Merge pull request #1463 from drwetter/shortcurt_vulns
Shortcuts for vulnerability tests for TLS 1.3 only servers
This commit is contained in:
commit
2181061c6e
|
@ -9,12 +9,12 @@ use Data::Dumper;
|
||||||
|
|
||||||
my $tests = 0;
|
my $tests = 0;
|
||||||
my $prg="./testssl.sh";
|
my $prg="./testssl.sh";
|
||||||
my $uri="badssl.com";
|
my $uri="heise.de";
|
||||||
my $out="";
|
my $out="";
|
||||||
my $html="";
|
my $html="";
|
||||||
my $debughtml="";
|
my $debughtml="";
|
||||||
my $edited_html="";
|
my $edited_html="";
|
||||||
my $check2run="--color 0 --htmlfile tmp.html";
|
my $check2run="--ip=one --color 0 --htmlfile tmp.html";
|
||||||
|
|
||||||
die "Unable to open $prg" unless -f $prg;
|
die "Unable to open $prg" unless -f $prg;
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ printf "\n%s\n", "Doing HTML output checks";
|
||||||
unlink 'tmp.html';
|
unlink 'tmp.html';
|
||||||
|
|
||||||
#1
|
#1
|
||||||
printf "%s\n", " .. running $prg against $uri to create HTML and terminal outputs (may take 2~3 minutes)";
|
printf "%s\n", " .. running $prg against \"$uri\" to create HTML and terminal outputs (may take ~2 minutes)";
|
||||||
# specify a TERM_WIDTH so that the two calls to testssl.sh don't create HTML files with different values of TERM_WIDTH
|
# specify a TERM_WIDTH so that the two calls to testssl.sh don't create HTML files with different values of TERM_WIDTH
|
||||||
$out = `TERM_WIDTH=120 $prg $check2run $uri`;
|
$out = `TERM_WIDTH=120 $prg $check2run $uri`;
|
||||||
$html = `cat tmp.html`;
|
$html = `cat tmp.html`;
|
||||||
|
@ -44,12 +44,11 @@ $edited_html =~ s/>/>/g;
|
||||||
$edited_html =~ s/"/"/g;
|
$edited_html =~ s/"/"/g;
|
||||||
$edited_html =~ s/'/'/g;
|
$edited_html =~ s/'/'/g;
|
||||||
|
|
||||||
printf "\n%s\n", " .. comparing HTML and terminal outputs";
|
|
||||||
cmp_ok($edited_html, "eq", $out, "HTML file matches terminal output");
|
cmp_ok($edited_html, "eq", $out, "HTML file matches terminal output");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
#2
|
#2
|
||||||
printf "\n%s\n", " .. running $prg against $uri with --debug 4 to create HTML output (may take another 2~3 minutes)";
|
printf "\n%s\n", " .. running again $prg against \"$uri\", now with --debug 4 to create HTML output (may take another ~2 minutes)";
|
||||||
# Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages
|
# Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages
|
||||||
$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2> /dev/null`;
|
$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2> /dev/null`;
|
||||||
$debughtml = `cat tmp.html`;
|
$debughtml = `cat tmp.html`;
|
||||||
|
@ -68,8 +67,8 @@ $debughtml =~ s/HTTP clock skew \+?-?[0-9]* /HTTP clock skew
|
||||||
|
|
||||||
$debughtml =~ s/ Pre-test: .*\n//g;
|
$debughtml =~ s/ Pre-test: .*\n//g;
|
||||||
$debughtml =~ s/.*OK: below 825 days.*\n//g;
|
$debughtml =~ s/.*OK: below 825 days.*\n//g;
|
||||||
|
$debughtml =~ s/.*DEBUG:.*\n//g;
|
||||||
|
|
||||||
printf "\n%s\n", " .. checking that using the --debug option doesn't affect the HTML file";
|
|
||||||
cmp_ok($debughtml, "eq", $html, "HTML file created with --debug 4 matches HTML file created without --debug");
|
cmp_ok($debughtml, "eq", $html, "HTML file created with --debug 4 matches HTML file created without --debug");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
|
|
172
testssl.sh
172
testssl.sh
|
@ -8789,7 +8789,7 @@ certificate_info() {
|
||||||
else
|
else
|
||||||
# All is fine with valididy period
|
# All is fine with valididy period
|
||||||
# We ignore for now certificates < 2018/03/01. On the screen we only show debug info
|
# We ignore for now certificates < 2018/03/01. On the screen we only show debug info
|
||||||
[[ "$DEBUG" -ge 1 ]] && outln "${spaces}DEBUG: all is fine with certificate life time"
|
[[ "$DEBUG" -ge 1 ]] && outln "${spaces}DEBUG: all is fine with total certificate life time"
|
||||||
fileout "cert_validityPeriod${json_postfix}" "INFO" "No finding"
|
fileout "cert_validityPeriod${json_postfix}" "INFO" "No finding"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -12480,7 +12480,7 @@ parse_tls_serverhello() {
