2EX  ›  信息安全

Adguard on macOS 的 https filter 不检查证书吊销状态

  •  
  •   parametrix · 2019-10-29 22:10:05 +08:00 · 4745 次点击
    这是一个创建于 1843 天前的主题,其中的信息可能已经有所发展或是发生改变。

    最近尝试使用 adguard,为了获得匹敌浏览器插件的拦截效果就必须开启 https filter。但 adguard 作为 https client 并不完整,其中最严重的问题就是不检查证书的吊销状态,测试 https://revoked.badssl.com 会成功连接:

    https://i.imgur.com/VrOueN8.jpg

    。除此之外还支持一些陈旧的加密算法:

    https://i.imgur.com/MMsyRkV.png

    ,自生成根证书时间太长。

    实践中这些都不容易被利用,但总是削弱了安全性。考虑到这部分代码没有开源,说不清实践的质量到底怎么样,所以值不值得用大家就见仁见智了。

    以上问题已经写邮件给开发团队,目前还没有收到回复。

    第 1 条附言  ·  2019-10-31 18:28:59 +08:00

    今天收到了 Adguard 团队的回复如下:

    Let me please answer all the questions one by one:

    Adguard’s https filtering seems not checking the revoke status of certificates

    Ok, this one is unexpected, thank you so much for reporting this to us! Seems to be a Mac-specific issue, we'll handle it asap.

    A bug report: https://github.com/AdguardTeam/CoreLibs/issues/1170

    1. I see that Adguard will support to show the original certification’s info very soon, which is wonderful. Is it possible to give more details on the protocol used by the connection to the server at the same time? For example, is it TLS 1.2 or 1.3, ECDSA or RSA.

    This is a little bit orthogonal to showing a certificate, but we'll think about it as well: https://github.com/AdguardTeam/CoreLibs/issues/1171

    2. To prevent downgrade attacks, an option to choose the minimal TLS version would be fantastic. This can even provide a better security than normal browser!

    At the moment, AdGuard uses the very same settings as the browser. So if you specify the minimal TLS version in the browser settings (where it's possible), AG will use the same.

    第 2 条附言  ·  2019-10-31 18:29:16 +08:00

    3. Is it possible to use the system’s keychain to save the private key of the root certificate? I apologies if this is a naive question, I’m not an experienced Mac developer :)

    Technically, yes, it is possible. However, AdGuard generates a unique private key and stores it encrypted for a reason -- so that third-party apps could not access and read or modify it.

    4. Can you shorten the valid duration of the root certificate and rotate it frequently? For example, 6 months limitation for the root cert and 3 months for every domain cert.

    Here is how it works in the current version:

    1. AdGuard calculates a hash of the server certificates and uses it as a key in its own encrypted certs storage
    2. If there's no cert for this hash in the storage, it generates a new one and stores it there
    3. It's "not_after" date is set to the same value as the original cert had
    4. Once it expires, it is removed from the storage

    With this approach, we can be sure that whenever the domain certificate is changed, AG will reevaluate it, and generate a new certificate. On the other hand, rotating domain certificates more often does make sense to me, we should consider doing it. Re-generating the root certificate is also possible, but tbh I don't see much sense in doing it.

    15 条回复    2019-10-31 18:30:01 +08:00
    18x
        1
    18x  
       2019-10-29 22:41:47 +08:00 via Android
    这个证书吊销域名好像有点问题啊,我用 Firefox chrome 测试都是受信任的
    parametrix
        2
    parametrix  
    OP
       2019-10-29 23:00:15 +08:00
    @18x 不会吧,我这边 chrome 关掉 adguard 马上就有反应

    18x
        3
    18x  
       2019-10-29 23:05:32 +08:00 via Android
    18x
        4
    18x  
       2019-10-29 23:18:11 +08:00
    cydian
        5
    cydian  
       2019-10-30 00:25:13 +08:00 via Android
    手机 chrome 实测无吊销。
    parametrix
        6
    parametrix  
    OP
       2019-10-30 02:25:24 +08:00
    @cydian
    @18x



    所以这个证书的确是吊销了,难不成 OCSP 服务器在国内也被墙了。。。
    MicrosoftAccount
        7
    MicrosoftAccount  
       2019-10-30 02:34:02 +08:00
    chrome 早就不在线检测证书吊销状态了。Windows 下可以通过注册表修改 chrome 的 policy 强制启用
    注册表键值
    paste.ubuntu.com/p/76qZyDwbmt
    parametrix
        8
    parametrix  
    OP
       2019-10-30 07:30:34 +08:00
    @MicrosoftAccount

    但是我这边 chrome 和 safari 都是默认设置,都能正确提示证书吊销。而且根据

    https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md

    “ What's the story with certificate revocation?
    Chrome's primary mechanism for checking the revocation status of HTTPS certificates is CRLsets. ”

    chrome 仍然是检查证书吊销状态的。
    parametrix
        9
    parametrix  
    OP
       2019-10-30 07:43:27 +08:00
    @MicrosoftAccount

    而且这个证书的确在 CRL 里

    18x
        10
    18x  
       2019-10-30 07:54:15 +08:00 via Android
    用楼主这个测试网站 revoked.badssl.com 手机上 chrome Firefox 都会信任
    但我用另一个测试网站 revoked.grc.com Firefox 不信任 打开 adguard 以后 revoked.badssl.com 的证书会被替换,revoked.grc.com 的证书不会被替换
    parametrix
        11
    parametrix  
    OP
       2019-10-30 08:01:19 +08:00
    @18x 是的,我能重复你 revoked.grc.com 这里的结果。

    但是除了 revoked.badssl.com 会被替换,所有 https://www.digicert.com/digicert-root-certificates.htm 上的 revoked demo 都会被替换,比如

    https://assured-id-root-g3-revoked.chain-demos.digicert.com/
    https://assured-id-root-g2-revoked.chain-demos.digicert.com/
    https://global-root-ca-revoked.chain-demos.digicert.com/

    所以我还是觉得 adguard 不能正确检查证书吊销状态。
    18x
        12
    18x  
       2019-10-30 08:13:26 +08:00 via Android
    @parametrix 你举例的这几个域名我测试都能在 Firefox 信任 可能 adguard 和 Firefox 用的一个列表
    parametrix
        13
    parametrix  
    OP
       2019-10-30 08:18:32 +08:00 via iPhone
    @18x 而且都不检查证书引用的 crl 和 ocsp ...
    18x
        14
    18x  
       2019-10-30 08:29:53 +08:00 via Android
    @parametrix 所以啊 这个 adguard 检查不检查证书也没什么区别,反正浏览器都是信任 就个 IE 比较认真去检查
    parametrix
        15
    parametrix  
    OP
       2019-10-31 18:30:01 +08:00
    @18x
    @MicrosoftAccount

    已收到官方回复,谢谢
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5943 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 02:22 · PVG 10:22 · LAX 18:22 · JFK 21:22
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.