Merge branch '2.9dev' into run_ssl_poodle_sockets

This commit is contained in:
David Cooper 2017-01-18 15:00:32 -05:00
commit 211ce0b3fd
2 changed files with 167 additions and 18 deletions

112
etc/common-primes.txt Normal file
View File

@ -0,0 +1,112 @@
## taken from https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse
# "mod_ssl 2.0.x/512-bit MODP group with safe prime modulus"
D4BCD52406F69B35994B88DE5DB89682C8157F62D8F33633EE5772F11F05AB22D6B5145B9F241E5ACC31FF090A4BC71148976F76795094E71E7903529F5A824B
# "mod_ssl 2.2.x/512-bit MODP group with safe prime modulus"
E6969D3D495BE32C7CF180C3BDD4798E91B7818251BB055E2A2064904A79A770FA15A259CBD523A6A6EF09C43048D5A22F971F3C20129B48000E6EDD061CBC053E371D794E5327DF611EBBBE1BAC9B5C6044CF023D76E05EEA9BAD991B13A63C974E9EF1839EB5DB125136F7262E56A8871538DFD823C6505085E21F0DD5C86B
# "mod_ssl 2.2.x/512-bit MODP group with safe prime modulus"
9FDB8B8A004544F0045F1737D0BA2E0B274CDF1A9F588218FB435316A16E374171FD19D8D8F37C39BF863FD60E3E300680A3030C6E4C3757D08F70E6AA871033
# "mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus"
D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68B0E7393E0F24218EB3
# "nginx/1024-bit MODP group with safe prime modulus"
BBBC2DCAD84674907C43FCF580E9CFDBD958A3F568B42D4B08EED4EB0FB3504C6C030276E710800C5CCBBAA8922614C5BEECA565A5FDF1D287A2BC049BE6778060E91A92A757E3048F68B076F7D36CC8F29BA5DF81DC2CA725ECE66270CC9A5035D8CECEEF9EA0274A63AB1E58FAFD4988D0F65D146757DA071DF045CFE16B9B
# "sun.security.provider/512-bit DSA group with 160-bit prime order subgroup"
FCA682CE8E12CABA26EFCCF7110E526DB078B05EDECBCD1EB4A208F3AE1617AE01F35B91A47E6DF63413C5E12ED0899BCD132ACD50D99151BDC43EE737592E17
# "sun.security.provider/768-bit DSA group with 160-bit prime order subgroup"
E9E642599D355F37C97FFD3567120B8E25C9CD43E927B3A9670FBEC5D890141922D2C3B3AD2480093799869D1E846AAB49FAB0AD26D2CE6A22219D470BCE7D777D4A21FBE9C270B57F607002F3CEF8393694CF45EE3688C11A8C56AB127A3DAF
# "sun.security.provider/1024-bit DSA group with 160-bit prime order subgroup"
FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7
# "openssl/512-bit MODP group with safe prime modulus"
DA583C16D9852289D0E4AF756F4CCA92DD4BE533B804FB0FED94EF9C8A4403ED574650D36999DB29D776276BA2D3D412E218F4DD1E084CF6D8003E7C4774E833
# "openssl/1024-bit MODP group with safe prime modulus"
97F64261CAB505DD2828E13F1D68B6D3DBD0F313047F40E856DA58CB13B8A1BF2B783A4C6D59D5F92AFC6CFF3D693F78B23D4F3160A9502E3EFAF7AB5E1AD5A65E554313828DA83B9FF2D941DEE95689FADAEA0936ADDF1971FE635B20AF470364603C2DE059F54B650AD8FA0CF70121C74799D7587132BE9B999BB9B787E8AB