|
||||||
|
|
||||||
# If the ClientHello included a supported_versions extension, then check that the
|
# If the ClientHello included a supported_versions extension, then check that the
|
||||||
# $DETECTED_TLS_VERSION appeared in the list offered in the ClientHello.
|
# $DETECTED_TLS_VERSION appeared in the list offered in the ClientHello.
|
||||||
if [[ "${TLS_CLIENT_HELLO:0:2}" == "01" ]]; then
|
if [[ "${TLS_CLIENT_HELLO:0:2}" == 01 ]]; then
|
||||||
# get position of cipher lists (just after session id)
|
# get position of cipher lists (just after session id)
|
||||||
offset=78+2*$(hex2dec "${TLS_CLIENT_HELLO:76:2}")
|
offset=78+2*$(hex2dec "${TLS_CLIENT_HELLO:76:2}")
|
||||||
# get position of compression methods
|
# get position of compression methods
|
||||||
|
@ -12496,7 +12496,7 @@ parse_tls_serverhello() {
|
||||||
offset+=6
|
offset+=6
|
||||||
tls_protocol2="$(tolower "$tls_protocol2")"
|
tls_protocol2="$(tolower "$tls_protocol2")"
|
||||||
for (( j=0; j < extension_len-2; j=j+4 )); do
|
for (( j=0; j < extension_len-2; j=j+4 )); do
|
||||||
[[ "${TLS_CLIENT_HELLO:offset:4}" == "$tls_protocol2" ]] && break
|
[[ "${TLS_CLIENT_HELLO:offset:4}" == $tls_protocol2 ]] && break
|
||||||
offset+=4
|
offset+=4
|
||||||
done
|
done
|
||||||
if [[ $j -eq $extension_len-2 ]]; then
|
if [[ $j -eq $extension_len-2 ]]; then
|
||||||
|
@ -14333,27 +14333,36 @@ run_renego() {
|
||||||
|
|
||||||
pr_bold " Secure Renegotiation (RFC 5746) "
|
pr_bold " Secure Renegotiation (RFC 5746) "
|
||||||
jsonID="secure_renego"
|
jsonID="secure_renego"
|
||||||
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
|
|
||||||
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
if "$TLS13_ONLY"; then
|
||||||
if sclient_connect_successful $? $TMPFILE; then
|
# https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
|
||||||
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
|
[[ $DEBUG -ge 1 ]] && out ", no renegotiation support in TLS 1.3 only servers"
|
||||||
# grep -iaq "Secure Renegotiation IS supported"
|
outln
|
||||||
#FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported"
|
fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe"
|
||||||
case $sec_renego in
|
|
||||||
0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)"
|
|
||||||
fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint"
|
|
||||||
;;
|
|
||||||
1) prln_svrty_best "supported (OK)"
|
|
||||||
fileout "$jsonID" "OK" "supported" "$cve" "$cwe"
|
|
||||||
;;
|
|
||||||
*) prln_warning "FIXME (bug): $sec_renego"
|
|
||||||
fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
else
|
else
|
||||||
prln_warning "OpenSSL handshake didn't succeed"
|
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
|
||||||
fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe"
|
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
|
if sclient_connect_successful $? $TMPFILE; then
|
||||||
|
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
|
||||||
|
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
|
||||||
|
# grep -iaq "Secure Renegotiation IS supported"
|
||||||
|
#FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported"
|
||||||
|
case $sec_renego in
|
||||||
|
0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)"
|
||||||
|
fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint"
|
||||||
|
;;
|
||||||
|
1) prln_svrty_best "supported (OK)"
|
||||||
|
fileout "$jsonID" "OK" "supported" "$cve" "$cwe"
