Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

- better detection for ssl poodle

Browse Source 
- change of shorticut from zero to letter o
This commit is contained in:
Dirk 2015-02-27 21:21:39 +01:00
parent 87f821e390
commit 29214c7a1f
1 changed files with 40 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
testssl.sh
View File

@ -367,24 +367,6 @@ runs_HTTP() {
return $ret return $ret
} }
# Padding Oracle On Downgraded Legacy Encryption
poodle() {
pr_bold " POODLE "; out "(CVE-2014-3566), experimental "
# w/o downgrade check as of now https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 | TLS_FALLBACK_SCSV
$OPENSSL s_client -ssl3 $STARTTLS -connect $NODEIP:$PORT $SNI 2>$TMPFILE >/dev/null </dev/null
ret=$?
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
if [ $ret -eq 0 ]; then
pr_litered "VULNERABLE (NOT ok)"; out ", uses SSLv3 (no TLS_FALLBACK_SCSV mitigation tested)"
else
pr_green "not vulnerable (OK)"
fi
outln
tmpfile_handle $FUNCNAME.txt
return $ret
}
#problems not handled: chunked #problems not handled: chunked
http_header() { http_header() {
[ -z "$1" ] && url="/" || url="$1" [ -z "$1" ] && url="/" || url="$1"
@ -907,7 +889,6 @@ runprotocols() {
7) ;; # no local support 7) ;; # no local support
esac esac
testprotohelper "-tls1" " TLSv1 " testprotohelper "-tls1" " TLSv1 "
case $? in case $? in
0) ok 2 0 ;; # no GCM, thus only normal print 0) ok 2 0 ;; # no GCM, thus only normal print
@ -2176,7 +2157,40 @@ crime() {
return $ret return $ret
} }
# for appliance which use padding, no fallack needed
tls_poodle() {
pr_bold " POODLE, SSL"; out " CVE-2014-8730), experimental "
#FIXME
echo "#FIXME"
return 7
}
# Padding Oracle On Downgraded Legacy Encryption, in a nutshell: don't use CBC Ciphers in SSLv3
ssl_poodle() {
local ret
local cbc_ciphers
pr_bold " POODLE, SSL"; out " (CVE-2014-3566), experimental "
cbc_ciphers=`$OPENSSL ciphers -v 'ALL:eNULL' | grep CBC | awk '{ print $1 }' | tr '\n' ':'`
debugme echo $cbc_ciphers
$OPENSSL s_client -ssl3 $STARTTLS -cipher $cbc_ciphers -connect $NODEIP:$PORT $SNI &>$TMPFILE </dev/null
ret=$?
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
if [ $ret -eq 0 ]; then
pr_litered "VULNERABLE (NOT ok)"; out ", uses SSLv3+CBC (no TLS_FALLBACK_SCSV mitigation tested)"
else
pr_green "not vulnerable (OK)"
fi
outln
tmpfile_handle $FUNCNAME.txt
return $ret
}
#in a nutshell: don't use CBC Ciphers in SSLv3 TLSv1.0
# Browser Exploit Against SSL/TLS # Browser Exploit Against SSL/TLS
beast(){ beast(){
shopt -s lastpipe # otherwise it's more tricky to access variables in a while loop shopt -s lastpipe # otherwise it's more tricky to access variables in a while loop
@ -2186,7 +2200,6 @@ beast(){
local higher_proto_supported="" local higher_proto_supported=""
local -i ret=0 local -i ret=0
local spaces=" " local spaces=" "
#in a nutshell: don't use CBC Ciphers in SSLv3 TLSv1.0
pr_bold " BEAST"; out " (CVE-2011-3389) " pr_bold " BEAST"; out " (CVE-2011-3389) "
@ -2327,7 +2340,7 @@ starttls() {
# ccs_injection ; ret=`expr $? + $ret` # ccs_injection ; ret=`expr $? + $ret`
renego ; ret=`expr $? + $ret` renego ; ret=`expr $? + $ret`
crime ; ret=`expr $? + $ret` crime ; ret=`expr $? + $ret`
poodle ; ret=`expr $? + $ret` ssl_poodle ; ret=`expr $? + $ret`
beast ; ret=`expr $? + $ret` beast ; ret=`expr $? + $ret`
rc4 ; ret=`expr $? + $ret` rc4 ; ret=`expr $? + $ret`
@ -2374,7 +2387,7 @@ $PRG <options> URI
<-R|--renegotiation> tests only for renegotiation vulnerability <-R|--renegotiation> tests only for renegotiation vulnerability
<-C|--compression|--crime> tests only for CRIME vulnerability <-C|--compression|--crime> tests only for CRIME vulnerability
<-T|--breach> tests only for BREACH vulnerability <-T|--breach> tests only for BREACH vulnerability
<-0|--poodle> tests only for POODLE vulnerability <-O|--poodle> tests only for POODLE vulnerability
<-A|--beast> tests only for BEAST vulnerability <-A|--beast> tests only for BEAST vulnerability
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings <-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered? <-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
@ -2794,11 +2807,11 @@ case "$1" in
fi fi
ret=`expr $? + $ret` ret=`expr $? + $ret`
exit $ret ;; exit $ret ;;
-0|--poodle) -O|--ssl_poodle|poodle)
maketempf maketempf
parse_hn_port "$2" parse_hn_port "$2"
outln; pr_blue "--> Testing for POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability"; outln "\n" outln; pr_blue "--> Testing for POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, SSLv3"; outln "\n"
poodle ssl_poodle
exit $? ;; exit $? ;;
-4|--rc4|--appelbaum) -4|--rc4|--appelbaum)
maketempf maketempf
@ -2863,7 +2876,7 @@ case "$1" in
renego ; ret=`expr $? + $ret` renego ; ret=`expr $? + $ret`
crime ; ret=`expr $? + $ret` crime ; ret=`expr $? + $ret`
[[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=`expr $? + $ret` [[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=`expr $? + $ret`
poodle ; ret=`expr $? + $ret` ssl_poodle ; ret=`expr $? + $ret`
beast ; ret=`expr $? + $ret` beast ; ret=`expr $? + $ret`
rc4 ; ret=`expr $? + $ret` rc4 ; ret=`expr $? + $ret`
@ -2871,6 +2884,6 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.195 2015/02/23 09:40:09 dirkw Exp $ # $Id: testssl.sh,v 1.196 2015/02/27 20:21:37 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5