diff --git a/etc/tls_data.txt b/etc/tls_data.txt index 47ed46c..898aa2d 100755 --- a/etc/tls_data.txt +++ b/etc/tls_data.txt @@ -8,7 +8,7 @@ readonly TLS13_CIPHER=" 13,01, 13,02, 13,03, 13,04, 13,05" # 123 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN -readonly TLS12_CIPHER=" +declare TLS12_CIPHER=" c0,30, c0,2c, c0,28, c0,24, c0,14, c0,0a, 00,9f, 00,6b, 00,39, 00,9d, 00,3d, 00,35, c0,2f, c0,2b, c0,27, c0,23, c0,13, c0,09, 00,9e, 00,67, 00,33, 00,9c, 00,3c, 00,2f, diff --git a/testssl.sh b/testssl.sh index 1019658..0e81678 100755 --- a/testssl.sh +++ b/testssl.sh @@ -378,6 +378,7 @@ STARTTLS_PROTOCOL="" OPTIMAL_PROTO="" # Need this for IIS6 (sigh) + OpenSSL 1.0.2, otherwise some handshakes will fail see # https://github.com/PeterMosmans/openssl/issues/19#issuecomment-100897892 STARTTLS_OPTIMAL_PROTO="" # Same for STARTTLS, see https://github.com/drwetter/testssl.sh/issues/188 +OPTIMAL_SOCKETS_PROTO="" # Same for tls_sockets(). -- not yet used TLS_TIME="" # To keep the value of TLS server timestamp TLS_NOW="" # Similar TLS_DIFFTIME_SET=false # Tells TLS functions to measure the TLS difftime or not @@ -5178,11 +5179,6 @@ run_protocols() { if "$using_sockets"; then tls_sockets "03" "$TLS12_CIPHER" ret_val_tls12=$? - if [[ $ret_val_tls12 -ne 0 ]]; then - tls_sockets "03" "$TLS12_CIPHER_2ND_TRY" - [[ $? -eq 0 ]] && ret_val_tls12=0 - # see #807 and #806 - fi tls12_detected_version="$DETECTED_TLS_VERSION" # Need to ensure that at most 128 ciphers are included in ClientHello. # If the TLSv1.2 test was successful, then use the 5 TLSv1.3 ciphers @@ -15841,7 +15837,6 @@ run_grease() { for (( i=0; i < 5; i++ )); do case $i in 0) proto="03" ; cipher_list="$TLS12_CIPHER" ;; - 1) proto="03" ; cipher_list="$TLS12_CIPHER_2ND_TRY" ;; 2) proto="02" ; cipher_list="$TLS_CIPHER" ;; 3) proto="01" ; cipher_list="$TLS_CIPHER" ;; 4) proto="00" ; cipher_list="$TLS_CIPHER" ;; @@ -17740,6 +17735,121 @@ sclient_auth() { return 1 } +# Determine the best parameters to use with tls_sockets(): +# For TLSv1.3, determine what extension number to use for the key_share extension. +# For TLSv1.2, determine what cipher list to send, since there are more than 128 +# TLSv1.2 ciphers and some servers fail if the ClientHello contains too many ciphers. +# If both TLSv1.3 and TLSv1.2 ClientHello messages result in failed connection attempts, +# then try to determine whether: +# (1) This is an SSLv2-only server +# (2) This server supports some protocol in SSLv3 - TLSv1.1, but cannot handle version negotiation. +# (3) This is not a TLS/SSL enabled server. +# This information can be used by determine_optimal_proto() to help distinguish between a server +# that is not TLS/SSL enabled and one that is not compatible with the version of OpenSSL being used. +determine_optimal_sockets_params() { + local -i ret1 ret2 + local proto + local all_failed=true + + # If a STARTTLS protocol is specified and $SSL_NATIVE is true, then skip this test, since + # $SSL_NATIVE may have been set to true as a result of tls_sockets() not supporting the STARTTLS + # protocol. + [[ -n "$STARTTLS_PROTOCOL" ]] && "$SSL_NATIVE" && return 0 + + # NOTE: The following code is only needed as long as draft versions of TLSv1.3 prior to draft 23 + # are supported. It is used to determine whether a draft 23 or pre-draft 23 ClientHello should be + # sent. + KEY_SHARE_EXTN_NR="33" + tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 0f, 0e, 03,04, 7f,1c, 7f,1b, 7f,1a, 7f,19, 7f,18, 7f,17" + if [[ $? -eq 0 ]]; then + add_tls_offered tls1_3 yes + all_failed=false + else + KEY_SHARE_EXTN_NR="28" + tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 0b, 0a, 7f,16, 7f,15, 7f,14, 