|
||||||
|
;;
|
||||||
|
*) prln_warning "FIXME (bug): $sec_renego"
|
||||||
|
fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
prln_warning "OpenSSL handshake didn't succeed"
|
||||||
|
fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# FIXME: Basically this can be done with sockets and we might have that information already
|
# FIXME: Basically this can be done with sockets and we might have that information already
|
||||||
|
@ -14368,7 +14377,8 @@ run_renego() {
|
||||||
cve="CVE-2011-1473"
|
cve="CVE-2011-1473"
|
||||||
# see: https://blog.qualys.com/ssllabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
|
# see: https://blog.qualys.com/ssllabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
|
||||||
# http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- head/get doesn't seem to be needed though
|
# http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- head/get doesn't seem to be needed though
|
||||||
# https://archive.fo/20130415224936/http://www.thc.org/thc-ssl-dos/, https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation
|
# https://archive.fo/20130415224936/http://www.thc.org/thc-ssl-dos/
|
||||||
|
# https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation
|
||||||
case "$OSSL_VER" in
|
case "$OSSL_VER" in
|
||||||
0.9.8*) # we need this for Mac OSX unfortunately
|
0.9.8*) # we need this for Mac OSX unfortunately
|
||||||
case "$OSSL_VER_APPENDIX" in
|
case "$OSSL_VER_APPENDIX" in
|
||||||
|
@ -14389,7 +14399,12 @@ run_renego() {
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
if "$CLIENT_AUTH"; then
|
if "$TLS13_ONLY"; then
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", no renegotiation support in TLS 1.3 only servers"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe"
|
||||||
|
elif "$CLIENT_AUTH"; then
|
||||||
prln_warning "client x509-based authentication prevents this from being tested"
|
prln_warning "client x509-based authentication prevents this from being tested"
|
||||||
fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested"
|
fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested"
|
||||||
sec_client_renego=1
|
sec_client_renego=1
|
||||||
|
@ -14404,7 +14419,7 @@ run_renego() {
|
||||||
sec_client_renego=1
|
sec_client_renego=1
|
||||||
else
|
else
|
||||||
# second try in the foreground as we are sure now it won't hang
|
# second try in the foreground as we are sure now it won't hang
|
||||||
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||||
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
||||||
case "$sec_client_renego" in
|
case "$sec_client_renego" in
|
||||||
0) # We try again if server is HTTP. This could be either a node.js server or something else.
|
0) # We try again if server is HTTP. This could be either a node.js server or something else.
|
||||||
|
@ -14415,7 +14430,7 @@ run_renego() {
|
||||||
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
||||||
else
|
else
|
||||||
(for i in {1..4}; do echo R; sleep 1; done) | \
|
(for i in {1..4}; do echo R; sleep 1; done) | \
|
||||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||||
case $? in
|
case $? in
|
||||||
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
||||||
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
||||||
|
@ -14461,15 +14476,23 @@ run_crime() {
|
||||||
local cwe="CWE-310"
|
local cwe="CWE-310"
|
||||||
local hint=""
|
local hint=""