# "openssl/2048-bit MODP group with safe prime modulus"
ED928935824555CB3BFBA2765A690461BF21F3AB53D2CD21DAFF78191152F10EC1E255BD686F680053B9226A2FE49A341F65CC59328ABDB1DB49EDDFA71266C3FD21047018F07FD6F758511972827B22A934181D2FCB21CF6D92AE43B6A829C727A3CB00C5F2E5FB0AA45985A2BDAD45F0B3ADF9E08135EED983B3CCAEEAEB66E6A95766B9F128A53F2280D70BA6F671939B810EF85A90E6CCCA6F665F7AC0101A1EF0FC2DB6080C6228B0ECDB8928EE0CA83D6594691669533C536013B02BA7D48287AD1C729E4135FCC27CE951DE6185FC199B76600F33F86BB3CA520E29C307E89016CCCC0019B6ADC3A4308B33A1AFD88C8D9D01DBA4C4DD7F0BBD6F38C3
# "openssl/2048-bit MODP group with safe prime modulus"
AED037C3BDF33FA2EEDC4390B70A20897B770175E9B92EB20F8061CCD4B5A591723C7934FDA9F9F3274490F8506472835BE059271C4F2C035A4EE756A36613F1382DBD474DE8A4A0322122E8C730A83C3E4800EEBD6F8548A5181711BA545231C843FAC4175FFAF849C440DB446D8462C1C3451B49EFA829F5C48A4C7BAC7F647EE000151AA9ED81101B36AB5C39AAFFEC54A3F8F97C1B7BF406DCB42DC092A5BAA06259EFEB3FAB12B426982E8F3EF4B3F7B4C3302A24C8AA4213D845035CE4A8ADD31F816616F19E21A5C95080597F8980AD6B814E35855B79E6844491527D552B72B7C78D8D6B993A736F8486B30588B8F1B87E89668A8BD3F13DDC517D4B
# "openssl/4096-bit MODP group with safe prime modulus"
FEEAD19DBEAF90F61CFCA1065D69DB08839A2A2B6AEF2488ABD7531FBB3E462E7DCECEFBCEDCBBBDF56549EE951530568188C3D97294166B6AABA0AA5CC8555F9125503A180E90324C7F39C6A3452F3142EE72AB7DFFC74C528DB6DA76D9C644F55D083E9CDE74F7E742413B69476617D2670F2BF6D59FFCD7C3BDDEED41E2BD2CCDD9E612F1056CAB88C441D7F9BA74651ED1A84D407A27D71895F777AB6C7763CC00E6F1C30B2FE79446927E74BC73B8431B53011AF5AD1515E63DC1DE83CC802ECE7DFC71FBDF179F8E41D7F1B43EBA75D5A9C3B11D4F1B0B5A0988A9AACBCCC1051226DC8410E41693EC8591E31EE2F5AFDFAEDE122D1277FC270BE4D25C1137A58BE961EAC9F27D4C71E2391904DD6AB27BECE5BD6C64C79B146C2D208CD63A4B74F8DAE638DBE2C8806BA107738A8DF5CFE214A4B73D03C91275FBA5728146CE5FEC01775B74481ADF86F4854D65F5DA4BB67F882A60CE0BCA0ACD157AA377F10B091AD0B568893039ECA33CDCB61BA8C9E32A87A2F5D8B7FD26734D2F096792352D70ADE9F4A51D8488BC57D32A638E0B14D6693F6776FFFB355FEDF652201FA70CB8DB34FB549490951A701E04AD49D671B74D089CAA8C0E5E833A21291D6978F918F25D5C769BDBE4BB72A84A1AFE6A0BBAD18D3EACC7B454AF408D4F1CCB23B9AE576FDAE2D1A68F43D275741DB19EEDC3B81B5E56964F5F8C3363
# "RFC2409/Oakley Group 1"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF
# "RFC2409/Oakley Group 2"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
# "RFC3526/Oakley Group 5"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
# "RFC3526/Oakley Group 14"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
# "RFC3526/Oakley Group 15"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF
# "RFC3526/Oakley Group 16"
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF
# "RFC5114/1024-bit DSA group with 160-bit prime order subgroup"
B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C69A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C013ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD7098488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708DF1FB2BC2E4A4371
# "RFC5114/2048-bit DSA group with 224-bit prime order subgroup"
AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC2129037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708B3BF8A317091883681286130BC8985DB1602E714415D9330278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486DCDF93ACC44328387315D75E198C641A480CD86A1B9E587E8BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71CF9DE5384E71B81C0AC4DFFE0C10E64F
# "RFC5114/2048-bit DSA group with 256-bit prime order subgroup"
87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597
# "weakdh.org/1024-bit MODP group with non-safe prime modulus"
D6C094AD57F5374F68D58C7B096872D945CEE1F82664E0594421E1D5E3C8E98BC3F0A6AF8F92F19E3FEF9337B99B9C93A055D55A96E425734005A68ED47040FDF00A55936EBA4B93F64CBA1A004E4513611C9B217438A703A2060C2038D0CFAAFFBBA48FB9DAC4B2450DC58CB0320A0317E2A31B44A02787C657FB0C0CBEC11D
# "weakdh.org/1024-bit MODP group with safe prime modulus"
C9BBF5F774A8297B0F97CDDA3A3468C7117B6BF799A13D9F1F5DAC487B2241FE95EFB13C2855DFD2F898B3F99188E24EDF326DD68C76CC85537283512D46F1953129C693364D8C71202EABB3EBC85C1DF53907FBD0B7EB490AD0BC99289686800C46AB04BF7CDD9AD425E6FB25592EB6258A0655D75E93B2671746AE349E721B
"weakdh.org/1024-bit MODP group with safe prime modulus"
829FEBFCE3EE0434862D3364A62BDE7B65F0C74A3A53B555291414FCAE5E86D734B16DBDCC952B1C5EB443B154B3B46662E811E11D8BC73134018A5EA7B5B6A9720D84BC28B74822C5AF24C904E5BB5ADABF8FF2A5ED7B456688D6CAB82F8AF0188A456C3ED62D2FEACF6BD3FD47337D884DFA09F0A3D69675E35806E3AE9593
# "weakdh.org/1024-bit MODP group with safe prime modulus"
92402435C3A12E44D3730D8E78CADFA78E2F5B51A956BFF4DB8E56523E9695E63E32506CFEB912F2A77D22E71BB54C8680893B82AD1BCF337F7F7796D3FB968181D9BA1F7034ABFB1F97B3104CF3203F663E81990B7E090F6C4C5EE1A0E57EC174D3E84AD9E72E6AC7DA6AEA12DF297C131854FBF21AC4E879C23BBC60B4F753
# "weakdh.org/1024-bit MODP group with safe prime modulus"
A9A34811446C7B69A29FF9997C2181ECFAAAD139CCDE2455755D42F42E700AFD86779D548A7C07CA5DE4233261117D0A5773F2459C331AF1A1B08EF8360A14DE4046F27462DA36AA47D9FDE292B8815D598C3A9C546E7ED395D22EC39119F5B922CC41B30AF220FF47BDE1B88334AD2981DDC5ED923F11C3DDD3B22C949DC41B
# "weakdh.org/1024-bit MODP group with safe prime modulus"
CA6B85646DC217657605DACFE801FAD7598453834AF126C8CC765E0F81014F2493546AB7DDE5C677C32D5B0605B1BBFA4C5DBFA3253ADB33205B7D8C67DF98C4BCE81C7813F9FC2615F1C332F953AB39CE8B7FE7E3951FB73131407F4D5489B6B17C68759A2EAF8B195A8DE80A165E4EB7520774B167A00FA5629FDC5A9A25F3
