Merge branch 'master' into openss2rfc_rfc2openssl
This commit is contained in:
commit
0c146ef7a1
|
@ -21,9 +21,11 @@
|
||||||
- JSON and CSV output
|
- JSON and CSV output
|
||||||
- Client simulations
|
- Client simulations
|
||||||
|
|
||||||
* dcooper16
|
* David Cooper
|
||||||
- Detection + output of multiple certificates
|
- Detection + output of multiple certificates
|
||||||
- several cleanups of server certificate related stuff
|
- several cleanups of server certificate related stuff
|
||||||
|
- improved parsing of TLS ServerHello messages
|
||||||
|
- speed improvements when testing all ciphers
|
||||||
|
|
||||||
* Jean Marsault
|
* Jean Marsault
|
||||||
- client auth: ideas, code snipplets
|
- client auth: ideas, code snipplets
|
||||||
|
|
263
testssl.sh
263
testssl.sh
|
@ -324,9 +324,9 @@ pr_liteblueln() { pr_liteblue "$1"; outln; }
|
||||||
pr_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;32m$1" || out "\033[1;34m$1" ) || out "$1"; pr_off; } # used for head lines of single tests
|
pr_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;32m$1" || out "\033[1;34m$1" ) || out "$1"; pr_off; } # used for head lines of single tests
|
||||||
pr_blueln() { pr_blue "$1"; outln; }
|
pr_blueln() { pr_blue "$1"; outln; }
|
||||||
|
|
||||||
pr_warning() { [[ "$COLOR" -eq 2 ]] && out "\033[0;35m$1" || pr_underline "$1"; pr_off; } # litemagentai | local problem: one test cannot be done
|
pr_warning() { [[ "$COLOR" -eq 2 ]] && out "\033[0;35m$1" || pr_underline "$1"; pr_off; } # some local problem: one test cannot be done
|
||||||
pr_warningln() { pr_warning "$1"; outln; }
|
pr_warningln() { pr_warning "$1"; outln; } # litemagenya
|
||||||
pr_magenta() { [[ "$COLOR" -eq 2 ]] && out "\033[1;35m$1" || pr_underline "$1"; pr_off; } # Fatal error: quitting because of this!
|
pr_magenta() { [[ "$COLOR" -eq 2 ]] && out "\033[1;35m$1" || pr_underline "$1"; pr_off; } # fatal error: quitting because of this!
|
||||||
pr_magentaln() { pr_magenta "$1"; outln; }
|
pr_magentaln() { pr_magenta "$1"; outln; }
|
||||||
|
|
||||||
pr_litecyan() { [[ "$COLOR" -eq 2 ]] && out "\033[0;36m$1" || out "$1"; pr_off; } # not yet used
|
pr_litecyan() { [[ "$COLOR" -eq 2 ]] && out "\033[0;36m$1" || out "$1"; pr_off; } # not yet used
|
||||||
|
@ -375,8 +375,11 @@ pr_headlineln() { pr_headline "$1" ; outln; }
|
||||||
pr_squoted() { out "'$1'"; }
|
pr_squoted() { out "'$1'"; }
|
||||||
pr_dquoted() { out "\"$1\""; }
|
pr_dquoted() { out "\"$1\""; }
|
||||||
|
|
||||||
local_problem_ln() { pr_warningln "Local problem: $1"; }
|
|
||||||
local_problem() { pr_warning "Local problem: $1"; }
|
local_problem() { pr_warning "Local problem: $1"; }
|
||||||
|
local_problem_ln() { pr_warningln "Local problem: $1"; }
|
||||||
|
|
||||||
|
fixme() { pr_warning "fixme: $1"; }
|
||||||
|
fixme() { pr_warningln "fixme: $1"; }
|
||||||
|
|
||||||
### color switcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/
|
### color switcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/
|
||||||
### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html
|
### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html
|
||||||
|
@ -642,17 +645,17 @@ runs_HTTP() {
|
||||||
*) if $CLIENT_AUTH; then
|
*) if $CLIENT_AUTH; then
|
||||||
out "certificate based authentication => skipping all HTTP checks"
|
out "certificate based authentication => skipping all HTTP checks"
|
||||||