|
||||||
|
|
||||||
# in a nutshell: don't offer TLS/SPDY compression on the server side
|
# In a nutshell: don't offer TLS/SPDY compression. This tests for CRIME Vulnerability on HTTPS only,
|
||||||
# This tests for CRIME Vulnerability (www.ekoparty.org/2012/juliano-rizzo.php) on HTTPS, not SPDY (yet)
|
# not SPDY or ALPN (yet). Please note that it is an attack where you need client side control, so in
|
||||||
# Please note that it is an attack where you need client side control, so in regular situations this
|
# regular situations this # means anyway "game over", with or without CRIME.
|
||||||
# means anyway "game over", w/wo CRIME
|
#
|
||||||
# www.h-online.com/security/news/item/Vulnerability-in-SSL-encryption-is-barely-exploitable-1708604.html
|
# https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls
|
||||||
|
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln
|
||||||
pr_bold " CRIME, TLS " ; out "($cve) "
|
pr_bold " CRIME, TLS " ; out "($cve) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY"; then
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", no compression in TLS 1.3 only servers"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
if ! "$HAS_ZLIB"; then
|
if ! "$HAS_ZLIB"; then
|
||||||
if "$SSL_NATIVE"; then
|
if "$SSL_NATIVE"; then
|
||||||
prln_local_problem "$OPENSSL lacks zlib support"
|
prln_local_problem "$OPENSSL lacks zlib support"
|
||||||
|
@ -14488,20 +14511,21 @@ run_crime() {
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $sclient_success -ne 0 ]]; then
|
if [[ $sclient_success -ne 0 ]]; then
|
||||||
pr_warning "test failed (couldn't connect)"
|
pr_warning "test failed (couldn't connect)"
|
||||||
fileout "CRIME_TLS" "WARN" "Check failed, couldn't connect" "$cve" "$cwe"
|
fileout "CRIME_TLS" "WARN" "Check failed, couldn't connect" "$cve" "$cwe"
|
||||||
ret=1
|
ret=1
|
||||||
elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then
|
elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then
|
||||||
pr_svrty_good "not vulnerable (OK)"
|
pr_svrty_good "not vulnerable (OK)"
|
||||||
if [[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH"; then
|
if [[ $SERVICE != HTTP ]] && ! "$CLIENT_AUTH"; then
|
||||||
out " (not using HTTP anyway)"
|
out " (not using HTTP anyway)"
|
||||||
fileout "CRIME_TLS" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe"
|
fileout "CRIME_TLS" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe"
|
||||||
else
|
else
|
||||||
fileout "CRIME_TLS" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "CRIME_TLS" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ $SERVICE == "HTTP" ]] || "$CLIENT_AUTH"; then
|
if [[ $SERVICE == HTTP ]] || "$CLIENT_AUTH"; then
|
||||||
pr_svrty_high "VULNERABLE (NOT ok)"
|
pr_svrty_high "VULNERABLE (NOT ok)"
|
||||||
fileout "CRIME_TLS" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint"
|
fileout "CRIME_TLS" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint"
|
||||||
else
|
else
|
||||||
|
@ -14646,13 +14670,21 @@ run_sweet32() {
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SWEET32 (Birthday Attacks on 64-bit Block Ciphers) " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SWEET32 (Birthday Attacks on 64-bit Block Ciphers) " && outln
|
||||||
pr_bold " SWEET32"; out " (${cve// /, }) "
|
pr_bold " SWEET32"; out " (${cve// /, }) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY"; then
|
||||||
|
# Unfortunately there's no restriction using TLS 1.2 with $sweet32_ciphers
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", TLS 1.3 doesn't offer such ciphers"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
# The openssl binary distributed has almost everything we need (PSK, KRB5 ciphers and feff, ffe0 are typically missing).
|
# The openssl binary distributed has almost everything we need (PSK, KRB5 ciphers and feff, ffe0 are typically missing).
|
||||||
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here
|
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here.
|
||||||
if "$using_sockets"; then
|
if "$using_sockets"; then
|
||||||
for proto in 03 02 01 00; do
|
for proto in 03 02 01 00; do
|
||||||
"$FAST" && [[ "$proto" != 03 ]] && break
|
[[ $(has_server_protocol "$proto") -eq 1 ]] && continue
|
||||||
! "$FAST" && [[ $(has_server_protocol "$proto") -eq 1 ]] && continue
|
|
||||||
tls_sockets "$proto" "${sweet32_ciphers_hex}, 00,ff"
|
tls_sockets "$proto" "${sweet32_ciphers_hex}, 00,ff"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
||||||
|
@ -14766,6 +14798,14 @@ run_ssl_poodle() {
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln
|
||||||
pr_bold " POODLE, SSL"; out " ($cve) "
|
pr_bold " POODLE, SSL"; out " ($cve) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -ne 0 ]]; then
|
||||||
|
# one condition should normally suffice but we don't know when run_poddle() was called
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
outln ", no SSLv3 support"
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, no SSLv3" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
