Which browsers and operating systems support Let's Encrypt

mrtux 2015-11-24 13:22:50 UTC #1

Right now the ISRG root CA is not included in any browsers yet. Therefore the LetsEncrypt Authority certificate is cross-signed by IdenTrust ("DST Root CA X3" Root CA).

Now, and especially when the ISRG Root is included in browsers, there should be some list in which "all" browsers/systems the Let'sEncrypt certificates are trusted. I try to compile a list here:

Android >= 2.3.6 ("DST Root CA X3" is included, see https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J, only tested >= 4.0 myself)

Mozilla

Firefox >= 2.0 and Thunderbird work on all systems ("DST Root CA X3" seems to be included since 2008, see https://bugzilla.mozilla.org/show_bug.cgi?id=359069; starting with Firefox 50 the ISRG Root will be directly trusted/included)
Firefox OS 2.2 works (see https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J)

Windows

Internet Explorer (and other software which uses the Windows CryptoAPI) works ("DST Root CA X3" is included in Windows trust store; will be automatically downloaded if locally missing with Windows >= Vista; XP SP3 see below)
Google Chrome works ("DST Root CA X3" is included in Windows trust store; not on Windows XP, see below)
Pidgin >= 2.11 ("DST Root CA X3" is included, see https://developer.pidgin.im/ticket/16835)
Git for Windows >= 2.6 ("DST Root CA X3" is included)
Windows XP SP3 - Requires some extra work to support. Does not support SNI, and is also problematic regarding supported ciphers. Certificates issued prior to March 25 2016 were not trusted by Chrome, IE, and Safari on XP SP3. However, certificates issued after that date can work with XP SP3 if you manually configure ciphers.

Apple

Safari 4.0 (w/ Mac OSX 10.4) ("DST Root CA X3" is trusted; see https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J)
iOS >= 3.1 works ("DST Root CA X3" is trusted, see https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J, only tested >= 6.0 myself)
iTunes Podcast Connect (https://feed.press/blog/2016/12/16/apple-silently-adds-support-lets-encrypt-certificates-podcast-feeds/)

Java

only works with 7u111+ and 8u101+ as the "DST Root CA X3" was added with these versions on 2016-07-19 (see https://bugs.openjdk.java.net/browse/JDK-8154757)

Linux

Debian >= 6 known to work ("DST Root CA X3" is trusted; see https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J, only tested >= 7.9 myself)
Ubuntu >= 12.04 known to work ("DST Root CA X3" is trusted, see https://community.letsencrypt.org/t/pidgin-doesnt-trust-le/3537?u=mrtux)

BlackBerry

Versions >= 10.3.3 work

Libraries

NSS >= 3.11.9 ("DST Root CA X3" is trusted, see https://wiki.mozilla.org/CA:IncludedCAs; "ISRG Root" will be in 3.26, see https://bugzilla.mozilla.org/show_bug.cgi?id=1290999)

Others known to work (based on https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J):

Amazon FireOS (Silk Browser)
Cyanogen 10,
Jolla Sailfish OS 1.1.2.16
Kindle v3.4.1

Unclear

PS3 and PS4 (according to http://www.sie.com/content/dam/corporate/jp/guideline/PS4_Web_Content-Guidelines_e.pdf PS4 and https://community.letsencrypt.org/t/lets-encrypt-and-the-playstation-4-browser-missing-ca-certificate/15751?u=mrtux is not supported, however, https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J reports PS3 to be working)

Known not to work (based on https://groups.google.com/a/letsencrypt.org/d/msg/client-dev/I-iFKihZ4Vo/kyw2EuaNlB0J)

Blackberry OS 6, 7 and 10.3.2 and below (>=10.3.3 should support Let's Encrypt according to https://community.letsencrypt.org/t/inclusion-of-isrg-root/9002/26?u=mrtux)
Android 2.3.5 (HTC Wildfire S, Stock Browser)
Nintendo 3DS
Windows XP-pre SP3 - cannot handle SHA256 signed certificates
Windows Live Mail (2012 mail client, not webmail) - according to https://community.letsencrypt.org/t/windows-live-mail-revocation-warning/26310 it is unable to handle certificates without a CRL.

Why should I use any other SSL certificates anymore?

What browsers trust letsencrypt's certificate?

Frequently Asked Questions (FAQ)

SANs per cert and SNI for hosting service

Wanna Try Letscrypt on my Server

What browsers trust letsencrypt's certificate?

Certificate problems on older android devices

Let's encrypt and the PlayStation 4 Browser: Missing CA certificate?

Having trouble with SAN cert on iOS 9

Cert error in Opera Mini browser

Site Identity Not Verifiable

Wanna Try Letscrypt on my Server

Certificate not working on a certain Windows XP machine

Not trusted in Chrome on Windows XP

Let's encrypt and the PlayStation 4 Browser: Missing CA certificate?

SSL certs in Java

Windows Live Mail revocation warning

Pidgin doesn't trust LE

Will the cross root cover trust by the default list in the JDK/JRE?

"Your connection is not private" - does it mean my connection is not secured?

Lulu 2015-11-24 16:41:06 UTC #2

trust chain is (in depth)

Your Server
Lets Encrypt X1 (must be sent as part of chain)
DST Root CA X3 (anchor)

for (almost) any other authority

Your Server
Intermediate (must be sent from server as part of chain)
CA Anchor (anchor, in browser storage)

so , as you can see there is no difference in certificate count in trust chain,
even there is no ISRG anchor at the moment, DST Root CA X3 acts like it.