echo "certificate based authentication => skipping all HTTP checks" >$TMPFILE
|
echo "certificate based authentication => skipping all HTTP checks" >$TMPFILE
|
||||||
fileout "client_auth" "WARN" "certificate based authentication => skipping all HTTP checks"
|
fileout "client_auth" "INFO" "certificate based authentication => skipping all HTTP checks"
|
||||||
else
|
else
|
||||||
out " Couldn't determine what's running on port $PORT"
|
out " Couldn't determine what's running on port $PORT"
|
||||||
if $ASSUMING_HTTP; then
|
if $ASSUMING_HTTP; then
|
||||||
SERVICE=HTTP
|
SERVICE=HTTP
|
||||||
out " -- ASSUMING_HTTP set though"
|
out " -- ASSUMING_HTTP set though"
|
||||||
fileout "service" "WARN" "Couldn't determine service, --ASSUMING_HTTP set"
|
fileout "service" "DEBUG" "Couldn't determine service, --ASSUMING_HTTP set"
|
||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
out ", assuming no HTTP service => skipping all HTTP checks"
|
out ", assuming no HTTP service => skipping all HTTP checks"
|
||||||
fileout "service" "WARN" "Couldn't determine service, skipping all HTTP checks"
|
fileout "service" "DEBUG" "Couldn't determine service, skipping all HTTP checks"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -1011,7 +1014,7 @@ run_hpkp() {
|
||||||
out "\n$spaces"
|
out "\n$spaces"
|
||||||
pr_svrty_high " No matching key for pins found "
|
pr_svrty_high " No matching key for pins found "
|
||||||
out "(CAs pinned? -- not checked for yet)"
|
out "(CAs pinned? -- not checked for yet)"
|
||||||
fileout "hpkp_keymatch" "WARN" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this"
|
fileout "hpkp_keymatch" "DEBUG" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
out "--"
|
out "--"
|
||||||
|
@ -2238,6 +2241,12 @@ run_prototest_openssl() {
|
||||||
# 7: no local support
|
# 7: no local support
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# idempotent function to add SSL/TLS protocols. It should ease testing
|
||||||
|
# PROTOS_OFFERED's content is in openssl terminology
|
||||||
|
add_tls_offered() {
|
||||||
|
grep -w "$1" <<< "$PROTOS_OFFERED" || PROTOS_OFFERED+="$1 "
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# the protocol check needs to be revamped. It sucks, see above
|
# the protocol check needs to be revamped. It sucks, see above
|
||||||
run_protocols() {
|
run_protocols() {
|
||||||
|
@ -2277,6 +2286,7 @@ run_protocols() {
|
||||||
0)
|
0)
|
||||||
pr_svrty_criticalln "offered (NOT ok)"
|
pr_svrty_criticalln "offered (NOT ok)"
|
||||||
fileout "sslv2" "NOT ok" "SSLv2 is offered (NOT ok)"
|
fileout "sslv2" "NOT ok" "SSLv2 is offered (NOT ok)"
|
||||||
|
add_tls_offered "ssl2"
|
||||||
;;
|
;;
|
||||||
1)
|
1)
|
||||||
pr_done_bestln "not offered (OK)"
|
pr_done_bestln "not offered (OK)"
|
||||||
|
@ -2285,6 +2295,7 @@ run_protocols() {
|
||||||
5)
|
5)
|
||||||
pr_svrty_high "CVE-2015-3197: $supported_no_ciph2";
|
pr_svrty_high "CVE-2015-3197: $supported_no_ciph2";
|
||||||
fileout "sslv2" "WARN" "CVE-2015-3197: SSLv2 is $supported_no_ciph2"
|
fileout "sslv2" "WARN" "CVE-2015-3197: SSLv2 is $supported_no_ciph2"
|
||||||
|
add_tls_offered "ssl2"
|
||||||
;;
|
;;
|
||||||
7)
|
7)
|
||||||
fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support"
|
fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support"
|
||||||
|
@ -2302,6 +2313,7 @@ run_protocols() {
|
||||||
0)
|
0)
|
||||||
pr_svrty_highln "offered (NOT ok)"
|
