58

If I install a client certificate in my browser, which websites can see any information about this client certificate or the CA that issued it?

I once visited an ssl diagnostic site that immediately reported back information from one of my client certificates, including my name (which I had put in the CA that issued the client certificate).

This is related to: Protecting information in TLS client certificates But that's about how the certificate is sent to the website that the certificate is intended for. I'm asking about unrelated websites.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
user13097
  • 453
  • 4
  • 6

1 Answers1

69

Interesting question! I just so happen to have a browser full of test certs, and a number of test sites to connect to! Let's test this!

(Skip to the bottom for a summary)

Investigation

Testing on Firefox

Firefox loaded with certs, a test site that requires a TLS client cert, Wireshark.

I restarted Firefox to get a clean session. Then I entered the URL of a website that will ask for a TLS client cert, and stopped once I got the "Please choose a certificate" popup. This is the wireshark packet capture up to that point:

Wireshark packet capture of a mutual-auth TLS handshake from Firefox

Things to note:

The client sends a generic ClientHello.

The server sends a ServerHello that includes the server cert, and a request for a client cert.

At this point Firefox presents the popup for me to select which cert I wish to send. If I hit Cancel, then there is no further network traffic, ie nothing is sent to the server beyond the generic ClientHello which contains no personally identifiable information. (apart from the list of supported cipher suites, which could be used to determine which version of which browser you're using)

Note1: I tried the same test with only one client cert in my browser, and I even clicked "Remember this decision" on the cert selection popup, and get the same result. So I am unable to reproduce your result of private data being sent to the server without me clicking "OK".

Note2: As pointed out by @JohnWu in comments, you can change Firefox's behaviour in settings in which case it behaves in the same insecure way as Chrome below. Default setting is:

Firefox default setting for whether to prompt you for a certificate or to select one for you

Testing on Chrome

Exactly the same test scenario as above, but with Chrome. (Note that Chrome does not have its own cert store, but instead uses your Windows cert store, which is a bit trickier to manipulate than Firefox. Details for that not included here.)

BINGO!! Chrome immediately starts sending client certs up to the server without any user prompts. This cert got rejected by the server because that cert was for a different website. Yup, that's a privacy concern alright.

Wireshark packet capture of a mutual-auth TLS handshake from Chrome

Note1: @JohnWu points out that it's possible to change this behaviour and have Chrome prompt, but it's not the default behaviour, and you have to go diving in Windows group policy (GPO) to do it.

Note2: the reproducibility of this may depend on how your Windows OS was configured since Chrome tends to inherit a lot of its security settings from IE.

Summary

In my testing with the two browsers that I have in my test environment (Firefox and Chrome), Chrome exhibited the behaviour you describe (spamming client certs at the server regardless of whether they are from a different site), while Firefox politely asked me to confirm which cert to send, even when I only had one cert installed.

Conclusion: If you care about privacy, then Chrome is not your friend. Use Firefox instead.

guntbert
  • 1,825
  • 2
  • 18
  • 21
Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • 9
    I cannot reproduce these results. It's important to note that both browsers have changeable settings that can force the dialog to appear or suppress it altogether (Firefox is set via its UI, Chrome can be set via GPO). – John Wu Dec 11 '18 at 02:38
  • @JohnWu Ah, good point: I assume you mean the Firefox option "Certificates > [ ] Select one automatically, [ ] Ask me every time"? I'm fairly certain (though not 100%) that my testing browsers have all the defaults. Good point though. – Mike Ounsworth Dec 11 '18 at 02:45
  • 2
    Is there anything analogous to the GPO setting for Chrome on Mac OS? – Barmar Dec 11 '18 at 16:18
  • _"The server sends a ServerHello that includes the server cert, and a request for a client cert"_ : That glosses over important detail that influences how the browser selects an appropriate cert. The server response includes the acceptable certificate types, supported signature and hash algorithms and most importantly the set of CA DNs that it will accept as client cert issuers. (ref: rfc5246, 7.4.4. ) – Andy Brown Dec 11 '18 at 16:55
  • @AndyBrown Is that detail relevant to the privacy issue of whether the browser will send up your certs without any user interaction? Seems to me that a server that's looking to harvest user data would make the broadest request possible, no? – Mike Ounsworth Dec 11 '18 at 18:09
  • 1
    ... and / or would request a CA DN of a different website if it's looking to harvest specific information. – Mike Ounsworth Dec 11 '18 at 18:30
  • 1
    @MikeOunsworth yes... the privacy issue is real and Chrome IMHO is very much doing the wrong thing by default here. A malicious site could accept CAs known to issue client certs and harvest any info encoded into the _public_ client certificate. BTW 'websites' are irrelevant for client certs - there is no matching done against, for example, the CN component as there is for certs issued for website validation. – Andy Brown Dec 12 '18 at 09:00
  • I appreciate the thorough answer. I suspect browser behavior may change (get fixed) in future versions. I wonder what organizations that use client certificates do to protect themselves from such identity leakage of their employees. – user13097 Mar 22 '19 at 20:48