- one outstanding openssl CVE issue wrt SSLv2

- first skeleton for DROWN #305
2025-01-03 23:39:45 +01:00 · 2016-03-03 11:56:25 +01:00 · 2016-03-03 11:56:25 +01:00 · 752e6cdf56
commit 752e6cdf56
parent c4a68df423
1 changed files with 19 additions and 7 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -2147,9 +2147,8 @@ run_protocols() {
                    fileout "sslv2" "OK" "SSLv2 is not offered (OK)"
                    ;;
               5)
-                    pr_svrty_high "$supported_no_ciph2";
-                    outln " (may need further attention)"                  # protocol ok, but no cipher
-                    fileout "sslv2" "WARN" "SSLv2 is $supported_no_ciph2 (may need further attention)"
+                    pr_svrty_high "CVE-2015-3197: $supported_no_ciph2";
+                    fileout "sslv2" "WARN" "CVE-2015-3197: SSLv2 is $supported_no_ciph2"
                    ;;
               7)
                    fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support"
@ -4003,9 +4002,8 @@ sslv2_sockets() {
               if [[ "$lines" -gt 1 ]]; then
                    ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
                    if [[ 0 -eq "$ciphers_detected" ]]; then
-                         pr_svrty_high "supported but couldn't detect a cipher";
-                         outln " (may need further attention)"
-                         fileout "sslv2" "NOT OK" "SSLv2 offered (NOT ok), but could not detect a cipher (may need further attention)"
+                         pr_svrty_highln "CVE-2015-3197: supported but couldn't detect a cipher";
+                         fileout "sslv2" "NOT OK" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher"
                    else
                         pr_svrty_critical "offered (NOT ok)";
                         outln " -- $ciphers_detected ciphers"
@ -4923,6 +4921,20 @@ run_logjam() {
 # TODO: perfect candidate for replacement by sockets, so is freak


+run_drown() {
+
+     if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
+          outln
+          pr_headlineln " Testing for DROWN vulnerability "
+     fi
+# check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
+     pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703)          "
+
+
+     return $?
+}
+
+

 # Browser Exploit Against SSL/TLS: don't use CBC Ciphers in SSLv3 TLSv1.0
 run_beast(){
@ -6780,4 +6792,4 @@ fi
 exit $?


-#  $Id: testssl.sh,v 1.467 2016/02/22 09:44:42 dirkw Exp $
+#  $Id: testssl.sh,v 1.468 2016/03/03 10:39:30 dirkw Exp $