pr_svrty_highln "offered (NOT ok)"
|
||||||
fileout "sslv3" "NOT ok" "SSLv3 is offered (NOT ok)"
|
fileout "sslv3" "NOT ok" "SSLv3 is offered (NOT ok)"
|
||||||
|
add_tls_offered "ssl3"
|
||||||
;;
|
;;
|
||||||
1)
|
1)
|
||||||
pr_done_bestln "not offered (OK)"
|
pr_done_bestln "not offered (OK)"
|
||||||
|
@ -2315,7 +2327,8 @@ run_protocols() {
|
||||||
fileout "sslv3" "WARN" "SSLv3 is $supported_no_ciph1"
|
fileout "sslv3" "WARN" "SSLv3 is $supported_no_ciph1"
|
||||||
pr_svrty_high "$supported_no_ciph2"
|
pr_svrty_high "$supported_no_ciph2"
|
||||||
outln "(may need debugging)"
|
outln "(may need debugging)"
|
||||||
;; # protocol ok, but no cipher
|
add_tls_offered "ssl3"
|
||||||
|
;;
|
||||||
7)
|
7)
|
||||||
fileout "sslv3" "INFO" "SSLv3 is not tested due to lack of local support"
|
fileout "sslv3" "INFO" "SSLv3 is not tested due to lack of local support"
|
||||||
;; # no local support
|
;; # no local support
|
||||||
|
@ -2331,6 +2344,7 @@ run_protocols() {
|
||||||
0)
|
0)
|
||||||
outln "offered"
|
outln "offered"
|
||||||
fileout "tls1" "INFO" "TLSv1.0 is offered"
|
fileout "tls1" "INFO" "TLSv1.0 is offered"
|
||||||
|
add_tls_offered "tls1"
|
||||||
;; # nothing wrong with it -- per se
|
;; # nothing wrong with it -- per se
|
||||||
1)
|
1)
|
||||||
outln "not offered"
|
outln "not offered"
|
||||||
|
@ -2341,10 +2355,12 @@ run_protocols() {
|
||||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||||
outln
|
outln
|
||||||
fileout "tls1" "MEDIUM" "TLSv1.0 is not offered, and downgraded to SSL"
|
fileout "tls1" "MEDIUM" "TLSv1.0 is not offered, and downgraded to SSL"
|
||||||
|
add_tls_offered "tls1"
|
||||||
;;
|
;;
|
||||||
5)
|
5)
|
||||||
outln "$supported_no_ciph1" # protocol ok, but no cipher
|
outln "$supported_no_ciph1" # protocol ok, but no cipher
|
||||||
fileout "tls1" "WARN" "TLSv1.0 is $supported_no_ciph1"
|
fileout "tls1" "WARN" "TLSv1.0 is $supported_no_ciph1"
|
||||||
|
add_tls_offered "tls1"
|
||||||
;;
|
;;
|
||||||
7)
|
7)
|
||||||
fileout "tlsv1" "INFO" "TLSv1.0 is not tested due to lack of local support"
|
fileout "tlsv1" "INFO" "TLSv1.0 is not tested due to lack of local support"
|
||||||
|
@ -2361,6 +2377,7 @@ run_protocols() {
|
||||||
0)
|
0)
|
||||||
outln "offered"
|
outln "offered"
|
||||||
fileout "tls1_1" "INFO" "TLSv1.1 is offered"
|
fileout "tls1_1" "INFO" "TLSv1.1 is offered"
|
||||||
|
add_tls_offered "tls1_1"
|
||||||
;; # nothing wrong with it
|
;; # nothing wrong with it
|
||||||
1)
|
1)
|
||||||
outln "not offered"
|
outln "not offered"
|
||||||
|
@ -2375,6 +2392,7 @@ run_protocols() {
|
||||||
5)
|
5)
|
||||||
outln "$supported_no_ciph1"
|
outln "$supported_no_ciph1"
|
||||||
fileout "tls1_1" "WARN" "TLSv1.1 is $supported_no_ciph1"
|
fileout "tls1_1" "WARN" "TLSv1.1 is $supported_no_ciph1"
|
||||||
|
add_tls_offered "tls1_1"
|
||||||
;; # protocol ok, but no cipher
|
;; # protocol ok, but no cipher
|
||||||
7)
|
7)
|
||||||
fileout "tls1_1" "INFO" "TLSv1.1 is not tested due to lack of local support"
|
fileout "tls1_1" "INFO" "TLSv1.1 is not tested due to lack of local support"
|
||||||
|
@ -2391,6 +2409,7 @@ run_protocols() {
|
||||||
0)
|
0)
|
||||||
pr_done_bestln "offered (OK)"
|
pr_done_bestln "offered (OK)"
|
||||||
fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)"
|
fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)"
|
||||||
|
add_tls_offered "tls1_2"
|
||||||
;; # GCM cipher in TLS 1.2: very good!