# The openssl binary distributed has almost everything we need (PSK and KRB5 ciphers are typically missing).
|
# The openssl binary distributed has almost everything we need (PSK and KRB5 ciphers are typically missing).
|
||||||
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here
|
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here
|
||||||
|
@ -14878,10 +14918,9 @@ run_tls_fallback_scsv() {
|
||||||
return 0
|
return 0
|
||||||
;;
|
;;
|
||||||
*) if [[ $(has_server_protocol tls1_3) -eq 0 ]]; then
|
*) if [[ $(has_server_protocol tls1_3) -eq 0 ]]; then
|
||||||
# If the server supports TLS 1.3, and does not support TLS 1.2, TLS 1.1,
|
# If the server supports TLS 1.3, and does not support TLS 1.2, TLS 1.1, or TLS 1,
|
||||||
# or TLS 1, then assume it does not support SSLv3, even if SSLv3 cannot
|
# then assume it does not support SSLv3, even if SSLv3 cannot be tested.
|
||||||
# be tested.
|
pr_svrty_good "No fallback possible (OK)"; outln ", TLS 1.3 is the only protocol"
|
||||||
prln_svrty_good "No fallback possible, TLS 1.3 is the only protocol (OK)"
|
|
||||||
fileout "$jsonID" "OK" "only TLS 1.3 supported"
|
fileout "$jsonID" "OK" "only TLS 1.3 supported"
|
||||||
elif [[ $(has_server_protocol tls1_3) -eq 1 ]] && \
|
elif [[ $(has_server_protocol tls1_3) -eq 1 ]] && \
|
||||||
( [[ $(has_server_protocol ssl3) -eq 1 ]] || "$HAS_SSL3" ); then
|
( [[ $(has_server_protocol ssl3) -eq 1 ]] || "$HAS_SSL3" ); then
|
||||||
|
@ -14894,8 +14933,8 @@ run_tls_fallback_scsv() {
|
||||||
# If the server does not support TLS 1.3, TLS 1.2, TLS 1.1, or TLS 1, and
|
# If the server does not support TLS 1.3, TLS 1.2, TLS 1.1, or TLS 1, and
|
||||||
# support for SSLv3 cannot be tested, then treat it as HIGH severity, since
|
# support for SSLv3 cannot be tested, then treat it as HIGH severity, since
|
||||||
# it is very likely that SSLv3 is the only supported protocol.
|
# it is very likely that SSLv3 is the only supported protocol.
|
||||||
prln_svrty_high "No fallback possible, TLS 1.3, TLS 1.2, TLS 1.1, and TLS 1 not supported"
|
pr_svrty_high "NOT ok, no fallback possible"; outln ", TLS 1.3, 1.2, 1.1 and 1.0 not supported"
|
||||||
fileout "$jsonID" "HIGH" "TLS 1.3, TLS 1.2, TLS 1.1, and TLS 1 not supported"
|
fileout "$jsonID" "HIGH" "TLS 1.3, 1.2, 1.1, 1.0 not supported"