# "weakdh.org/1024-bit MODP group with safe prime modulus"
EB373E94AB618DF820D233ED93E3EBCB319BDAC20994C1DF003986A79FAFFF7654151CC9E064131492698B47496F5FDCFAF12892679D8BC31580D7D41CD83F81529C79513D58EC672E0E87FCD008C137E3E5861AB2D3A02F4D372CEE4F220FEB2C9039AC997664A7EBB754446AA69EB3E0EF3C60F91C26392B54EC35A970A7BB
# "weakdh.org/1024-bit MODP group with safe prime modulus"
80A68ADC5327E05CAAD07C4464B8ADEA908432AF9651B237F47A7A8BF84D568FDFDAFAB06621C0C428450F1C55F7D4A8ECE383F27D6055ADDF60C4B837DCC1E3B8374E379951792939FDC3BBB4285112C8B4A9F6FCE4DD53AA23F99E2647C394CE4D8BB82E773F41EB786CE84CD0C3DD4C31D755D1CF9E9B70C45EE28ECDABAB
# "weakdh.org/1024-bit MODP group with safe prime modulus"
C0EB5F3A4CB30A9FFE3786E84C03814169B520305AD49F54EFD8CAAC31A69B2973CC9F57B4B8F80D2C5FB68B3913B6172042D2E5BD53381A5E597696C9E97BD6488DB3395581320DDD4AF9CDE4A4EBE29118C68828E5B39289C267280B4FDC2510C288B2174D77EE0AAD9C1E17EA5ED37CF971B6B19A87118E529826591CA14B
# "weakdh.org/1024-bit MODP group with safe prime modulus"
8FC0E1E20574D6AB3C76DDEA64524C2076446B6798E5B6BD2614F9669A5061D699034DB4819780EC8EE28A4E66B5C4E0A634E47BF9C981A5EC4908EE1B83A410813165AC0AB6BDCFD3257188AC49399D541C16F2960F9D64B9C51EC085AD0BB4FE38901318F0CD6165D4B1B31C723953B83217F8B3EBF8708160E82D7911754B
# "haproxy 1.5 builtin"
EC86F870A03316EC051A7359CD1F8BF829E4D2CF52DDC2248DB5389AFB5CA4E4B2DACE665074A6854D4B1D30B82BF310E9A72D0571E781DF8B59523B5F430B68F1DB07BE086B1B23EE4DCC9E0E43A01EDF438CECBEBE90B45154B92F7B64764E5DD42EAEC29EAE514359C7779C503C0EED73045FF14C762AD8F8CFFC3440D1B442618466423904F868B262D755ED1B747591E0C569C1315CDB7B442ECE84580D1E660CC8449EFD4008675DFBA7768F001187E993F97DC4BC745520D44A412F43421AC1F297174927376B2F887E1CA0A1899227D9565A71C156377E3A9D05E7EE5D8F8217BCE9C2933082F9F4C9AE49DBD054B4D9754DFA06B8D63841B71F77F3
# "postfix builtin"
B0FEB4CFD45507E7CC88590D1726C50CA54A92238178DA88AA4C1306BF5D2F9EBC96B851009D0C0D75ADFD3BB17E714F3F91541444B830251CEBDF729C4CF1890D683F948EA4FB768918B29116900199668C53814E273D99E75A7AAFD5ECE27EFAED0118C2782559065C39F6CD4954AFC1B1EA4AF953D0DF6DAFD493E7BAAE9B
# "IronPort SMTPD builtin"
F8D5CCE87A3961B5F5CBC83440C51856E0E6FA6D5AB2831078C867621CA46CA87D7FA3B1AF75B8343C699374D36920F2E39A653DE8F0725AA6E2D2977537558CE27E784F4B549BEFB558927BA30C8BD81DACDCAE93027B5DCE1BC17670AF7DECE81149ABD7D632D9B80A6397CEBCC7A9619CCF38288EA3D523287743B04E6FB3
## taken from https://github.com/cryptosense/diffie-hellman-groups/blob/master/gen/common.json
# to be continued

View File

@ -9535,6 +9535,7 @@ run_logjam() {
local -i sclient_success=0
local exportdhe_cipher_list="EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA"
