Merge branch 'master' into version_negotiation

Conflicts:
	testssl.sh
This commit is contained in:
David Cooper 2016-06-08 09:52:45 -04:00
commit 5edd005df0
2 changed files with 184 additions and 85 deletions

View File

@ -21,9 +21,11 @@
- JSON and CSV output - JSON and CSV output
- Client simulations - Client simulations
* dcooper16 * David Cooper
- Detection + output of multiple certificates - Detection + output of multiple certificates
- several cleanups of server certificate related stuff - several cleanups of server certificate related stuff
- improved parsing of TLS ServerHello messages
- speed improvements when testing all ciphers
* Jean Marsault * Jean Marsault
- client auth: ideas, code snipplets - client auth: ideas, code snipplets

View File

@ -324,14 +324,14 @@ pr_liteblueln() { pr_liteblue "$1"; outln; }
pr_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;32m$1" || out "\033[1;34m$1" ) || out "$1"; pr_off; } # used for head lines of single tests pr_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;32m$1" || out "\033[1;34m$1" ) || out "$1"; pr_off; } # used for head lines of single tests
pr_blueln() { pr_blue "$1"; outln; } pr_blueln() { pr_blue "$1"; outln; }
pr_warning() { [[ "$COLOR" -eq 2 ]] && out "\033[0;35m$1" || pr_underline "$1"; pr_off; } # litemagentai | local problem: one test cannot be done pr_warning() { [[ "$COLOR" -eq 2 ]] && out "\033[0;35m$1" || pr_underline "$1"; pr_off; } # some local problem: one test cannot be done
pr_warningln() { pr_warning "$1"; outln; } pr_warningln() { pr_warning "$1"; outln; } # litemagenya
pr_magenta() { [[ "$COLOR" -eq 2 ]] && out "\033[1;35m$1" || pr_underline "$1"; pr_off; } # Fatal error: quitting because of this! pr_magenta() { [[ "$COLOR" -eq 2 ]] && out "\033[1;35m$1" || pr_underline "$1"; pr_off; } # fatal error: quitting because of this!
pr_magentaln() { pr_magenta "$1"; outln; } pr_magentaln() { pr_magenta "$1"; outln; }
pr_litecyan() { [[ "$COLOR" -eq 2 ]] && out "\033[0;36m$1" || out "$1"; pr_off; } # not yet used pr_litecyan() { [[ "$COLOR" -eq 2 ]] && out "\033[0;36m$1" || out "$1"; pr_off; } # not yet used
pr_litecyanln() { pr_litecyan "$1"; outln; } pr_litecyanln() { pr_litecyan "$1"; outln; }
pr_cyan() { [[ "$COLOR" -eq 2 ]] && out "\033[1;36m$1" || out "$1"; pr_off; } # additional hint pr_cyan() { [[ "$COLOR" -eq 2 ]] && out "\033[1;36m$1" || out "$1"; pr_off; } # additional hint
pr_cyanln() { pr_cyan "$1"; outln; } pr_cyanln() { pr_cyan "$1"; outln; }
pr_litegreyln() { pr_litegrey "$1"; outln; } pr_litegreyln() { pr_litegrey "$1"; outln; }
@ -375,8 +375,11 @@ pr_headlineln() { pr_headline "$1" ; outln; }
pr_squoted() { out "'$1'"; } pr_squoted() { out "'$1'"; }
pr_dquoted() { out "\"$1\""; } pr_dquoted() { out "\"$1\""; }
local_problem_ln() { pr_warningln "Local problem: $1"; }
local_problem() { pr_warning "Local problem: $1"; } local_problem() { pr_warning "Local problem: $1"; }
local_problem_ln() { pr_warningln "Local problem: $1"; }
fixme() { pr_warning "fixme: $1"; }
fixme() { pr_warningln "fixme: $1"; }
### color switcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/ ### color switcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/
### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html ### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html
@ -642,17 +645,17 @@ runs_HTTP() {
*) if $CLIENT_AUTH; then *) if $CLIENT_AUTH; then
out "certificate based authentication => skipping all HTTP checks" out "certificate based authentication => skipping all HTTP checks"
echo "certificate based authentication => skipping all HTTP checks" >$TMPFILE echo "certificate based authentication => skipping all HTTP checks" >$TMPFILE
fileout "client_auth" "WARN" "certificate based authentication => skipping all HTTP checks" fileout "client_auth" "INFO" "certificate based authentication => skipping all HTTP checks"
else else
out " Couldn't determine what's running on port $PORT" out " Couldn't determine what's running on port $PORT"