7f,13, 7f,12" + if [[ $? -eq 0 ]]; then + add_tls_offered tls1_3 yes + all_failed=false + else + add_tls_offered tls1_3 no + KEY_SHARE_EXTN_NR="33" + fi + fi + + # Need to determine which set of ciphers is best to use with + # a TLSv1.2 ClientHello since there are far more than 128 ciphers + # that can be used. + tls_sockets "03" "$TLS12_CIPHER" + ret1=$? + if [[ $ret1 -eq 0 ]] || [[ $ret1 -eq 2 ]]; then + case $DETECTED_TLS_VERSION in + 0303) add_tls_offered tls1_2 yes ;; + 0302) add_tls_offered tls1_1 yes ;; + 0301) add_tls_offered tls1 yes ;; + 0300) add_tls_offered ssl3 yes ;; + esac + all_failed=false + fi + + # Try again with a different, less common, set of cipher suites + # see #807 and #806. If using these cipher suites results in a + # successful connection, then change $TLS12_CIPHER to these + # cipher suites so that later tests will use this list of cipher + # suites. + if [[ $ret1 -ne 0 ]]; then + tls_sockets "03" "$TLS12_CIPHER_2ND_TRY" + ret2=$? + if [[ $ret2 -eq 0 ]]; then + add_tls_offered tls1_2 yes + TLS12_CIPHER="$TLS12_CIPHER_2ND_TRY" + all_failed=false + else + add_tls_offered tls1_2 no + fi + if [[ $ret2 -eq 2 ]]; then + case $DETECTED_TLS_VERSION in + 0302) add_tls_offered tls1_1 yes ;; + 0301) add_tls_offered tls1 yes ;; + 0300) add_tls_offered ssl3 yes ;; + esac + [[ $ret1 -ne 2 ]] && TLS12_CIPHER="$TLS12_CIPHER_2ND_TRY" + all_failed=false + fi + fi + + if "$all_failed"; then + # One of the following must be true: + # * This is not a TLS/SSL enabled server. + # * The server only supports SSLv2 + # * The server does not handle version negotiation correctly. + for proto in 01 00 02; do + tls_sockets "$proto" "$TLS_CIPHER" "" "" "true" + ret1=$? + if [[ $ret1 -ne 0 ]]; then + case $proto in + 02) add_tls_offered tls1_1 no ;; + 01) add_tls_offered tls1 no ;; + 00) add_tls_offered ssl3 no ;; + esac + fi + if [[ $ret1 -eq 0 ]] || [[ $ret1 -eq 2 ]]; then + case $DETECTED_TLS_VERSION in + 0302) add_tls_offered tls1_1 yes ;; + 0301) add_tls_offered tls1 yes ;; + 0300) add_tls_offered ssl3 yes ;; + esac + OPTIMAL_SOCKETS_PROTO="$proto" + all_failed=false + break + fi + done + fi + if "$all_failed"; then + sslv2_sockets + [[ $? -eq 3 ]] && all_failed=false && add_tls_offered ssl2 yes + fi + return 0 +} # This is a helper function for determine_optimal_proto() below. It sets the # the global STARTTLS_OPTIMAL_PROTO / OPTIMAL_PROTO accordingly and returns 1 @@ -17912,26 +18022,6 @@ determine_optimal_proto() { [[ $? -ne 0 ]] && exit $ERR_CLUELESS fi - # NOTE: The following code is only needed as long as draft versions of TLSv1.3 prior to draft 23 - # are supported. It is used to determine whether a draft 23 or pre-draft 23 ClientHello should be - # sent. - if [[ -z "$1" ]]; then - KEY_SHARE_EXTN_NR="33" - tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 0f, 0e, 03,04, 7f,1c, 7f,1b, 7f,1a, 7f,19, 7f,18, 7f,17" - if [[ $? -eq 0 ]]; then - add_tls_offered tls1_3 yes - else - KEY_SHARE_EXTN_NR="28" - tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 0b, 0a, 7f,16, 7f,15, 7f,14, 7f,13, 7f,12" - if [[ $? -eq 0 ]]; then - add_tls_offered tls1_3 yes - else - add_tls_offered tls1_3 no - KEY_SHARE_EXTN_NR="33" - fi - fi - fi - tmpfile_handle ${FUNCNAME[0]}.txt return 0 } @@ -17961,6 +18051,7 @@ determine_service() { outln if [[ -z "$1" ]]; then # no STARTTLS. + determine_optimal_sockets_params determine_optimal_proto $SNEAKY && \ ua="$UA_SNEAKY" || \ @@ -18021,6 +18112,7 @@ determine_service() { fatal "Your $OPENSSL does not support the \"-starttls nntp\" option" $ERR_OSSLBIN fi fi + determine_optimal_sockets_params determine_optimal_proto "$1" out " Service set:$CORRECT_SPACES STARTTLS via "