Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.9dev' into new_json_for_serverdefaults

Browse Source
This commit is contained in:
Dirk Wetter 2018-01-25 15:49:44 +01:00 committed by GitHub
commit 513d21244f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
testssl.sh
View File

@ -1744,16 +1744,16 @@ run_hsts() {
fi fi
if [[ $hsts_age_days -eq -1 ]]; then if [[ $hsts_age_days -eq -1 ]]; then
pr_svrty_medium "HSTS max-age is required but missing. Setting 15552000 s (180 days) or more is recommended" pr_svrty_medium "HSTS max-age is required but missing. Setting 15552000 s (180 days) or more is recommended"
fileout "HSTS_time" "MEDIUM" "HSTS max-age missing. 15552000 s (180 days) or more recommnded" fileout "HSTS_time" "MEDIUM" "parameter max-age missing. Recommended > 15552000 seconds = 180 days"
elif [[ $hsts_age_sec -eq 0 ]]; then elif [[ $hsts_age_sec -eq 0 ]]; then
pr_svrty_medium "HSTS max-age is set to 0. HSTS is disabled" pr_svrty_medium "HSTS max-age is set to 0. HSTS is disabled"
fileout "HSTS_time" "MEDIUM" "HSTS max-age set to 0. HSTS is disabled" fileout "HSTS_time" "MEDIUM" "0. HSTS is disabled"
elif [[ $hsts_age_sec -gt $HSTS_MIN ]]; then elif [[ $hsts_age_sec -gt $HSTS_MIN ]]; then
pr_done_good "$hsts_age_days days" ; out "=$hsts_age_sec s" pr_done_good "$hsts_age_days days" ; out "=$hsts_age_sec s"
fileout "HSTS_time" "OK" "HSTS timeout $hsts_age_days days (=$hsts_age_sec seconds) > $HSTS_MIN days" fileout "HSTS_time" "OK" "$hsts_age_days days (=$hsts_age_sec seconds) > $HSTS_MIN seconds"
else else
pr_svrty_medium "$hsts_age_sec s = $hsts_age_days days is too short ( >=$HSTS_MIN s recommended)" pr_svrty_medium "$hsts_age_sec s = $hsts_age_days days is too short ( >=$HSTS_MIN seconds recommended)"
fileou t "HSTS_time" "MEDIUM" "HSTS timeout too short. $hsts_age_days days (=$hsts_age_sec seconds) < $HSTS_MIN days" fileout "HSTS_time" "MEDIUM" "max-age too short. $hsts_age_days days (=$hsts_age_sec seconds) < $HSTS_MIN seconds"
fi fi
if includeSubDomains "$TMPFILE"; then if includeSubDomains "$TMPFILE"; then
fileout "HSTS_subdomains" "OK" "includes subdomains" fileout "HSTS_subdomains" "OK" "includes subdomains"
@ -12391,6 +12391,7 @@ run_tls_poodle() {
#FIXME: fileout needs to be patched according to new scheme. Postponed as otherwise merge fails #FIXME: fileout needs to be patched according to new scheme. Postponed as otherwise merge fails
run_tls_fallback_scsv() { run_tls_fallback_scsv() {
local -i ret=0 local -i ret=0
local p high_proto="" high_proto_str low_proto="" protos_to_try
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for TLS_FALLBACK_SCSV Protection " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for TLS_FALLBACK_SCSV Protection " && outln
pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507) " pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507) "
@ -12402,66 +12403,118 @@ run_tls_fallback_scsv() {
prln_local_problem "$OPENSSL lacks TLS_FALLBACK_SCSV support" prln_local_problem "$OPENSSL lacks TLS_FALLBACK_SCSV support"
return 4 return 4
fi fi
#TODO: this need some tuning: a) if one protocol is supported only it has practcally no value (theoretical it's interesting though)
# b) for IIS6 + openssl 1.0.2 this won't work
# c) best to make sure that we hit a specific protocol, see https://alpacapowered.wordpress.com/2014/10/20/ssl-poodle-attack-what-is-this-scsv-thingy/
# d) minor: we should do "-state" here
# first: make sure SSLv3 or some TLS protocol is supported # First determine the highest protocol that the server supports (not including TLSv1.3).