if $ASSUMING_HTTP; then if $ASSUMING_HTTP; then
SERVICE=HTTP SERVICE=HTTP
out " -- ASSUMING_HTTP set though" out " -- ASSUMING_HTTP set though"
fileout "service" "WARN" "Couldn't determine service, --ASSUMING_HTTP set" fileout "service" "DEBUG" "Couldn't determine service, --ASSUMING_HTTP set"
ret=0 ret=0
else else
out ", assuming no HTTP service => skipping all HTTP checks" out ", assuming no HTTP service => skipping all HTTP checks"
fileout "service" "WARN" "Couldn't determine service, skipping all HTTP checks" fileout "service" "DEBUG" "Couldn't determine service, skipping all HTTP checks"
ret=1 ret=1
fi fi
fi fi
@ -1011,7 +1014,7 @@ run_hpkp() {
out "\n$spaces" out "\n$spaces"
pr_svrty_high " No matching key for pins found " pr_svrty_high " No matching key for pins found "
out "(CAs pinned? -- not checked for yet)" out "(CAs pinned? -- not checked for yet)"
fileout "hpkp_keymatch" "WARN" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this" fileout "hpkp_keymatch" "DEBUG" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this"
fi fi
else else
out "--" out "--"
@ -2217,6 +2220,12 @@ run_prototest_openssl() {
# 7: no local support # 7: no local support
} }
# idempotent function to add SSL/TLS protocols. It should ease testing
# PROTOS_OFFERED's content is in openssl terminology
add_tls_offered() {
grep -w "$1" <<< "$PROTOS_OFFERED" || PROTOS_OFFERED+="$1 "
}
# the protocol check needs to be revamped. It sucks, see above # the protocol check needs to be revamped. It sucks, see above
run_protocols() { run_protocols() {
@ -2259,6 +2268,7 @@ run_protocols() {
0) 0)
pr_svrty_criticalln "offered (NOT ok)" pr_svrty_criticalln "offered (NOT ok)"
fileout "sslv2" "NOT ok" "SSLv2 is offered (NOT ok)" fileout "sslv2" "NOT ok" "SSLv2 is offered (NOT ok)"
add_tls_offered "ssl2"
;; ;;
1) 1)
pr_done_bestln "not offered (OK)" pr_done_bestln "not offered (OK)"
@ -2267,6 +2277,7 @@ run_protocols() {
5) 5)
pr_svrty_high "CVE-2015-3197: $supported_no_ciph2"; pr_svrty_high "CVE-2015-3197: $supported_no_ciph2";
fileout "sslv2" "WARN" "CVE-2015-3197: SSLv2 is $supported_no_ciph2" fileout "sslv2" "WARN" "CVE-2015-3197: SSLv2 is $supported_no_ciph2"
add_tls_offered "ssl2"
;; ;;
7) 7)
fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support" fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support"
@ -2286,6 +2297,7 @@ run_protocols() {
fileout "sslv3" "NOT ok" "SSLv3 is offered (NOT ok)" fileout "sslv3" "NOT ok" "SSLv3 is offered (NOT ok)"
latest_supported="0300" latest_supported="0300"
latest_supported_string="SSLv3" latest_supported_string="SSLv3"
add_tls_offered "ssl3"
;; ;;
1) 1)
pr_done_bestln "not offered (OK)" pr_done_bestln "not offered (OK)"
@ -2305,7 +2317,8 @@ run_protocols() {
fileout "sslv3" "WARN" "SSLv3 is $supported_no_ciph1" fileout "sslv3" "WARN" "SSLv3 is $supported_no_ciph1"
pr_svrty_high "$supported_no_ciph2" pr_svrty_high "$supported_no_ciph2"
outln "(may need debugging)" outln "(may need debugging)"
;; # protocol ok, but no cipher add_tls_offered "ssl3"
;;
7) 7)
fileout "sslv3" "INFO" "SSLv3 is not tested due to lack of local support" fileout "sslv3" "INFO" "SSLv3 is not tested due to lack of local support"
;; # no local support ;; # no local support
@ -2323,6 +2336,7 @@ run_protocols() {
fileout "tls1" "INFO" "TLSv1.0 is offered" fileout "tls1" "INFO" "TLSv1.0 is offered"
latest_supported="0301" latest_supported="0301"
latest_supported_string="TLSv1.0" latest_supported_string="TLSv1.0"
add_tls_offered "tls1"
;; # nothing wrong with it -- per se ;; # nothing wrong with it -- per se
1) 1)
out "not offered" out "not offered"
@ -2352,6 +2366,7 @@ run_protocols() {
5) 5)
outln "$supported_no_ciph1" # protocol ok, but no cipher outln "$supported_no_ciph1" # protocol ok, but no cipher
fileout "tls1" "WARN" "TLSv1.0 is $supported_no_ciph1" fileout "tls1" "WARN" "TLSv1.0 is $supported_no_ciph1"
add_tls_offered "tls1"
;; ;;
7) 7)
fileout "tlsv1" "INFO" "TLSv1.0 is not tested due to lack of local support" fileout "tlsv1" "INFO" "TLSv1.0 is not tested due to lack of local support"
