Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2656 from dcooper16/ticketbleed

Browse Source 
Enhance ticketbleed testing
This commit is contained in:
Dirk Wetter
2025-02-15 13:31:15 +01:00
committed by GitHub
parent 4b4260831e aa5d4917cf
commit 4b57f4c9f9
1 changed files with 31 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
testssl.sh
View File

@@ -16907,25 +16907,11 @@ run_ccs_injection(){
return $ret return $ret
} }
sub_session_ticket_tls() {
local tls_proto="$1"
local sessticket_tls=""
#FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output
# from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need
# it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
#
sessticket_tls="$($OPENSSL s_client $(s_client_options "$BUGS $tls_proto $PROXY $SNI -connect $NODEIP:$PORT") </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')"
sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')"
sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_tls"
}
# see https://blog.filippo.io/finding-ticketbleed/ | https://filippo.io/ticketbleed/ # see https://blog.filippo.io/finding-ticketbleed/ | https://filippo.io/ticketbleed/
run_ticketbleed() { run_ticketbleed() {
local tls_hexcode tls_proto="" local tls_hexcode tls_proto=""
local session_tckt_tls="" local sessticket_tls="" session_tckt_tls=""
local -i len_ch=300 # fixed len of prepared clienthello below local -i len_ch=300 # fixed len of prepared clienthello below
local sid="x00,x0B,xAD,xC0,xDE,x00," # some arbitrary bytes local sid="x00,x0B,xAD,xC0,xDE,x00," # some arbitrary bytes
local len_sid="$(( ${#sid} / 4))" local len_sid="$(( ${#sid} / 4))"
@@ -16961,17 +16947,23 @@ run_ticketbleed() {
return 0 return 0
fi fi
if [[ 0 -eq $(has_server_protocol tls1) ]]; then if [[ 0 -eq $(has_server_protocol tls1_2) ]]; then
tls_hexcode="x03, x01"; tls_proto="-tls1" tls_hexcode="x03, x03"; tls_proto="-tls1_2"
elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then elif [[ 0 -eq $(has_server_protocol tls1_1) ]]; then
tls_hexcode="x03, x02"; tls_proto="-tls1_1" tls_hexcode="x03, x02"; tls_proto="-tls1_1"
elif [[ 0 -eq $(has_server_protocol tls1_2) ]]; then elif [[ 0 -eq $(has_server_protocol tls1) ]]; then
tls_hexcode="x03, x03"; tls_proto="-tls1_2" tls_hexcode="x03, x01"; tls_proto="-tls1"
elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then
tls_hexcode="x03, x00"; tls_proto="-ssl3" tls_hexcode="x03, x00"; tls_proto="-ssl3"
else # no protocol for some reason defined, determine TLS versions offered with a new handshake else # no protocol for some reason defined, determine TLS versions offered with a new handshake
"$HAS_TLS13" && tls_proto="-no_tls1_3" "$HAS_TLS13" && tls_proto="-no_tls1_3"
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS $tls_proto -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE </dev/null
sclient_connect_successful $? "$TMPFILE"
if [$? -ne 0 ]]; then
prln_warning "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT"
fileout "$jsonID" "WARN" "Cannot test for ticketbleed. Your OpenSSL cannot connect to $NODEIP:$PORT."
return 1
fi
case "$(get_protocol $TMPFILE)" in case "$(get_protocol $TMPFILE)" in
*1.2) tls_hexcode="x03, x03"; tls_proto="-tls1_2" ; add_proto_offered tls1_2 yes ;; *1.2) tls_hexcode="x03, x03"; tls_proto="-tls1_2" ; add_proto_offered tls1_2 yes ;;
*1.1) tls_hexcode="x03, x02"; tls_proto="-tls1_1" ; add_proto_offered tls1_1 yes ;; *1.1) tls_hexcode="x03, x02"; tls_proto="-tls1_1" ; add_proto_offered tls1_1 yes ;;
@@ -16979,9 +16971,28 @@ run_ticketbleed() {
SSLv3) tls_hexcode="x03, x00"; tls_proto="-ssl3" ; add_proto_offered ssl3 yes ;; SSLv3) tls_hexcode="x03, x00"; tls_proto="-ssl3" ; add_proto_offered ssl3 yes ;;
esac esac
fi fi
if ! sclient_supported "$tls_proto"; then
prln_local_problem "Cannot test for ticketbleed. $OPENSSL doesn't support \"s_client $tls_proto\"."
fileout "$jsonID" "WARN" "Cannot test for ticketbleed. $OPENSSL doesn't support \"s_client $tls_proto\"."
return 1
fi
debugme echo "using protocol $tls_hexcode" debugme echo "using protocol $tls_hexcode"
session_tckt_tls="$(sub_session_ticket_tls "$tls_proto")" #FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output
# from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need
# it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
#
$OPENSSL s_client $(s_client_options "$BUGS $tls_proto $PROXY $SNI -connect $NODEIP:$PORT") </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? "$TMPFILE"
if [[ $? -ne 0 ]]; then
prln_warning "$OPENSSL unable to connect to $NODEIP:$PORT when testing for ticketbleed."
fileout "$jsonID" "WARN" "$OPENSSL unable to connect to $NODEIP:$PORT when testing for ticketbleed."
return 1
fi
sessticket_tls="$(awk '/TLS session ticket:/,/^$/' "$TMPFILE" | awk '!/TLS session ticket/')"
sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')"
session_tckt_tls="$(sed -e 's/ /,x/g' -e 's/-/,x/g' <<< "$sessticket_tls")"
if [[ "$session_tckt_tls" == "," ]]; then if [[ "$session_tckt_tls" == "," ]]; then
pr_svrty_best "not vulnerable (OK)" pr_svrty_best "not vulnerable (OK)"
outln ", no session tickets" outln ", no session tickets"