The 'OCSPRequest' callback does not send the OCSP response with TLS 1.3 · nodejs/node#28288

(10 comments) (0 reactions) (0 assignees)JavaScript (117,218 stars) (35,535 forks)batch import

help wantedtls

Description

Version: v12.4.0
Platform: Ubuntu 18.04 x86_64 (kernel 4.15.18)
Subsystem: TLS

We are using node 12 to run a HTTPS server for a simple website. I noticed a problem with the OCSPRequest event of the TLS server. For connections with TLS 1.2 or below, the callback (3rd argument) sends send response as expected (OCSPRequest docs). I checked with OpenSSL:

echo QUIT | openssl s_client -connect naos.fleetback.com:443 -servername naos.fleetback.com -status -tls1_2

CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = naos.fleetback.com
verify return:1
OCSP response: 
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    Produced At: Jun 19 09:31:00 2019 GMT
[...]

But with TLS 1.3 connections, no status is sent back:

echo QUIT | openssl s_client -connect naos.fleetback.com:443 -servername naos.fleetback.com -status -tls1_3

CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = naos.fleetback.com
verify return:1
OCSP response: no response sent
---

We use the "ocsp" package from NPM to handle OCSP caching. I debugged around this code and it always sends the expected <Buffer 30 82 02 0b 0a ...> in the callback.

const ocsp = require('ocsp');
const ocspCache = new ocsp.Cache();

function withOcspRequestCache(tlsServer) {
  tlsServer.on('OCSPRequest', function(cert, issuer, cb) {
    ocsp.getOCSPURI(cert, function(err, url) {
      if (err) return cb(err);
      if (url === null) return cb(null, null);
      const req = ocsp.request.generate(cert, issuer);
      ocspCache.probe(req.id, function(err, cached) {
        if (err) return cb(err);
        if (cached !== false) return cb(null, cached.response);
        ocspCache.request(req.id, { url, ocsp: req.data }, cb);
      });
    });
  });
}

Our server is a HTTP/2 server in compatibility mode. You can check the code below.

const fs = require('fs');
const http2 = require('http2');

const cert = fs.readFileSync(...);
const key = fs.readFileSync(...);
const dhparam = fs.readFileSync('./dhparam.pem');
const options = { cert, key, dhparam, ciphers, honorCipherOrder: false, allowHTTP1: true };
const server = http2.createSecureServer(options);
withOcspRequestCache(server);
server.listen(443, () => console.log('HTTPS server running on port 443'));

It looks like a bug in Node 12. Did you get the OCSPRequest event to work with TLS 1.3?

Thanks for your help.

Contributor guide

Tech stack: javascriptnodejs
Domain: backendsecurity
Issue type: bug
Difficulty: 4
Estimated time: over 1 week
Activity status: stale
Clarity: clear
Prerequisites: Node.js TLS moduleOCSP protocol basicsTLS 1.3 differences
Newbie friendliness: 15
Research direction: The issue describes that OCSP response is not sent in TLS 1.3 connections despite working in TLS 1.2. The root cause likely lies in Node.js's TLS implementation, specifically in the handling of the OCSPRequest event. Investigate the node/src/tls wrap.cc file, particularly the TLSSocket and TLSServer classes, to see how OCSP stapling is handled for different TLS versions. Check OpenSSL's behavior with TLS 1.3 and ensure that the OCSP callback is correctly invoked. Review comments in the issue for any additional insights or proposed fixes.