@ -2370,6 +2385,7 @@ run_protocols() {
fileout "tls1_1" "INFO" "TLSv1.1 is offered" fileout "tls1_1" "INFO" "TLSv1.1 is offered"
latest_supported="0302" latest_supported="0302"
latest_supported_string="TLSv1.1" latest_supported_string="TLSv1.1"
add_tls_offered "tls1_1"
;; # nothing wrong with it ;; # nothing wrong with it
1) 1)
out "not offered" out "not offered"
@ -2402,6 +2418,7 @@ run_protocols() {
5) 5)
outln "$supported_no_ciph1" outln "$supported_no_ciph1"
fileout "tls1_1" "WARN" "TLSv1.1 is $supported_no_ciph1" fileout "tls1_1" "WARN" "TLSv1.1 is $supported_no_ciph1"
add_tls_offered "tls1_1"
;; # protocol ok, but no cipher ;; # protocol ok, but no cipher
7) 7)
fileout "tls1_1" "INFO" "TLSv1.1 is not tested due to lack of local support" fileout "tls1_1" "INFO" "TLSv1.1 is not tested due to lack of local support"
@ -2420,6 +2437,7 @@ run_protocols() {
fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)" fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)"
latest_supported="0303" latest_supported="0303"
latest_supported_string="TLSv1.2" latest_supported_string="TLSv1.2"
add_tls_offered "tls1_2"
;; # GCM cipher in TLS 1.2: very good! ;; # GCM cipher in TLS 1.2: very good!
1) 1)
pr_svrty_mediumln "not offered" pr_svrty_mediumln "not offered"
@ -2456,6 +2474,7 @@ run_protocols() {
5) 5)
outln "$supported_no_ciph1" outln "$supported_no_ciph1"
fileout "tls1_2" "WARN" "TLSv1.2 is $supported_no_ciph1" fileout "tls1_2" "WARN" "TLSv1.2 is $supported_no_ciph1"
add_tls_offered "tls1_2"
;; # protocol ok, but no cipher ;; # protocol ok, but no cipher
7) 7)
fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support" fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support"
@ -2856,7 +2875,7 @@ check_tls12_pref() {
order="$cipher" order="$cipher"
tested_cipher="-$cipher" tested_cipher="-$cipher"
else else
pr_warningln "fixme: something weird happened around line $((LINENO - 6))" fixmeln "something weird happened around line $((LINENO - 6))"
return 1 return 1
fi fi
while true; do while true; do
@ -2876,6 +2895,8 @@ check_tls12_pref() {
# second cipher set didn't succeed: we can just output everything # second cipher set didn't succeed: we can just output everything
out " $order" out " $order"
fi fi
tmpfile_handle $FUNCNAME.txt
return 0 return 0
} }
@ -2911,7 +2932,7 @@ cipher_pref_check() {
# thus we reduce the number of ciphers we throw at the server and put later everything together # thus we reduce the number of ciphers we throw at the server and put later everything together
# see #189 # see #189
# so far, this was only observed in TLS 1.2 # so far, this was only observed in TLS 1.2
check_tls12_pref "$cipher" order=$(check_tls12_pref "$cipher")
else else
out " $cipher" # this is the first cipher for protocol out " $cipher" # this is the first cipher for protocol
while true; do while true; do
@ -2948,7 +2969,7 @@ cipher_pref_check() {
order+=" $cipher" order+=" $cipher"
done done
outln outln
[[ -z $order ]] || fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p:order" [[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order"
done done
fi fi
@ -4609,6 +4630,7 @@ sslv2_sockets() {
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) " [[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
if [[ "$lines" -gt 1 ]]; then if [[ "$lines" -gt 1 ]]; then
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
add_tls_offered "ssl2"
if [[ 0 -eq "$nr_ciphers_detected" ]]; then if [[ 0 -eq "$nr_ciphers_detected" ]]; then
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 "; pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197" fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
@ -4633,38 +4655,22 @@ sslv2_sockets() {
# ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2) # ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2)
# ARG2: CIPHER_SUITES string # ARG2: CIPHER_SUITES string
socksend_tls_clienthello() { socksend_tls_clienthello() {
#FIXME: redo this with all extensions!