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
prln_svrty_critical "No fallback possible, SSLv2 is the only protocol" prln_svrty_critical "No fallback possible, SSLv2 is the only protocol"
return 7 return 7
fi fi
# second: make sure we have tls1_2: for p in tls1_2 tls1_1 tls1 ssl3; do
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI -no_tls1_2") >$TMPFILE 2>$ERRFILE </dev/null [[ $(has_server_protocol "$p") -eq 1 ]] && continue
if ! sclient_connect_successful $? $TMPFILE; then if [[ $(has_server_protocol "$p") -eq 0 ]]; then
pr_done_good "No fallback possible, TLS 1.2 is the only protocol (OK)" high_proto="$p"
ret=7 break
else
# ...and do the test (we need to parse the error here!)
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI -no_tls1_2 -fallback_scsv") &>$TMPFILE </dev/null
if grep -q "CONNECTED(00" "$TMPFILE"; then
if grep -qa "BEGIN CERTIFICATE" "$TMPFILE"; then
if [[ -z "$POODLE" ]]; then
pr_warning "Rerun including POODLE SSL check. "
pr_svrty_medium "Downgrade attack prevention NOT supported"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported. Pls rerun wity POODLE SSL check"
ret=1
elif [[ "$POODLE" -eq 0 ]]; then
pr_svrty_high "Downgrade attack prevention NOT supported and vulnerable to POODLE SSL"
fileout "fallback_scsv" "HIGH" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported and vulnerable to POODLE SSL"
ret=0
else
pr_svrty_medium "Downgrade attack prevention NOT supported"
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported"
ret=1
fi
elif grep -qa "alert inappropriate fallback" "$TMPFILE"; then
pr_done_good "Downgrade attack prevention supported (OK)"
fileout "fallback_scsv" "OK" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Downgrade attack prevention supported"
ret=0
elif grep -qa "alert handshake failure" "$TMPFILE"; then
pr_done_good "Probably OK. "
fileout "fallback_scsv" "OK" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Probably oK"
# see RFC 7507, https://github.com/drwetter/testssl.sh/issues/121
# other case reported by Nicolas was F5 and at costumer of mine: the same
pr_svrty_medium "But received non-RFC-compliant \"handshake failure\" instead of \"inappropriate fallback\""
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : But received non-RFC-compliant \"handshake failure\" instead of \"inappropriate fallback\""
ret=2
elif grep -qa "ssl handshake failure" "$TMPFILE"; then
pr_svrty_medium "some unexpected \"handshake failure\" instead of \"inappropriate fallback\""
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : some unexpected \"handshake failure\" instead of \"inappropriate fallback\" (likely: warning)"
ret=3
else
pr_warning "Check failed, unexpected result "
out ", run $PROG_NAME -Z --debug=1 and look at $TEMPDIR/*tls_fallback_scsv.txt"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Check failed, unexpected result, run $PROG_NAME -Z --debug=1 and look at $TEMPDIR/*tls_fallback_scsv.txt"
fi
else
pr_warning "test failed (couldn't connect)"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Check failed. (couldn't connect)"
ret=7
fi fi
$OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then
high_proto="$p"
break
fi
done
case "$high_proto" in
"tls1_2")
high_proto_str="TLS 1.2"
protos_to_try="tls1_1 tls1 ssl3" ;;
"tls1_1")
high_proto_str="TLS 1.1"
protos_to_try="tls1 ssl3" ;;
"tls1")
high_proto_str="TLS 1"
protos_to_try="ssl3" ;;
"ssl3")
prln_svrty_high "No fallback possible, SSLv3 is the only protocol"
return 7
;;
*) pr_done_good "No fallback possible, TLS 1.3 is the only protocol (OK)"
return 7
esac
# Next find a second protocol that the server supports.
for p in $protos_to_try; do
[[ $(has_server_protocol "$p") -eq 1 ]] && continue
if [[ $(has_server_protocol "$p") -eq 0 ]]; then
low_proto="$p"
break
fi
$OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then
low_proto="$p"
break
fi
done
if [[ -z "$low_proto" ]]; then
case "$high_proto" in
"tls1_2")
pr_done_good "No fallback possible, no protocol below $high_proto_str offered (OK)" ;;
*) out "No fallback possible, no protocol below $high_proto_str offered (OK)" ;;
esac
return 7
fi
case "$low_proto" in
"tls1_1")
p="-no_tls1_2" ;;
"tls1")
p="-no_tls1_2 -no_tls1_1" ;;
"ssl3")
p="-no_tls1_2 -no_tls1_1 -no_tls1" ;;
esac
"$HAS_TLS13" && p+=" -no_tls1_3"
debugme echo "Simulating fallback from $high_proto to $low_proto"
