Zit Seng's Blog

A Singaporean's technology and lifestyle blog

Google Screwed Up Secp384r1 ECC Certificates

I’ve been puzzling over this one for a while. I think, ever since I upgraded to Nougat, I have had some trouble accessing some of my websites. While my Nexus 6P’s browser could access my blog, the WordPress.com app could not. When adding a self-hosted blog to the WordPress.com app, it would complain that my SSL certificate was invalid.

The app had worked fine before on the Nexus 6P. It was still working fine on my aging Nexus 7. In fact, I was sure it had worked fine on the Nexus 6P previously too, likely before the upgrade to Nougat.

The invalid SSL certificate sounded like something was intercepting my SSL connection. Oddly, when I tried to view the certificate information, all I got was a blank window. I observed that even if I elected to trust the invalid SSL certificate, the connection still wouldn’t work.

Later, I found that the Cirrus for owncloud app on the Nexus 6P also couldn’t connect to my ownCloud server. This server is not the same one hosting my blog. My ownCloud server, however, was accessible by the Nexus 6P’s browser.

So here I have two sites on two different servers that could not be accessed by apps on my Nexus 6P, even though the Nexus 6P’s browser itself was just fine.

Then came the Pixel XL. The Pixel XL had the exact same issues with the Nexus 6P!

Dumping the SSL connection from the phone found that there appears to be a handshake error whenever apps, apart from the phone’s browser itself (Chrome, incidentally), tried to access either of my sites.

Now with a lot more information, I was finally able to find the apparent cause. Android 7.0 Nougat was not accepting secp384r1 Elliptic Curves. Previously, Android supported a whole long list of Elliptic Curves, but not anymore from Android 7.0. In Android 7.0, only one curve is supported:

secp256r1

I used secp384r1 on my SSL certificates!

Oh, how silly was that. Should I downgrade my SSL certificates? I know secp256r1 is just fine for now, and it’s not worse than 2048-bit RSA certificates which are currently considered as acceptable. Actually, secp256r1 is slightly better than 2048-bit RSA certificates so perhaps many others might consider that it suffices. But why settle for something that suffices? I want something better!

This issue was reported on Stackoverflow. So the discussion there did twist and turn, but the original OP shared the critical piece of information.

It seems from Android 7.1.1, the problem was resolved with support for three Elliptic Curves:

secp256r1
secp384r1
secp512r1

The original secp256r1 from Android 7.0 and Android 7.1 is still there, plus two new ones. Just a small fraction of what was supported previously, but most importantly secp384r1 is in the list.

I enrolled my Nexus 6P on the Android Beta program to get Android 7.1.1 installed via OTA. Voila, the WordPress.com app worked with my blog, and the Cirrus for owncloud app worked with my ownCloud server!

How about the Pixel XL? It’s not yet on Android 7.1.1. But build NPF26J should be rolling out about now. While that’s still Android 7.1, I’ve installed it and found it does addresses the issue.

If you’re having problems with your Android apps on Nougat not connecting to some sites, the fix is here, or coming in a software update soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

View Comment Policy