local tls_low_byte="$1" local tls_low_byte="$1"
local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3 local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3
local servername_hexstr len_servername len_servername_hex local servername_hexstr len_servername len_servername_hex
local hexdump_format_str local hexdump_format_str part1 part2
local all_extensions local all_extensions=""
local len_sni_listlen len_sni_ext len_extension_hex local -i i j len_extension len_padding_extension len_all
local cipher_suites len_ciph_suites len_ciph_suites_word local len_sni_listlen len_sni_ext len_extension_hex len_padding_extension_hex
local cipher_suites len_ciph_suites len_ciph_suites_byte len_ciph_suites_word
local len_client_hello_word len_all_word local len_client_hello_word len_all_word
local ecc_cipher_suite_found=false
#len_servername=$(echo ${#NODE}) local extension_signature_algorithms extension_heartbeat
len_servername=${#NODE} local extension_session_ticket extension_next_protocol extensions_ecc extension_padding
hexdump_format_str="$len_servername/1 \"%02x,\""
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
code2network "$2" # convert CIPHER_SUITES code2network "$2" # convert CIPHER_SUITES
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
#formatted example for SNI
#00 00 # extension server_name
#00 1a # length = the following +2 = server_name length + 5
#00 18 # server_name list_length = server_name length +3
#00 # server_name type (hostname)
#00 15 # server_name length
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
# convert lengths we need to fill in from dec to hex:
len_servername_hex=$(printf "%02x\n" $len_servername)
len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
len_extension_hex=$(printf "%02x\n" $((len_servername+9))) #FIXME: for TLS 1.2 and IIS servers we need extension_signature_algorithms!!
len_ciph_suites_byte=$(echo ${#cipher_suites}) len_ciph_suites_byte=$(echo ${#cipher_suites})
let "len_ciph_suites_byte += 2" let "len_ciph_suites_byte += 2"
@ -4674,6 +4680,136 @@ socksend_tls_clienthello() {
len_ciph_suites_word="$LEN_STR" len_ciph_suites_word="$LEN_STR"
#[[ $DEBUG -ge 3 ]] && echo $len_ciph_suites_word #[[ $DEBUG -ge 3 ]] && echo $len_ciph_suites_word
if [[ "$tls_low_byte" != "00" ]]; then
# Add extensions
# Check to see if any ECC cipher suites are included in cipher_suites
for (( i=0; i<len_ciph_suites_byte; i=i+8 )); do
j=$i+4
part1="0x${cipher_suites:$i:2}"
part2="0x${cipher_suites:$j:2}"
if [[ "$part1" == "0xc0" ]]; then
if [[ "$part2" -ge "0x01" ]] && [[ "$part2" -le "0x19" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x23" ]] && [[ "$part2" -le "0x3b" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x48" ]] && [[ "$part2" -le "0x4f" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x5c" ]] && [[ "$part2" -le "0x63" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x70" ]] && [[ "$part2" -le "0x79" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x86" ]] && [[ "$part2" -le "0x8d" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x9a" ]] && [[ "$part2" -le "0x9b" ]]; then
ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0xac" ]] && [[ "$part2" -le "0xaf" ]]; then
ecc_cipher_suite_found=true && break
fi
elif [[ "$part1" == "0xcc" ]]; then