|
;; # GCM cipher in TLS 1.2: very good!
|
||||||
1)
|
1)
|
||||||
pr_svrty_mediumln "not offered"
|
pr_svrty_mediumln "not offered"
|
||||||
|
@ -2405,11 +2424,13 @@ run_protocols() {
|
||||||
5)
|
5)
|
||||||
outln "$supported_no_ciph1"
|
outln "$supported_no_ciph1"
|
||||||
fileout "tls1_2" "WARN" "TLSv1.2 is $supported_no_ciph1"
|
fileout "tls1_2" "WARN" "TLSv1.2 is $supported_no_ciph1"
|
||||||
|
add_tls_offered "tls1_2"
|
||||||
;; # protocol ok, but no cipher
|
;; # protocol ok, but no cipher
|
||||||
7)
|
7)
|
||||||
fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support"
|
fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support"
|
||||||
;; # no local support
|
;; # no local support
|
||||||
esac
|
esac
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2756,7 +2777,7 @@ check_tls12_pref() {
|
||||||
order="$cipher"
|
order="$cipher"
|
||||||
tested_cipher="-$cipher"
|
tested_cipher="-$cipher"
|
||||||
else
|
else
|
||||||
pr_warningln "fixme: something weird happened around line $((LINENO - 6))"
|
fixmeln "something weird happened around line $((LINENO - 6))"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
while true; do
|
while true; do
|
||||||
|
@ -2776,6 +2797,8 @@ check_tls12_pref() {
|
||||||
# second cipher set didn't succeed: we can just output everything
|
# second cipher set didn't succeed: we can just output everything
|
||||||
out " $order"
|
out " $order"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2811,7 +2834,7 @@ cipher_pref_check() {
|
||||||
# thus we reduce the number of ciphers we throw at the server and put later everything together
|
# thus we reduce the number of ciphers we throw at the server and put later everything together
|
||||||
# see #189
|
# see #189
|
||||||
# so far, this was only observed in TLS 1.2
|
# so far, this was only observed in TLS 1.2
|
||||||
check_tls12_pref "$cipher"
|
order=$(check_tls12_pref "$cipher")
|
||||||
else
|
else
|
||||||
out " $cipher" # this is the first cipher for protocol
|
out " $cipher" # this is the first cipher for protocol
|
||||||
while true; do
|
while true; do
|
||||||
|
@ -2848,7 +2871,7 @@ cipher_pref_check() {
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
done
|
done
|
||||||
outln
|
outln
|
||||||
[[ -z $order ]] || fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p:order"
|
[[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -4503,6 +4526,7 @@ sslv2_sockets() {
|
||||||
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
||||||
if [[ "$lines" -gt 1 ]]; then
|
if [[ "$lines" -gt 1 ]]; then
|
||||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||||
|
add_tls_offered "ssl2"
|
||||||
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
||||||
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
|
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
|
||||||
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
|
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
|
||||||
|
@ -4527,38 +4551,22 @@ sslv2_sockets() {
|
||||||
# ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2)
|
# ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2)
|
||||||
# ARG2: CIPHER_SUITES string
|
# ARG2: CIPHER_SUITES string
|
||||||
socksend_tls_clienthello() {
|
socksend_tls_clienthello() {
|
||||||
#FIXME: redo this with all extensions!
