From 3c55eec654e0226a080ae284cfc609515029a29e Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 11 Oct 2016 11:01:04 -0400 Subject: [PATCH] Remove test of version tolerance PR #346 added a test for version tolerance to `run_protocols()`, but I think it may now be more appropriate to remove that test. Draft -16 of TLS 1.3, which was posted on September 22, changed the way that version negotiation is handled for TLS 1.3 and above. The current version tolerance test sends a ClientHello with the version field set to "03, 05", to represent a TLS 1.4 ClientHello. While this was consistent with RFC 5246 and with drafts of TLS 1.3 up to -15, draft -16 changed the version field to `legacy_version` and declared that its value should be "03, 03" for TLS 1.2 and above. (For TLS 1.3 and above a Supported Versions extension is included to inform the server which versions of TLS the client supports.) The change in draft -16 was made as a result of the problems with servers not handling version negotiation correctly. Since the current draft suggests that a server should never be presented with a ClientHello with a version higher than "03, 03" (even for clients that support TLS versions higher than 1.2), it seems there is no reason to include the version tolerance test anymore. For servers that do not support TLS 1.2, the additional checks that were added by PR #346 will already detect if the server cannot perform version negotiation correctly. --- testssl.sh | 66 ++++++------------------------------------------------ 1 file changed, 7 insertions(+), 59 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5d6fe4a..50278b8 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2964,7 +2964,6 @@ run_protocols() { local latest_supported="" # version.major and version.minor of highest version supported by the server. local detected_version_string latest_supported_string local lines nr_ciphers_detected - local extra_spaces=" " outln; pr_headline " Testing protocols " @@ -2986,7 +2985,7 @@ run_protocols() { fi outln - pr_bold " SSLv2 $extra_spaces"; + pr_bold " SSLv2 "; if ! "$SSL_NATIVE"; then sslv2_sockets case $? in @@ -3045,7 +3044,7 @@ run_protocols() { esac fi - pr_bold " SSLv3 $extra_spaces"; + pr_bold " SSLv3 "; if "$using_sockets"; then tls_sockets "00" "$TLS_CIPHER" else @@ -3084,7 +3083,7 @@ run_protocols() { ;; # no local support esac - pr_bold " TLS 1 $extra_spaces"; + pr_bold " TLS 1 "; if "$using_sockets"; then tls_sockets "01" "$TLS_CIPHER" else @@ -3133,7 +3132,7 @@ run_protocols() { ;; # no local support esac - pr_bold " TLS 1.1 $extra_spaces"; + pr_bold " TLS 1.1 "; if "$using_sockets"; then tls_sockets "02" "$TLS_CIPHER" else @@ -3185,7 +3184,7 @@ run_protocols() { ;; # no local support esac - pr_bold " TLS 1.2 $extra_spaces"; + pr_bold " TLS 1.2 "; if "$using_sockets" && "$EXPERIMENTAL"; then #TODO: IIS servers do have a problem here with our handshake tls_sockets "03" "$TLS12_CIPHER" else @@ -3239,55 +3238,6 @@ run_protocols() { fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support" ;; # no local support esac - - # Testing version negotiation. RFC 5246, Appendix E.1, states: - # - # If a TLS server receives a ClientHello containing a version number - # greater than the highest version supported by the server, it MUST - # reply according to the highest version supported by the server. - if [[ -n $latest_supported ]] && "$using_sockets"; then - pr_bold " Version tolerance " - tls_sockets "05" "$TLS12_CIPHER" - case $? in - 0) - pr_svrty_criticalln "server claims support for non-existent TLSv1.4" - fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)" - ;; - 1) - pr_svrty_criticalln "version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)" - fileout "TLS Version Negotiation" "NOT ok" "Version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)" - ;; - 2) - case $DETECTED_TLS_VERSION in - 0304) - pr_svrty_criticalln "server claims support for TLSv1.3, which is still a working draft (NOT ok)" - fileout "TLS Version Negotiation" "NOT ok" "Server claims support for TLSv1.3, which is still a working draft (NOT ok)" - ;; - 0303|0302|0301|0300) - if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then - detected_version_string="SSLv3" - else - detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))" - fi - if [[ 0x$DETECTED_TLS_VERSION -lt 0x$latest_supported ]]; then - pr_svrty_criticalln "server supports $latest_supported_string, but downgraded to $detected_version_string (NOT ok)" - fileout "TLS Version Negotiation" "NOT ok" "Downgraded to $detected_version_string rather than $latest_supported_string (NOT ok)" - else - pr_done_bestln "downgraded to $detected_version_string (OK)" - fileout "TLS Version Negotiation" "OK" "Downgraded to $detected_version_string" - fi - ;; - *) - pr_svrty_criticalln "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)" - fileout "TLS Version Negotiation" "NOT ok" "TLSv1.4: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)" - ;; - esac ;; - 5) - pr_svrty_criticalln "server claims support for non-existent TLSv1.4 (NOT ok)" - fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)" - ;; - esac - fi return 0 } @@ -5172,9 +5122,8 @@ http2_pre(){ run_spdy() { local tmpstr local -i ret=0 - local extra_spaces=" " - pr_bold " SPDY/NPN $extra_spaces" + pr_bold " SPDY/NPN " if ! spdy_pre ; then outln return 0 @@ -5211,9 +5160,8 @@ run_http2() { local -i ret=0 local had_alpn_proto=false local alpn_finding="" - local extra_spaces=" " - pr_bold " HTTP2/ALPN $extra_spaces" + pr_bold " HTTP2/ALPN " if ! http2_pre ; then outln return 0