Let's Encrypt is Trusted

SSLLabs is showing a specific OSCP warning for the intermediate cert when looking at the helloworld.letsencrypt.org results at https://dev.ssllabs.com/ssltest/analyze.html?d=helloworld.letsencrypt.org&hideResults=on

Let’s Encrypt Authority X1
Fingerprint SHA1: 3eae91937ec85d74483ff4b77b07b43e2af36bf4
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
RSA 2048 bits (e 65537) / SHA256withRSA
OCSP ERROR: Next update not provided

And, of course, the ‘main’ certificate path is warned about due to the Root CA not being trusted yet.

Edit: The following are server setup issues/suggestions. IMHO, a new service demo page like helloworld.letsencrypt.org showing off LE should follow TLS best practices.

First issue is the main Intermediate CA. Let’s Encrypt Authority X1 is not properly sent with the certificate and is indicated as ‘Extra download’. Even if the Root CA has no trust at browsers yet, the official Intermediate/Signing CA cert should be sent with the cert, I think:

Let’s Encrypt Authority X1
Fingerprint SHA1: e045a5a959f42780fa5bd7623512af276cf42f20
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
RSA 2048 bits (e 65537) / SHA256withRSA

Second issue is keeping TLS 1.1 enabled. The choice is whether TLS 1.0 is supported or just TLS 1.2 which leaves out a lot of legacy stock Android browsers and old libraries already. TLS 1.1 doesn’t add anything to the list of supported devices nor has other benefit in client support like power saving on mobile devices.

Third issue is the long list of enabled ciphers. There are ciphers on it which no current browser will pick anyway. Perhaps it’s be better to limit the number of ciphers to 2 or 3 of them which are actually used.

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)

By personal taste, I would favor the ECDHE CBC cipher (but only in TLS 1.2) over the DHE and just take the first two on the list. Actually I would enable AES256 ciphers but they should be listed before their AES128 counterparts, not behind, so that they can actually be chosen by the browsers. Too many options are always questionable on security services, and options which require complicated cipher pinning on browser side should be avoided.

1 Like