|
|
||||||
local tls_low_byte="$1"
|
local tls_low_byte="$1"
|
||||||
local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3
|
local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3
|
||||||
local servername_hexstr len_servername len_servername_hex
|
local servername_hexstr len_servername len_servername_hex
|
||||||
local hexdump_format_str
|
local hexdump_format_str part1 part2
|
||||||
local all_extensions
|
local all_extensions=""
|
||||||
local len_sni_listlen len_sni_ext len_extension_hex
|
local -i i j len_extension len_padding_extension len_all
|
||||||
local cipher_suites len_ciph_suites len_ciph_suites_word
|
local len_sni_listlen len_sni_ext len_extension_hex len_padding_extension_hex
|
||||||
|
local cipher_suites len_ciph_suites len_ciph_suites_byte len_ciph_suites_word
|
||||||
local len_client_hello_word len_all_word
|
local len_client_hello_word len_all_word
|
||||||
|
local ecc_cipher_suite_found=false
|
||||||
#len_servername=$(echo ${#NODE})
|
local extension_signature_algorithms extension_heartbeat
|
||||||
len_servername=${#NODE}
|
local extension_session_ticket extension_next_protocol extensions_ecc extension_padding
|
||||||
hexdump_format_str="$len_servername/1 \"%02x,\""
|
|
||||||
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
|
|
||||||
|
|
||||||
code2network "$2" # convert CIPHER_SUITES
|
code2network "$2" # convert CIPHER_SUITES
|
||||||
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
|
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
|
||||||
|
|
||||||
#formatted example for SNI
|
|
||||||
#00 00 # extension server_name
|
|
||||||
#00 1a # length = the following +2 = server_name length + 5
|
|
||||||
#00 18 # server_name list_length = server_name length +3
|
|
||||||
#00 # server_name type (hostname)
|
|
||||||
#00 15 # server_name length
|
|
||||||
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
|
|
||||||
|
|
||||||
# convert lengths we need to fill in from dec to hex:
|
|
||||||
len_servername_hex=$(printf "%02x\n" $len_servername)
|
|
||||||
len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
|
|
||||||
len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
|
|
||||||
len_extension_hex=$(printf "%02x\n" $((len_servername+9))) #FIXME: for TLS 1.2 and IIS servers we need extension_signature_algorithms!!
|
|
||||||
|
|
||||||
len_ciph_suites_byte=$(echo ${#cipher_suites})
|
len_ciph_suites_byte=$(echo ${#cipher_suites})
|
||||||
let "len_ciph_suites_byte += 2"
|
let "len_ciph_suites_byte += 2"
|
||||||
|
|
||||||
|
@ -4568,6 +4576,136 @@ socksend_tls_clienthello() {
|
||||||
len_ciph_suites_word="$LEN_STR"
|
len_ciph_suites_word="$LEN_STR"
|
||||||
#[[ $DEBUG -ge 3 ]] && echo $len_ciph_suites_word
|
#[[ $DEBUG -ge 3 ]] && echo $len_ciph_suites_word
|
||||||
|
|
||||||
|
if [[ "$tls_low_byte" != "00" ]]; then
|
||||||
|
# Add extensions
|
||||||
|
|
||||||
|
# Check to see if any ECC cipher suites are included in cipher_suites
|
||||||
|
for (( i=0; i<len_ciph_suites_byte; i=i+8 )); do
|
||||||
|
j=$i+4
|
||||||
|
part1="0x${cipher_suites:$i:2}"
|
||||||
|
part2="0x${cipher_suites:$j:2}"
|
||||||
|
if [[ "$part1" == "0xc0" ]]; then
|
||||||
|