# ...and do the test (we need to parse the error here!)
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $p -fallback_scsv") &>$TMPFILE </dev/null
if grep -q "CONNECTED(00" "$TMPFILE"; then
if grep -qa "BEGIN CERTIFICATE" "$TMPFILE"; then
if [[ -z "$POODLE" ]]; then
pr_warning "Rerun including POODLE SSL check. "
pr_svrty_medium "Downgrade attack prevention NOT supported"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported. Pls rerun wity POODLE SSL check"
ret=1
elif [[ "$POODLE" -eq 0 ]]; then
pr_svrty_high "Downgrade attack prevention NOT supported and vulnerable to POODLE SSL"
fileout "fallback_scsv" "HIGH" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported and vulnerable to POODLE SSL"
ret=0
else
pr_svrty_medium "Downgrade attack prevention NOT supported"
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507): Downgrade attack prevention NOT supported"
ret=1
fi
elif grep -qa "alert inappropriate fallback" "$TMPFILE"; then
pr_done_good "Downgrade attack prevention supported (OK)"
fileout "fallback_scsv" "OK" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Downgrade attack prevention supported"
ret=0
elif grep -qa "alert handshake failure" "$TMPFILE"; then
pr_done_good "Probably OK. "
fileout "fallback_scsv" "OK" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Probably oK"
# see RFC 7507, https://github.com/drwetter/testssl.sh/issues/121
# other case reported by Nicolas was F5 and at costumer of mine: the same
pr_svrty_medium "But received non-RFC-compliant \"handshake failure\" instead of \"inappropriate fallback\""
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : But received non-RFC-compliant \"handshake failure\" instead of \"inappropriate fallback\""
ret=2
elif grep -qa "ssl handshake failure" "$TMPFILE"; then
pr_svrty_medium "some unexpected \"handshake failure\" instead of \"inappropriate fallback\""
fileout "fallback_scsv" "MEDIUM" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : some unexpected \"handshake failure\" instead of \"inappropriate fallback\" (likely: warning)"
ret=3
else
pr_warning "Check failed, unexpected result "
out ", run $PROG_NAME -Z --debug=1 and look at $TEMPDIR/*tls_fallback_scsv.txt"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Check failed, unexpected result, run $PROG_NAME -Z --debug=1 and look at $TEMPDIR/*tls_fallback_scsv.txt"
fi
else
pr_warning "test failed (couldn't connect)"
fileout "fallback_scsv" "WARN" "TLS_FALLBACK_SCSV (RFC 7507) (experimental) : Check failed. (couldn't connect)"
ret=7
fi fi
outln outln
@ -14384,6 +14437,7 @@ single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
-E, --cipher-per-proto checks those per protocol -E, --cipher-per-proto checks those per protocol
-s, --std, --standard tests certain lists of cipher suites by strength -s, --std, --standard tests certain lists of cipher suites by strength
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2) -p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
-g, --grease tests several server implementation bugs like GREASE and size limitations
-S, --server-defaults displays the server's default picks and certificate info -S, --server-defaults displays the server's default picks and certificate info
-P, --server-preference displays the server's picks: protocol+cipher -P, --server-preference displays the server's picks: protocol+cipher
-x, --single-cipher <pattern> tests matched <pattern> of ciphers -x, --single-cipher <pattern> tests matched <pattern> of ciphers
@ -14409,12 +14463,10 @@ single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
-D, --drown tests for DROWN vulnerability -D, --drown tests for DROWN vulnerability
-f, --pfs, --fs, --nsa checks (perfect) forward secrecy settings -f, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
-4, --rc4, --appelbaum which RC4 ciphers are being offered? -4, --rc4, --appelbaum which RC4 ciphers are being offered?
-g, --grease tests several server implementation bugs like GREASE and size limitations
-9, --full includes tests for implementation bugs and cipher per protocol (could disappear)
tuning / connect options (most also can be preset via environment variables): tuning / connect options (most also can be preset via environment variables):
--fast omits some checks: using openssl for all ciphers (-e), show only first --fast omits some checks: using openssl for all ciphers (-e), show only first preferred cipher.
preferred cipher. -9, --full includes tests for implementation bugs and cipher per protocol (could disappear)
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s --bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks --assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
--ssl-native fallback to checks with OpenSSL where sockets are normally used --ssl-native fallback to checks with OpenSSL where sockets are normally used