mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Merge pull request #1304 from drwetter/renego_fixes
Fix misleading CVE in Secure Renegotiation
This commit is contained in:
commit
5fed82f4c2
53
testssl.sh
53
testssl.sh
@ -14050,35 +14050,37 @@ run_ticketbleed() {
|
|||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Overview @ http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
|
||||||
|
#
|
||||||
run_renego() {
|
run_renego() {
|
||||||
# no SNI here. Not needed as there won't be two different SSL stacks for one IP
|
|
||||||
local legacycmd="" proto="$OPTIMAL_PROTO"
|
local legacycmd="" proto="$OPTIMAL_PROTO"
|
||||||
local insecure_renogo_str="Secure Renegotiation IS NOT"
|
|
||||||
local sec_renego sec_client_renego
|
local sec_renego sec_client_renego
|
||||||
local -i ret=0
|
local -i ret=0
|
||||||
local cve="CVE-2009-3555"
|
local cve=""
|
||||||
local cwe="CWE-310"
|
local cwe="CWE-310"
|
||||||
local hint=""
|
local hint=""
|
||||||
local jsonID=""
|
local jsonID=""
|
||||||
|
# No SNI needed here as there won't be two different SSL stacks for one IP
|
||||||
|
|
||||||
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
|
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
|
||||||
|
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Renegotiation vulnerabilities " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Renegotiation vulnerabilities " && outln
|
||||||
|
|
||||||
pr_bold " Secure Renegotiation "; out "($cve) " # and RFC 5746, OSVDB 59968-59974
|
pr_bold " Secure Renegotiation (RFC 5746) "
|
||||||
jsonID="secure_renego" # community.qualys.com/blogs/securitylabs/2009/11/05/ssl-and-tls-authentication-gap-vulnerability-discovered
|
jsonID="secure_renego"
|
||||||
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
|
||||||
|
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
if sclient_connect_successful $? $TMPFILE; then
|
if sclient_connect_successful $? $TMPFILE; then
|
||||||
grep -iaq "$insecure_renogo_str" $TMPFILE
|
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
|
||||||
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
|
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
|
||||||
#FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported"
|
# grep -iaq "Secure Renegotiation IS supported"
|
||||||
|
#FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported"
|
||||||
case $sec_renego in
|
case $sec_renego in
|
||||||
0) prln_svrty_critical "VULNERABLE (NOT ok)"
|
0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)"
|
||||||
fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint"
|
||||||
;;
|
;;
|
||||||
1) prln_svrty_best "not vulnerable (OK)"
|
1) prln_svrty_best "supported (OK)"
|
||||||
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "supported" "$cve" "$cwe"
|
||||||
;;
|
;;
|
||||||
*) prln_warning "FIXME (bug): $sec_renego"
|
*) prln_warning "FIXME (bug): $sec_renego"
|
||||||
fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe"
|
fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe"
|
||||||
@ -14089,10 +14091,18 @@ run_renego() {
|
|||||||
fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe"
|
fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# see: https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
|
# FIXME: Basically this can be done with sockets and we might have that information already
|
||||||
# http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- head/get doesn't seem to be needed though
|
# see https://tools.ietf.org/html/rfc5746#section-3.4: 'The client MUST include either an empty "renegotiation_info"
|
||||||
pr_bold " Secure Client-Initiated Renegotiation " # RFC 5746
|
# extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the ClientHello. [..]
|
||||||
|
# When a ServerHello is received, the client MUST check if it includes the "renegotiation_info" extension:
|
||||||
|
# If the extension is not present, the server does not support secure renegotiation'
|
||||||
|
|
||||||
|
|
||||||
|
pr_bold " Secure Client-Initiated Renegotiation "
|
||||||
jsonID="secure_client_renego"
|
jsonID="secure_client_renego"
|
||||||
|
# see: https://blog.qualys.com/ssllabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
|
||||||
|
# http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- head/get doesn't seem to be needed though
|
||||||
|
# https://archive.fo/20130415224936/http://www.thc.org/thc-ssl-dos/, https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation
|
||||||
case "$OSSL_VER" in
|
case "$OSSL_VER" in
|
||||||
0.9.8*) # we need this for Mac OSX unfortunately
|
0.9.8*) # we need this for Mac OSX unfortunately
|
||||||
case "$OSSL_VER_APPENDIX" in
|
case "$OSSL_VER_APPENDIX" in
|
||||||
@ -14112,6 +14122,7 @@ run_renego() {
|
|||||||
;; # all ok
|
;; # all ok
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
if "$CLIENT_AUTH"; then
|
if "$CLIENT_AUTH"; then
|
||||||
prln_warning "client x509-based authentication prevents this from being tested"
|
prln_warning "client x509-based authentication prevents this from being tested"
|
||||||
fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested"
|
fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested"
|
||||||
@ -14119,7 +14130,7 @@ run_renego() {
|
|||||||
else
|
else
|
||||||
# We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
|
# We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
|
||||||
# msg enables us to look deeper into it while debugging
|
# msg enables us to look deeper into it while debugging
|
||||||
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE &
|
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE &
|
||||||
wait_kill $! $HEADER_MAXSLEEP
|
wait_kill $! $HEADER_MAXSLEEP
|
||||||
if [[ $? -eq 3 ]]; then
|
if [[ $? -eq 3 ]]; then
|
||||||
pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
|
pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
|
||||||
@ -14127,10 +14138,10 @@ run_renego() {
|
|||||||
sec_client_renego=1
|
sec_client_renego=1
|
||||||
else
|
else
|
||||||
# second try in the foreground as we are sure now it won't hang
|
# second try in the foreground as we are sure now it won't hang
|
||||||
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $SNI $PROXY") >$TMPFILE 2>>$ERRFILE
|
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||||
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
||||||
case "$sec_client_renego" in
|
case "$sec_client_renego" in
|
||||||
0) if [[ $SERVICE == "HTTP" ]]; then
|
0) if [[ $SERVICE == HTTP ]]; then
|
||||||
pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
||||||
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
||||||
else
|
else
|
||||||
@ -14151,7 +14162,11 @@ run_renego() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#FIXME Insecure Client-Initiated Renegotiation is missing ==> sockets
|
#pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555
|
||||||
|
#jsonID="insecure_client_renego"
|
||||||
|
#
|
||||||
|
# https://www.openssl.org/news/vulnerabilities.html#y2009. It can only be tested with OpenSSL <=0.9.8k
|
||||||
|
# Insecure Client-Initiated Renegotiation is missing ==> sockets. When we complete the handshake ;-)
|
||||||
|
|
||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
tmpfile_handle ${FUNCNAME[0]}.txt
|
||||||
return $ret
|
return $ret
|
||||||
|
Loading…
Reference in New Issue
Block a user