if [[ "$part2" == "0xa8" ]] || [[ "$part2" == "0xa9" ]] || [[ "$part2" == "0xac" ]] || [[ "$part2" == "0x13" ]] || [[ "$part2" == "0x14" ]]; then
ecc_cipher_suite_found=true && break
fi
fi
done
#formatted example for SNI
#00 00 # extension server_name
#00 1a # length = the following +2 = server_name length + 5
#00 18 # server_name list_length = server_name length +3
#00 # server_name type (hostname)
#00 15 # server_name length
#66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66 target.mydomain1.tld # server_name target
len_servername=${#NODE}
hexdump_format_str="$len_servername/1 \"%02x,\""
servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
# convert lengths we need to fill in from dec to hex:
len_servername_hex=$(printf "%02x\n" $len_servername)
len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
extension_signature_algorithms="
00, 0d, # Type: signature_algorithms , see RFC 5246
00, 20, # len
00,1e, 06,01, 06,02, 06,03, 05,01, 05,02, 05,03,
04,01, 04,02, 04,03, 03,01, 03,02, 03,03, 02,01, 02,02, 02,03"
extension_heartbeat="
00, 0f, 00, 01, 01"
extension_session_ticket="
00, 23, 00, 00"
extension_next_protocol="
33, 74, 00, 00"
# Supported Elliptic Curves Extension and Supported Point Formats Extension.
extensions_ecc="
00, 0a, # Type: Supported Elliptic Curves , see RFC 4492
00, 3a, 00, 38, # lengths
00, 01, 00, 02, 00, 03, 00, 04, 00, 05, 00, 06, 00, 07, 00, 08,
00, 09, 00, 0a, 00, 0b, 00, 0c, 00, 0d, 00, 0e, 00, 0f, 00, 10,
00, 11, 00, 12, 00, 13, 00, 14, 00, 15, 00, 16, 00, 17, 00, 18,
00, 19, 00, 1a, 00, 1b, 00, 1c,
00, 0b, # Type: Supported Point Formats , see RFC 4492
00, 02, # len
01, 00"
all_extensions="
00, 00 # extension server_name
,00, $len_sni_ext # length SNI EXT
,00, $len_sni_listlen # server_name list_length
,00 # server_name type (hostname)
,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
,$servername_hexstr # server_name target
,$extension_heartbeat
,$extension_session_ticket
,$extension_next_protocol"
# RFC 5246 says that clients MUST NOT offer the signature algorithms
# extension if they are offering TLS versions prior to 1.2.
if [[ "0x$tls_low_byte" -ge "0x03" ]]; then
all_extensions="$all_extensions
,$extension_signature_algorithms"
fi
if $ecc_cipher_suite_found; then
all_extensions="$all_extensions
,$extensions_ecc"
fi
code2network "$all_extensions" # convert extensions
all_extensions="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
len_extension=${#all_extensions}
len_extension+=2
len_extension=$len_extension/4
len_extension_hex=$(printf "%02x\n" $len_extension)
# If the length of the Client Hello would be between 256 and 511 bytes,
# then add a padding extension (see RFC 7685)
len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2))
if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]]; then
if [[ $len_all -gt 508 ]]; then
len_padding_extension=0
else
len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2))
fi
len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension)
len2twobytes "$len_padding_extension_hex"
all_extensions="$all_extensions\\x00\\x15\\x${LEN_STR:0:2}\\x${LEN_STR:4:2}"
for (( i=0; i<len_padding_extension; i++ )); do
all_extensions="$all_extensions\\x00"
done
len_extension=$len_extension+$len_padding_extension+0x4
len_extension_hex=$(printf "%02x\n" $len_extension)
fi
len2twobytes "$len_extension_hex"
all_extensions="
,$LEN_STR # first the len of all extentions.
