Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ticketbleed and TLS 1.3

Browse Source 
run_ticketbleed() and sub_session_ticket_tls() each include one call to "$OPENSSL s_client". For each of these calls the expected response is a TLS 1.2 or earlier ServerHello. However, if $OPENSSL supports TLS 1.3, then a TLS 1.3 ClientHello will be sent.

This commit fixes this problem in two ways. For the call in run_ticketbleed(), "-no_tls1_3" is added to the command line if "$OPENSSL" supports TLS 1.3. For the call in sub_session_ticket_tls(), this commit changes the function so that the same ClientHello version is sent as will sent by run_ticketbleed() via sockets.
This commit is contained in:
David Cooper 2020-04-29 10:13:22 -04:00
parent 67780b1c3c
commit 3db9d74c21
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
testssl.sh
View File

@ -15134,13 +15134,14 @@ run_ccs_injection(){
} }
sub_session_ticket_tls() { sub_session_ticket_tls() {
local tls_proto="$1"
local sessticket_tls="" local sessticket_tls=""
#FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output #FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output
# from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME # from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need #ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need
# it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work! # it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
# #
sessticket_tls="$($OPENSSL s_client $(s_client_options "$BUGS $OPTIMAL_PROTO $PROXY -connect $NODEIP:$PORT") </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')" sessticket_tls="$($OPENSSL s_client $(s_client_options "$BUGS $tls_proto $PROXY -connect $NODEIP:$PORT") </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')"
sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')" sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')"
sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_tls" sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_tls"
@ -15149,6 +15150,7 @@ sub_session_ticket_tls() {
# see https://blog.filippo.io/finding-ticketbleed/ | https://filippo.io/ticketbleed/ # see https://blog.filippo.io/finding-ticketbleed/ | https://filippo.io/ticketbleed/
run_ticketbleed() { run_ticketbleed() {
local tls_hexcode tls_proto=""
local session_tckt_tls="" local session_tckt_tls=""
local -i len_ch=300 # fixed len of prepared clienthello below local -i len_ch=300 # fixed len of prepared clienthello below
local sid="x00,x0B,xAD,xC0,xDE,x00," # some abitratry bytes local sid="x00,x0B,xAD,xC0,xDE,x00," # some abitratry bytes
@ -15186,25 +15188,26 @@ run_ticketbleed() {
fi fi
if [[ 0 -eq $(has_server_protocol tls1) ]]; then if [[ 0 -eq $(has_server_protocol tls1) ]]; then
tls_hexcode="x03, x01" tls_hexcode="x03, x01"; tls_proto="-tls1"
elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then
tls_hexcode="x03, x02" tls_hexcode="x03, x02"; tls_proto="-tls1_1"
elif [[ 0 -eq $(has_server_protocol tls1_2) ]]; then elif [[ 0 -eq $(has_server_protocol tls1_2) ]]; then
tls_hexcode="x03, x03" tls_hexcode="x03, x03"; tls_proto="-tls1_2"
elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then
tls_hexcode="x03, x00" tls_hexcode="x03, x00"; tls_proto="-ssl3"
else # no protocol for some reason defined, determine TLS versions offered with a new handshake else # no protocol for some reason defined, determine TLS versions offered with a new handshake
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null "$HAS_TLS13" && tls_proto="-no_tls1_3"
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null
case "$(get_protocol $TMPFILE)" in case "$(get_protocol $TMPFILE)" in
*1.2) tls_hexcode="x03, x03" ; add_proto_offered tls1_2 yes ;; *1.2) tls_hexcode="x03, x03"; tls_proto="-tls1_2" ; add_proto_offered tls1_2 yes ;;
*1.1) tls_hexcode="x03, x02" ; add_proto_offered tls1_1 yes ;; *1.1) tls_hexcode="x03, x02"; tls_proto="-tls1_1" ; add_proto_offered tls1_1 yes ;;
TLSv1) tls_hexcode="x03, x01" ; add_proto_offered tls1 yes ;; TLSv1) tls_hexcode="x03, x01"; tls_proto="-tls1" ; add_proto_offered tls1 yes ;;
SSLv3) tls_hexcode="x03, x00" ; add_proto_offered ssl3 yes ;; SSLv3) tls_hexcode="x03, x00"; tls_proto="-ssl3" ; add_proto_offered ssl3 yes ;;
esac esac
fi fi
debugme echo "using protocol $tls_hexcode" debugme echo "using protocol $tls_hexcode"
session_tckt_tls="$(sub_session_ticket_tls)" session_tckt_tls="$(sub_session_ticket_tls "$tls_proto")"
if [[ "$session_tckt_tls" == "," ]]; then if [[ "$session_tckt_tls" == "," ]]; then
pr_svrty_best "not vulnerable (OK)" pr_svrty_best "not vulnerable (OK)"
outln ", no session tickets" outln ", no session tickets"