Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #944 from dcooper16/run_renego_ossl111

Browse Source 
run_renego() and OpenSSL 1.1.1
This commit is contained in:
Dirk Wetter 2017-12-21 09:45:05 +01:00 committed by GitHub
commit 410c3d5f82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -11815,18 +11815,20 @@ run_ticketbleed() {
run_renego() { run_renego() {
# no SNI here. Not needed as there won't be two different SSL stacks for one IP # no SNI here. Not needed as there won't be two different SSL stacks for one IP
local legacycmd="" local legacycmd="" proto="$OPTIMAL_PROTO"
local insecure_renogo_str="Secure Renegotiation IS NOT" local insecure_renogo_str="Secure Renegotiation IS NOT"
local sec_renego sec_client_renego local sec_renego sec_client_renego
local cve="CVE-2009-3555" local cve="CVE-2009-3555"
local cwe="CWE-310" local cwe="CWE-310"
local hint="" local hint=""
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Renegotiation vulnerabilities " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Renegotiation vulnerabilities " && outln
pr_bold " Secure Renegotiation "; out "($cve) " # and RFC 5746, OSVDB 59968-59974 pr_bold " Secure Renegotiation "; out "($cve) " # and RFC 5746, OSVDB 59968-59974
# community.qualys.com/blogs/securitylabs/2009/11/05/ssl-and-tls-authentication-gap-vulnerability-discovered # community.qualys.com/blogs/securitylabs/2009/11/05/ssl-and-tls-authentication-gap-vulnerability-discovered
$OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
if sclient_connect_successful $? $TMPFILE; then if sclient_connect_successful $? $TMPFILE; then
grep -iaq "$insecure_renogo_str" $TMPFILE grep -iaq "$insecure_renogo_str" $TMPFILE
sec_renego=$? # 0= Secure Renegotiation IS NOT supported sec_renego=$? # 0= Secure Renegotiation IS NOT supported
@ -11865,7 +11867,7 @@ run_renego() {
1.0.1*|1.0.2*) 1.0.1*|1.0.2*)
legacycmd="-legacy_renegotiation" legacycmd="-legacy_renegotiation"
;; ;;
0.9.9*|1.0*) 0.9.9*|1.0*|1.1*)
;; # all ok ;; # all ok
esac esac
@ -11876,7 +11878,7 @@ run_renego() {
else else
# We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
# msg enables us to look deeper into it while debugging # msg enables us to look deeper into it while debugging
echo R | $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS $legacycmd $STARTTLS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE & echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE &
wait_kill $! $HEADER_MAXSLEEP wait_kill $! $HEADER_MAXSLEEP
if [[ $? -eq 3 ]]; then if [[ $? -eq 3 ]]; then
pr_done_good "likely not vulnerable (OK)"; outln ", timed out" # it hung pr_done_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
@ -11884,7 +11886,7 @@ run_renego() {
sec_client_renego=1 sec_client_renego=1
else else
# second try in the foreground as we are sure now it won't hang # second try in the foreground as we are sure now it won't hang
echo R | $OPENSSL s_client $(s_client_options "$legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln! sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
case "$sec_client_renego" in case "$sec_client_renego" in
0) if [[ $SERVICE == "HTTP" ]]; then 0) if [[ $SERVICE == "HTTP" ]]; then