|
||||||
else
|
else
|
||||||
# TLS 1.2, TLS 1.1, and TLS 1 are not supported, but can't tell whether TLS 1.3 is supported.
|
# TLS 1.2, TLS 1.1, and TLS 1 are not supported, but can't tell whether TLS 1.3 is supported.
|
||||||
# This could be a TLS 1.3 only server, an SSLv3 only server (if SSLv3 support cannot be tested),
|
# This could be a TLS 1.3 only server, an SSLv3 only server (if SSLv3 support cannot be tested),
|
||||||
|
@ -14924,7 +14963,7 @@ run_tls_fallback_scsv() {
|
||||||
|
|
||||||
if ! "$HAS_SSL3" && \
|
if ! "$HAS_SSL3" && \
|
||||||
( [[ "$low_proto" == ssl3 ]] || \
|
( [[ "$low_proto" == ssl3 ]] || \
|
||||||
( [[ "$high_proto" == tls1 ]] && [[ $(has_server_protocol "ssl3") -eq 2 ]] ) ); then
|
( [[ "$high_proto" == tls1 ]] && [[ $(has_server_protocol ssl3) -eq 2 ]] ) ); then
|
||||||
# If the protocol that the server would fall back to is SSLv3, but $OPENSSL does
|
# If the protocol that the server would fall back to is SSLv3, but $OPENSSL does
|
||||||
# not support SSLv3, then the test cannot be performed. So, if $OPENSSL does not
|
# not support SSLv3, then the test cannot be performed. So, if $OPENSSL does not
|
||||||
# support SSLv3 and it is known that SSLv3 is the fallback protocol ($low_proto), then
|
# support SSLv3 and it is known that SSLv3 is the fallback protocol ($low_proto), then
|
||||||
|
@ -14941,7 +14980,7 @@ run_tls_fallback_scsv() {
|
||||||
if [[ -z "$low_proto" ]]; then
|
if [[ -z "$low_proto" ]]; then
|
||||||
case "$high_proto" in
|
case "$high_proto" in
|
||||||
"tls1_2")
|
"tls1_2")
|
||||||
prln_svrty_good "No fallback possible, no protocol below $high_proto_str offered (OK)"
|
pr_svrty_good "No fallback possible (OK)"; outln ", no protocol below $high_proto_str offered"
|
||||||
;;
|
;;
|
||||||
*) outln "No fallback possible, no protocol below $high_proto_str offered (OK)"
|
*) outln "No fallback possible, no protocol below $high_proto_str offered (OK)"
|
||||||
;;
|
;;
|
||||||
|
@ -15026,6 +15065,14 @@ run_freak() {
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for FREAK attack " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for FREAK attack " && outln
|
||||||
pr_bold " FREAK"; out " ($cve) "
|
pr_bold " FREAK"; out " ($cve) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY"; then
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", TLS 1.3 only server"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
if "$using_sockets"; then
|
if "$using_sockets"; then
|
||||||
nr_supported_ciphers=$(count_words "$exportrsa_tls_cipher_list_hex")+$(count_words "$exportrsa_ssl2_cipher_list_hex")
|
nr_supported_ciphers=$(count_words "$exportrsa_tls_cipher_list_hex")+$(count_words "$exportrsa_ssl2_cipher_list_hex")
|
||||||
|
@ -15473,7 +15520,6 @@ run_beast(){
|
||||||
local hint=""
|
local hint=""
|
||||||
local jsonID="BEAST"
|
local jsonID="BEAST"
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
|
||||||
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
|
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
|
||||||
outln
|
outln
|
||||||
pr_headlineln " Testing for BEAST vulnerability "
|
pr_headlineln " Testing for BEAST vulnerability "
|
||||||
|
@ -15481,8 +15527,16 @@ run_beast(){
|
||||||
fi
|
fi
|
||||||
pr_bold " BEAST"; out " ($cve) "
|
pr_bold " BEAST"; out " ($cve) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY" || ( [[ $(has_server_protocol ssl3) -eq 1 ]] && [[ $(has_server_protocol tls1) -eq 1 ]] ); then
|
||||||
|
pr_svrty_good "not vulnerable (OK)"
|
||||||
|
outln ", no SSL3 or TLS1"
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, no SSL3 or TLS1" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
# $cbc_ciphers_hex has 126 ciphers, we omitted SRP-AES-256-CBC-SHA bc the trailing 00,ff below will pose
|
# $cbc_ciphers_hex has 126 ciphers, we omitted SRP-AES-256-CBC-SHA bc the trailing 00,ff below will pose
|
||||||
# a problem for ACE loadbalancers otherwise. So in case we know this is not true, we'll re-add it
|
# a problem for ACE loadbalancers otherwise. So in case we know this is not true, we'll re-add it
|
||||||
! "$SERVER_SIZE_LIMIT_BUG" & "$using_sockets" && cbc_ciphers_hex="$cbc_ciphers_hex, C0,20"
|
! "$SERVER_SIZE_LIMIT_BUG" & "$using_sockets" && cbc_ciphers_hex="$cbc_ciphers_hex, C0,20"
|
||||||
|
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
||||||
|
@ -15564,12 +15618,14 @@ run_beast(){
|
||||||
if [[ $sclient_success -ne 0 ]]; then # protocol supported?
|
if [[ $sclient_success -ne 0 ]]; then # protocol supported?