local exportdhe_cipher_list_hex="00,63, 00,65, 00,14, 00,11"
local all_dhe_ciphers="cc,15, 00,b3, 00,91, c0,97, 00,a3, 00,9f, cc,aa, c0,a3, c0,9f, 00,6b, 00,6a, 00,39, 00,38, 00,c4, 00,c3, 00,88, 00,87, 00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ab, cc,ad, c0,a7, c0,43, c0,45, c0,47, c0,53, c0,57, c0,5b, c0,67, c0,6d, c0,7d, c0,81, c0,85, c0,91, 00,a2, 00,9e, c0,a2, c0,9e, 00,aa, c0,a6, 00,67, 00,40, 00,33, 00,32, 00,be, 00,bd, 00,9a, 00,99, 00,45, 00,44, 00,a6, 00,6c, 00,34, 00,bf, 00,9b, 00,46, 00,b2, 00,90, c0,96, c0,42, c0,44, c0,46, c0,52, c0,56, c0,5a, c0,66, c0,6c, c0,7c, c0,80, c0,84, c0,90, 00,66, 00,18, 00,8e, 00,16, 00,13, 00,1b, 00,8f, 00,63, 00,15, 00,12, 00,1a, 00,65, 00,14, 00,11, 00,19, 00,17, 00,b5, 00,b4, 00,2d"
local -i i nr_supported_ciphers=0 server_key_exchange_len=0 ephemeral_pub_len=0
local addtl_warning="" hexc
local cve="CVE-2015-4000"
@ -9542,6 +9543,7 @@ run_logjam() {
local hint=""
local server_key_exchange ephemeral_pub key_bitstring="" dh_p
local using_sockets=true
local spaces=" "
"$SSL_NATIVE" && using_sockets=false
@ -9555,8 +9557,7 @@ run_logjam() {
fi
case $nr_supported_ciphers in
0)
local_problem_ln "$OPENSSL doesn't have any DHE EXPORT ciphers configured"
0) local_problem_ln "$OPENSSL doesn't have any DHE EXPORT ciphers configured"
fileout "logjam" "WARN" "LOGJAM: Not tested. $OPENSSL doesn't have any DHE EXPORT ciphers configured" "$cve" "$cwe"
return 3
;;
@ -9574,23 +9575,14 @@ run_logjam() {
sclient_success=$?
debugme egrep -a "error|failure" $ERRFILE | egrep -av "unable to get local|verify error"
fi
addtl_warning="$addtl_warning, common primes not checked."
if "$HAS_DH_BITS" || ( ! "$SSL_NATIVE" && ! "$FAST" && [[ $TLS_NR_CIPHERS -ne 0 ]] ); then
if ! "$do_allciphers" && ! "$do_cipher_per_proto"; then
addtl_warning="$addtl_warning \"$PROG_NAME -E/-e\" spots candidates"
else
addtl_warning="$addtl_warning See below for any DH ciphers + bit size"
fi
fi
if [[ $sclient_success -eq 0 ]]; then
pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses DHE EXPORT ciphers, common primes not checked."
fileout "logjam" "CRITICAL" "LOGJAM: VULNERABLE, uses DHE EXPORT ciphers, common primes not checked." "$cve" "$cwe" "$hint"
pr_svrty_high "VULNERABLE (NOT ok):"; out " uses DHE EXPORT ciphers"
fileout "logjam" "HIGH" "LOGJAM: VULNERABLE, uses DHE EXPORT ciphers" "$cve" "$cwe" "$hint"
else
pr_done_best "not vulnerable (OK)"; out "$addtl_warning"
fileout "logjam" "OK" "LOGJAM: not vulnerable $addtl_warning" "$cve" "$cwe"
pr_done_good "not vulnerable (OK):"; out " no DHE EXPORT ciphers"; out "$addtl_warning"
fileout "logjam" "OK" "LOGJAM: not vulnerable (no DHE EXPORT ciphers) $addtl_warning" "$cve" "$cwe"