,$all_extensions"
fi
# RFC 3546 doesn't specify SSLv3 to have SNI, openssl just ignores the switch if supplied # RFC 3546 doesn't specify SSLv3 to have SNI, openssl just ignores the switch if supplied
if [[ "$tls_low_byte" == "00" ]]; then if [[ "$tls_low_byte" == "00" ]]; then
len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27))) len2twobytes $(printf "%02x\n" $((0x$len_ciph_suites + 0x27)))
@ -4713,45 +4849,6 @@ socksend_tls_clienthello() {
,01 # Compression methods length ,01 # Compression methods length
,00" # Compression method (x00 for NULL) ,00" # Compression method (x00 for NULL)
#TODO,add (see heartbleed)
# extension lenghth (word)
# extension ec_point_formats (4 words) 1st: 00 0b
#len 00 04
# ec prot formats len: 03
# uncompressed 00
# EC point format: ansiX962_compressed_prime 01
# EC point format: ansiX962_compressed_char2 02
# ec, 1st: 00 0a
# 2nd length: (word) e.g. 0x34
# 3rd: ec curve len ln-2 e.g. 0x32
# 4.-n. curves e.g. 25 words
# Extension: Session Ticket 00 23
extension_signature_algorithms="
00, 0d, # Type: signature_algorithms , see RFC 5246
00, 20, # len
00,1e, 06,01, 06,02, 06,03, 05,01, 05,02, 05,03,
04,01, 04,02, 04,03, 03,01, 03,02, 03,03, 02,01, 02,02, 02,03"
# Extension: Haertbeat 00 0f
# len 00 01
# peer allowed to send requests 01
if [[ "$tls_low_byte" == "00" ]]; then
all_extensions=""
else #FIXME: we (probably) need extension_signature_algorithms here. TLS 1.2 fails on IIS otherwise
all_extensions="
,00, $len_extension_hex # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9
,00, 00 # extension server_name
,00, $len_sni_ext # length SNI EXT
,00, $len_sni_listlen # server_name list_length
,00 # server_name type (hostname)
,00, $len_servername_hex # server_name length
,$servername_hexstr" # server_name target
fi
fd_socket 5 || return 6 fd_socket 5 || return 6
code2network "$TLS_CLIENT_HELLO$all_extensions" code2network "$TLS_CLIENT_HELLO$all_extensions"
@ -5555,11 +5652,11 @@ run_drown() {
parse_sslv2_serverhello "$SOCK_REPLY_FILE" parse_sslv2_serverhello "$SOCK_REPLY_FILE"
case $? in case $? in
7) # strange reply, couldn't convert the cipher spec length to a hex number 7) # strange reply, couldn't convert the cipher spec length to a hex number
pr_cyan "strange v2 reply " fixme "strange v2 reply "
outln " (rerun with DEBUG >=2)" outln " (rerun with DEBUG >=2)"
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1 [[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
ret=7 ret=7
fileout "DROWN" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)" fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
;; ;;
3) # vulnerable 3) # vulnerable
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)") lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
@ -5568,16 +5665,16 @@ run_drown() {
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
if [[ 0 -eq "$nr_ciphers_detected" ]]; then if [[ 0 -eq "$nr_ciphers_detected" ]]; then
pr_svrty_highln "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)"; pr_svrty_highln "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)";
fileout "DROWN" "NOT ok" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher" fileout "drown" "NOT ok" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher"
else else
pr_svrty_criticalln "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"; pr_svrty_criticalln "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers";
fileout "DROWN" "NOT ok" "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers" fileout "drown" "NOT ok" "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"
fi fi
fi fi
ret=1 ret=1
;; ;;
*) pr_done_bestln "not vulnerable on this port (OK)" *) pr_done_bestln "not vulnerable on this port (OK)"
fileout "DROWN" "OK" "not vulnerable to DROWN" fileout "drown" "OK" "not vulnerable to DROWN"
outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services" outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services"
if [[ "$DEBUG" -ge 1 ]] || "$SHOW_CENSYS_LINK"; then if [[ "$DEBUG" -ge 1 ]] || "$SHOW_CENSYS_LINK"; then
# not advertising it as it after 5 tries and account is needed # not advertising it as it after 5 tries and account is needed
@ -5852,7 +5949,7 @@ run_tls_truncation() {
old_fart() { old_fart() {
outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ." outln "Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
fileout "old_fart" "WARN" "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed. Get precompiled bins or compile https://github.com/PeterMosmans/openssl ." fileout "old_fart" "ERROR" "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed. Get precompiled bins or compile https://github.com/PeterMosmans/openssl ."
fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -2 fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -2
} }
@ -7481,4 +7578,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.495 2016/06/07 11:02:57 dirkw Exp $ # $Id: testssl.sh,v 1.496 2016/06/07 21:06:57 dirkw Exp $