if [[ "$part2" -ge "0x01" ]] && [[ "$part2" -le "0x19" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x23" ]] && [[ "$part2" -le "0x3b" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x48" ]] && [[ "$part2" -le "0x4f" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x5c" ]] && [[ "$part2" -le "0x63" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x70" ]] && [[ "$part2" -le "0x79" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x86" ]] && [[ "$part2" -le "0x8d" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0x9a" ]] && [[ "$part2" -le "0x9b" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
elif [[ "$part2" -ge "0xac" ]] && [[ "$part2" -le "0xaf" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
fi
|
||||||
|
elif [[ "$part1" == "0xcc" ]]; then
|
||||||
|
if [[ "$part2" == "0xa8" ]] || [[ "$part2" == "0xa9" ]] || [[ "$part2" == "0xac" ]] || [[ "$part2" == "0x13" ]] || [[ "$part2" == "0x14" ]]; then
|
||||||
|
ecc_cipher_suite_found=true && break
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#formatted example for SNI
|
||||||
|
#00 00 # extension server_name
|
||||||
|
#00 1a # length = the following +2 = server_name length + 5
|
||||||
|
#00 18 # server_name list_length = server_name length +3
|
||||||
|
#00 # server_name type (hostname)
|
||||||
|
#00 15 # server_name length
|
||||||
|
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
|
||||||
|
len_servername=${#NODE}
|
||||||
|
hexdump_format_str="$len_servername/1 \"%02x,\""
|
||||||
|
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
|
||||||
|
# convert lengths we need to fill in from dec to hex:
|
||||||
|
len_servername_hex=$(printf "%02x\n" $len_servername)
|
||||||
|
len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
|
||||||
|
len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
|
||||||
|
|
||||||
|
extension_signature_algorithms="
|
||||||
|
00, 0d, # Type: signature_algorithms , see RFC 5246
|
||||||
|
00, 20, # len
|
||||||
|
00,1e, 06,01, 06,02, 06,03, 05,01, 05,02, 05,03,
|
||||||
|
04,01, 04,02, 04,03, 03,01, 03,02, 03,03, 02,01, 02,02, 02,03"
|
||||||
|
|
||||||
|
extension_heartbeat="
|
||||||
|
00, 0f, 00, 01, 01"
|
||||||
|
|
||||||
|
extension_session_ticket="
|
||||||
|
00, 23, 00, 00"
|
||||||
|
|
||||||
|
extension_next_protocol="
|
||||||
|
33, 74, 00, 00"
|
||||||
|
|
||||||
|
# Supported Elliptic Curves Extension and Supported Point Formats Extension.
|
||||||
|
extensions_ecc="
|
||||||
|
00, 0a, # Type: Supported Elliptic Curves , see RFC 4492
|
||||||
|
00, 3a, 00, 38, # lengths
|
||||||
|
00, 01, 00, 02, 00, 03, 00, 04, 00, 05, 00, 06, 00, 07, 00, 08,
|
||||||
|
00, 09, 00, 0a, 00, 0b, 00, 0c, 00, 0d, 00, 0e, 00, 0f, 00, 10,
|
||||||
|
00, 11, 00, 12, 00, 13, 00, 14, 00, 15, 00, 16, 00, 17, 00, 18,
|
||||||
|
00, 19, 00, 1a, 00, 1b, 00, 1c,
|
||||||
|
00, 0b, # Type: Supported Point Formats , see RFC 4492
|
||||||
|
00, 02, # len
|
||||||
|
01, 00"
|
||||||
|
|
||||||
|
all_extensions="
|
||||||
|
00, 00 # extension server_name
|
||||||
|
,00, $len_sni_ext # length SNI EXT
|
||||||
|
,00, $len_sni_listlen # server_name list_length
|
||||||
|
,00 # server_name type (hostname)
|
||||||
|
,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
|
||||||
|
,$servername_hexstr # server_name target
|
||||||
|
,$extension_heartbeat
|
||||||
|
,$extension_session_ticket
|
||||||
|
,$extension_next_protocol"
