Aral Balkan

How very bizarre… Chrom(ium) chokes if your TLS server certificate has an @ symbol in the Common Name (CN) field. It also fails with an “unable to parse file” error if you try to import a certificate authority that has the same (but, if you add the same certificate authority to the system trust store, it imports it without issue when you next start the browser).

TL; DR: Do not use the @ symbol in the Common Name (CN) fields of your TLS certificates.

#chrome #chromium #bug #tls #ssl #pki

1+
Aral Balkan

(Firefox has no trouble with the same certificates and neither does OpenSSL.)

Show thread
1
Paul Sutton

@aral

I am not a security expert but when I look at things like this, then read about security issues at Lastpass and other companies, is there a link. Surely the industry needs to get it's act together ASAP over all this.

1+
Gabriel Schneider

@zleap @aral how's this related to the lastpass incident?

1+
Paul Sutton
Follow

@gbrls @aral

I am not sure, I asking if these issues are related to companies being hacked.

· · 1 · 0 · 0
Gabriel Schneider

@zleap @aral I'd say probably not. Nowadays phishing campaigns are the most common way those big companies get hacked, but you never know. Not sure how this tls issue would help an attack.

0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…