And a worse example trust chain:

Your Server
Intermediate
Root CA (not trusted by some older clients, since CA bundles arent updated often) * cross signed
Other Root CA (anchor)

(WoSign has such chain, and other root ca is startcom)

LE is fine here, in the matter of being trusted by clients, propagating new anchor takes a lot of time

mrtux 2015-11-24 16:51:02 UTC #3

If the Root CA is not in the browser no certificates based on that CA are trusted. And for older Android devices even the (established?) "DST Root CA X3" Root CA is not trusted... So, most CAs write "trusted by 99% of all devices" and list the browsers/OS where and when they got included. This would also be helpful for LE. - If your "users" mainly use older Android LE is not and will not be an option at all.

ecdsa-chacha20 2015-11-24 17:38:21 UTC #4

I already tried to make use of the intermediate certificate signed by the still hidden root … with mixed results. https://community.letsencrypt.org/t/root-s-missing-main-cert-chain-not-supported/3191/2?u=ecdsa-chacha20

tlussnig 2015-11-30 22:41:40 UTC #7

Maybe someone can tell for what truststores and inclusion is requested?
- https://bugzilla.mozilla.org/show_bug.cgi?id=1204656
Are there any other tracking numbers for inclusion ?
For Mozilla not in the upcomming ca list:
- https://mozillacaprogram.secure.force.com/CA/UpcomingRootInclusionsReport
And also not in the included list:
- https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport

https://github.com/MoonchildProductions/Pale-Moon/issues/171
=> Rejected because of the short cert lifetime

jsha 2015-12-01 02:30:35 UTC #8

Terrific work, thank you very much for documenting this in such a clear and thorough way.

tlussnig 2015-12-01 07:20:24 UTC #9

@jsha Hi would it be possible to track in an thread where letsencrypt have applyed for truststore inclusion like mozilla i mentioned under https://technet.microsoft.com/en-us/library/cc751157.aspx i found the link to http://aka.ms/rootcertapply and trustcert@microsoft.com and for applying. This information would maybe interesting for many people here too.

jsha 2015-12-03 05:29:26 UTC #10

Windows XP:
- Pre-SP3 will never work, because it lacks SHA2 support.
- SP3: Chrome and IE don't currently work because of the name constraints on our intermediate. We're going to take a look at whether that's possible to work around in the long run, but for now it doesn't work.
- Firefox works because it has its own validation code.

[Help needed] Windows XP support

Windows Live Mail revocation warning

eva2000 2015-12-03 05:39:17 UTC #11

also one more reason is down to server configuration of ssl cipher preferences, some folks may configure their servers with ssl ciphers that don't work with WinXP

jsha 2015-12-08 05:25:24 UTC #13

cdetar 2016-01-08 00:33:04 UTC #14

Is there any place that collects information on whether LE is supported by various antivirus and MITM security vendors? I've encountered trouble with Avast. @mholt mentioned "multiple reports" about other Windows antivirus software in another thread

Would be useful to collect that info in addition to OS/browser support; we had to move off of letsencrypt for now because of trust issues with Avast.

jsha 2016-01-08 22:50:11 UTC #15

This thread would be an appropriate place for such information. Can you provide additional details about the trouble you've had with Avast, including OS versions, browser versions, Avast product and version, and screenshots? Thanks!

cdetar 2016-01-11 18:33:49 UTC #16

Thanks @jsha. I made a concerted effort to reproduce the problems with Avast myself in a VM but was unable to. After following up with the client, I found that they are on Windows XP SP3, and their syptoms are consistent with the known problems above: trust problems in IE and Chrome, but working in recent Firefox.

Long story short: I think our problem was not Avast, but the fact that the client was on Windows XP SP3. In all the iterations I tested, Avast was working fine in Win7, and disabling Avast on the client's XP SP3 machine had (unsurprisingly) no effect.

So short of @mholt's anecdotes in the other thread, I've got nothing to suggest there's a problem with Avast, even when it's configured to MITM HTTPS connections. Sorry for the FUD.

mholt 2016-01-11 18:47:32 UTC #17

It's not entirely FUD. Granted, the certs used in that case were not from Let's Encrypt, but I am still wary of MITM in general, especially antivirus software.

cdetar 2016-01-11 19:27:53 UTC #18

I'd heartily agree to that, but happy that at least as far as it looks right now, LE doesn't appear to be "broken" by that dubious practice with Avast.

avi 2016-01-24 22:29:59 UTC #19

I exchanged messages with John Chen, the CEO of BlackBerry, today. BlackBerry's security team is looking into adding support for Let's Encrypt and recognizing the "DST Root CA X3" Root CA.

Inclusion of ISRG Root

Jason 2016-01-25 09:16:11 UTC #20

I already created a thread there: https://community.letsencrypt.org/t/inclusion-of-isrg-root/.

Linux distro compatibilty as client

till 2016-01-25 20:39:14 UTC #21

https://helloworld.letsencrypt.org/ works in Fedora 22 and newer as well

tlussnig 2016-01-26 07:49:27 UTC #22

OS is Important if you use an Browser that does not have its own CA list.
Browser Version is Interesting with browsers having their own CA-List

My1 2016-01-26 08:41:00 UTC #23

that's why I use firefox. they not only have their own certs but also NSS meaning the MS'problems are not my problems. -> TLS 1.2, AES and EC even on XP (well I dont use it but you get my point.)