|
||||||
|
|
||||||
|
# RFC 5246 says that clients MUST NOT offer the signature algorithms
|
||||||
|
# extension if they are offering TLS versions prior to 1.2.
|
||||||
|
if [[ "0x$tls_low_byte" -ge "0x03" ]]; then
|
||||||
|
all_extensions="$all_extensions
|
||||||
|
,$extension_signature_algorithms"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if $ecc_cipher_suite_found; then
|
||||||
|
all_extensions="$all_extensions
|
||||||
|
,$extensions_ecc"
|
||||||
|
fi
|
||||||
|
|
||||||
|
code2network "$all_extensions" # convert extensions
|
||||||
|
all_extensions="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
|
||||||
|
len_extension=${#all_extensions}
|
||||||
|
len_extension+=2
|
||||||
|
len_extension=$len_extension/4
|
||||||
|
len_extension_hex=$(printf "%02x\n" $len_extension)
|
||||||
|
|
||||||
|
# If the length of the Client Hello would be between 256 and 511 bytes,
|
||||||
|
# then add a padding extension (see RFC 7685)
|
||||||
|
len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2))
|
||||||
|
if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]]; then
|
||||||
|
if [[ $len_all -gt 508 ]]; then
|
||||||
|
len_padding_extension=0
|
||||||
|
else
|
||||||
|
len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2))
|
||||||
|
fi
|
||||||
|
len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension)
|
||||||
|
len2twobytes "$len_padding_extension_hex"
|
||||||
|
all_extensions="$all_extensions\\x00\\x15\\x${LEN_STR:0:2}\\x${LEN_STR:4:2}"
|
||||||
|
for (( i=0; i<len_padding_extension; i++ )); do
|
||||||
|
all_extensions="$all_extensions\\x00"
|
||||||
|
done
|
||||||
|
len_extension=$len_extension+$len_padding_extension+0x4
|
||||||
|
len_extension_hex=$(printf "%02x\n" $len_extension)
|
||||||
|
fi
|
||||||
|
len2twobytes "$len_extension_hex"
|
||||||
|
all_extensions="
|
||||||
|
,$LEN_STR # first the len of all extentions.
|
||||||
|
,$all_extensions"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
# RFC 3546 doesn't specify SSLv3 to have SNI, openssl just ignores the switch if supplied
|
# RFC 3546 doesn't specify SSLv3 to have SNI, openssl just ignores the switch if supplied
|
||||||
if [[ "$tls_low_byte" == "00" ]]; then
|
if [[ "$tls_low_byte" == "00" ]]; then
|
||||||
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27)))
|
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27)))
|
||||||
|
@ -4607,45 +4745,6 @@ socksend_tls_clienthello() {
|
||||||
,01 # Compression methods length
|
,01 # Compression methods length
|
||||||
,00" # Compression method (x00 for NULL)
|
,00" # Compression method (x00 for NULL)
|
||||||
|
|
||||||
#TODO,add (see heartbleed)
|
|
||||||
# extension lenghth (word)
|
|
||||||
# extension ec_point_formats (4 words) 1st: 00 0b
|
|
||||||
#len 00 04
|
|
||||||
# ec prot formats len: 03
|
|
||||||
# uncompressed 00
|
|
||||||
# EC point format: ansiX962_compressed_prime 01
|
|
||||||
# EC point format: ansiX962_compressed_char2 02
|
|
||||||
|
|
||||||
# ec, 1st: 00 0a
|
|
||||||
# 2nd length: (word) e.g. 0x34
|
|
||||||
# 3rd: ec curve len ln-2 e.g. 0x32
|
|
||||||
# 4.-n. curves e.g. 25 words
|
|
||||||
|
|
||||||
# Extension: Session Ticket 00 23
|
|
||||||
|
|
||||||
extension_signature_algorithms="
|
|
||||||
00, 0d, # Type: signature_algorithms , see RFC 5246
|
|
||||||
00, 20, # len
|
|
||||||
00,1e, 06,01, 06,02, 06,03, 05,01, 05,02, 05,03,
|
|
||||||
04,01, 04,02, 04,03, 03,01, 03,02, 03,03, 02,01, 02,02, 02,03"
|
|
||||||
|
|
||||||
# Extension: Haertbeat 00 0f
|
|
||||||
# len 00 01
|
|
||||||
# peer allowed to send requests 01
|
|
||||||
|
|
||||||
if [[ "$tls_low_byte" == "00" ]]; then
|
|
||||||
all_extensions=""
|
|
||||||
else #FIXME: we (probably) need extension_signature_algorithms here. TLS 1.2 fails on IIS otherwise
|