|
||||||
if "$continued"; then # second round: we hit TLS1
|
if "$continued"; then # second round: we hit TLS1
|
||||||
if "$HAS_SSL3" || "$using_sockets"; then
|
if "$HAS_SSL3" || "$using_sockets"; then
|
||||||
prln_svrty_good "no SSL3 or TLS1 (OK)"
|
pr_svrty_good "not vulnerable (OK)" ; out ", no SSL3 or TLS1"
|
||||||
fileout "$jsonID" "OK" "not vulnerable, no SSL3 or TLS1" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable, no SSL3 or TLS1" "$cve" "$cwe"
|
||||||
else
|
else
|
||||||
prln_svrty_good "no TLS1 (OK)"
|
prln_svrty_good "no TLS1 (OK)"
|
||||||
fileout "$jsonID" "OK" "not vulnerable, no TLS1" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable, no TLS1" "$cve" "$cwe"
|
||||||
fi
|
fi
|
||||||
|
set +x
|
||||||
|
exit 0
|
||||||
return 0
|
return 0
|
||||||
else # protocol not succeeded but it's the first time
|
else # protocol not succeeded but it's the first time
|
||||||
continued=true
|
continued=true
|
||||||
|
@ -15597,7 +15653,7 @@ run_beast(){
|
||||||
sigalg[nr_ciphers]=""
|
sigalg[nr_ciphers]=""
|
||||||
done
|
done
|
||||||
while true; do
|
while true; do
|
||||||
[[ "$proto" == "ssl3" ]] && ! "$HAS_SSL3" && break
|
[[ "$proto" == ssl3 ]] && ! "$HAS_SSL3" && break
|
||||||
ciphers_to_test=""
|
ciphers_to_test=""
|
||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
! "${ciphers_found[i]}" && "${ossl_supported[i]}" && ciphers_to_test+=":${ciph[i]}"
|
! "${ciphers_found[i]}" && "${ossl_supported[i]}" && ciphers_to_test+=":${ciph[i]}"
|
||||||
|
@ -15695,7 +15751,7 @@ run_beast(){
|
||||||
detected_cbc_ciphers="" # empty for next round
|
detected_cbc_ciphers="" # empty for next round
|
||||||
first=false
|
first=false
|
||||||
else
|
else
|
||||||
[[ $proto == "tls1" ]] && ! $first && echo -n "$spaces "
|
[[ $proto == tls1 ]] && ! $first && echo -n "$spaces "
|
||||||
prln_svrty_good "no CBC ciphers for $(toupper $proto) (OK)"
|
prln_svrty_good "no CBC ciphers for $(toupper $proto) (OK)"
|
||||||
first=false
|
first=false
|
||||||
fi
|
fi
|
||||||
|
@ -15762,6 +15818,14 @@ run_lucky13() {
|
||||||
fi
|
fi
|
||||||
pr_bold " LUCKY13"; out " ($cve), experimental "
|
pr_bold " LUCKY13"; out " ($cve), experimental "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY"; then
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", no CBC ciphers in TLS 1.3 only servers"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
# The openssl binary distributed has almost everything we need (PSK, KRB5 ciphers and feff, ffe0 are typically missing).
|
# The openssl binary distributed has almost everything we need (PSK, KRB5 ciphers and feff, ffe0 are typically missing).
|
||||||
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here
|
# Measurements show that there's little impact whether we use sockets or TLS here, so the default is sockets here
|
||||||
|
@ -15841,6 +15905,14 @@ run_rc4() {
|
||||||
fi
|
fi
|
||||||
pr_bold " RC4"; out " (${cve// /, }) "
|
pr_bold " RC4"; out " (${cve// /, }) "
|
||||||
|
|
||||||
|
if "$TLS13_ONLY"; then
|
||||||
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
|
[[ $DEBUG -ge 1 ]] && out ", no RC4 support in TLS 1.3 only servers"
|
||||||
|
outln
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
# get a list of all the cipher suites to test
|
# get a list of all the cipher suites to test
|
||||||
if "$using_sockets" || [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
if "$using_sockets" || [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
||||||
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
||||||
|
|
Loading…
Reference in New Issue