fi
outln
if [[ $DEBUG -ge 2 ]]; then
if "$using_sockets"; then
@ -9610,7 +9602,7 @@ run_logjam() {
# Try all ciphers that use an ephemeral DH key. If successful, check whether the key uses a weak prime.
if "$using_sockets"; then
tls_sockets "03" "cc,15, 00,b3, 00,91, c0,97, 00,a3, 00,9f, cc,aa, c0,a3, c0,9f, 00,6b, 00,6a, 00,39, 00,38, 00,c4, 00,c3, 00,88, 00,87, 00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ab, cc,ad, c0,a7, c0,43, c0,45, c0,47, c0,53, c0,57, c0,5b, c0,67, c0,6d, c0,7d, c0,81, c0,85, c0,91, 00,a2, 00,9e, c0,a2, c0,9e, 00,aa, c0,a6, 00,67, 00,40, 00,33, 00,32, 00,be, 00,bd, 00,9a, 00,99, 00,45, 00,44, 00,a6, 00,6c, 00,34, 00,bf, 00,9b, 00,46, 00,b2, 00,90, c0,96, c0,42, c0,44, c0,46, c0,52, c0,56, c0,5a, c0,66, c0,6c, c0,7c, c0,80, c0,84, c0,90, 00,66, 00,18, 00,8e, 00,16, 00,13, 00,1b, 00,8f, 00,63, 00,15, 00,12, 00,1a, 00,65, 00,14, 00,11, 00,19, 00,17, 00,b5, 00,b4, 00,2d" "ephemeralkey"
tls_sockets "03" "$all_dhe_ciphers" "ephemeralkey"
sclient_success=$?
if [[ $sclient_success -eq 0 ]] || [[ $sclient_success -eq 2 ]]; then
cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE
@ -9634,13 +9626,54 @@ run_logjam() {
dh_p="$($OPENSSL pkey -pubin -text -noout <<< "$key_bitstring" | awk '/prime:/,/generator:/' | tail -n +2 | head -n -1)"
dh_p="$(strip_spaces "$(colon_to_spaces "$(newline_to_spaces "$dh_p")")")"
[[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
# At this point the DH key's prime has been extracted into $dh_p. Compare is against known weak primes.
debugme outln "dh_p: $dh_p"
echo "$dh_p" > $TEMPDIR/dh_p.txt
# attention: file etc/common-primes.txt is not correct!
common_primes_test $dh_p "$spaces"
else
out ", no DH key detected"
fileout "LOGJAM_common primes" "OK" "no DH key detected"
fi
outln
tmpfile_handle $FUNCNAME.txt
return $sclient_success
}
# takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR
# spaces to indent
common_primes_test() {
local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
local -i lineno_matched=0
local comment=""
local dhp="$1"
if [[ ! -s "$common_primes_file" ]]; then
outln
pr_warning "${2}couldn't read common primes file $common_primes_file"
fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file"
return 1
else
dh_p="$(toupper "$dh_p")"
# the most elegant thing to get the previous line " awk '/regex/ { print x }; { x=$0 }' " doesn't work with GNU grep
# this is bascially the hint we want to echo
lineno_matched=$(grep -n "$dh_p" "$common_primes_file" 2>/dev/null | awk -F':' '{ print $1 }')
if [[ "$lineno_matched" -ne 0 ]]; then
# get comment
comment="$(awk "NR == $lineno_matched-1" "$common_primes_file" | awk -F'"' '{ print $2 }')"
#FiXME: probably the high groups/bit sizes whould get a different rating, see paper
out "\n${2}"
pr_svrty_high "common prime \"$comment\" detected"
fileout "LOGJAM_common primes" "HIGH" "common prime \"$comment\" detected"
else
out ", "
pr_done_good " no common primes detected"
fileout "LOGJAM_common primes" "OK" "no common primes detected"
fi
fi
return 0
}
run_drown() {
local nr_ciphers_detected ret
@ -9656,7 +9689,7 @@ run_drown() {
outln
fi
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
pr_bold " DROWN"; out " ($cve) "
pr_bold " DROWN"; out " ($cve) "
sslv2_sockets
case $? in
@ -9700,7 +9733,11 @@ run_drown() {
# not advertising it as it after 5 tries and account is needed
cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
outln "$spaces https://censys.io/ipv4?q=$cert_fingerprint_sha2 could help you to find out"
fileout "drown" "INFO" "make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2"
fi
else
outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
fileout "drown" "INFO" "no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
fi
ret=0
;;