|
||||||
all_extensions="
|
|
||||||
,00, $len_extension_hex # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9
|
|
||||||
,00, 00 # extension server_name
|
|
||||||
,00, $len_sni_ext # length SNI EXT
|
|
||||||
,00, $len_sni_listlen # server_name list_length
|
|
||||||
,00 # server_name type (hostname)
|
|
||||||
,00, $len_servername_hex # server_name length
|
|
||||||
,$servername_hexstr" # server_name target
|
|
||||||
fi
|
|
||||||
|
|
||||||
fd_socket 5 || return 6
|
fd_socket 5 || return 6
|
||||||
|
|
||||||
code2network "$TLS_CLIENT_HELLO$all_extensions"
|
code2network "$TLS_CLIENT_HELLO$all_extensions"
|
||||||
|
@ -5449,11 +5548,11 @@ run_drown() {
|
||||||
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
|
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
|
||||||
case $? in
|
case $? in
|
||||||
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
||||||
pr_cyan "strange v2 reply "
|
fixme "strange v2 reply "
|
||||||
outln " (rerun with DEBUG >=2)"
|
outln " (rerun with DEBUG >=2)"
|
||||||
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
|
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
|
||||||
ret=7
|
ret=7
|
||||||
fileout "DROWN" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
||||||
;;
|
;;
|
||||||
3) # vulnerable
|
3) # vulnerable
|
||||||
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
|
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
|
||||||
|
@ -5462,16 +5561,16 @@ run_drown() {
|
||||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||||
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
||||||
pr_svrty_highln "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)";
|
pr_svrty_highln "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)";
|
||||||
fileout "DROWN" "NOT ok" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher"
|
fileout "drown" "NOT ok" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher"
|
||||||
else
|
else
|
||||||
pr_svrty_criticalln "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers";
|
pr_svrty_criticalln "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers";
|
||||||
fileout "DROWN" "NOT ok" "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"
|
fileout "drown" "NOT ok" "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
ret=1
|
ret=1
|
||||||
;;
|
;;
|
||||||
*) pr_done_bestln "not vulnerable on this port (OK)"
|
*) pr_done_bestln "not vulnerable on this port (OK)"
|
||||||
fileout "DROWN" "OK" "not vulnerable to DROWN"
|
fileout "drown" "OK" "not vulnerable to DROWN"
|
||||||
outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services"
|
outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services"
|
||||||
if [[ "$DEBUG" -ge 1 ]] || "$SHOW_CENSYS_LINK"; then
|
if [[ "$DEBUG" -ge 1 ]] || "$SHOW_CENSYS_LINK"; then
|
||||||
# not advertising it as it after 5 tries and account is needed
|
# not advertising it as it after 5 tries and account is needed
|
||||||
|
@ -5746,7 +5845,7 @@ run_tls_truncation() {
|
||||||
|
|
||||||
old_fart() {
|
old_fart() {
|
||||||
outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
|
outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
|
||||||
fileout "old_fart" "WARN" "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed. Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
|
fileout "old_fart" "ERROR" "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed. Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
|
||||||
fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -2
|
fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7375,4 +7474,4 @@ fi
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.495 2016/06/07 11:02:57 dirkw Exp $
|
# $Id: testssl.sh,v 1.496 2016/06/07 21:06:57 dirkw Exp $
|
||||||
|
|
Loading…
Reference in New Issue