From 045778b2d82eb07fe8c2ee91d30b924382683295 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 7 Sep 2022 12:45:59 -0700 Subject: [PATCH 1/2] Fix #1311 This commit fixes #1311 by only rating the lack of a server-enforced ciper order negatively if there is a difference in the quality rating of the ciphers offered for a particular protocol. --- testssl.sh | 114 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 101 insertions(+), 13 deletions(-) diff --git a/testssl.sh b/testssl.sh index 530a706..d7b3b16 100755 --- a/testssl.sh +++ b/testssl.sh @@ -268,6 +268,7 @@ NR_HEADER_FAIL=0 # .. for HTTP_GET PROTOS_OFFERED="" # This keeps which protocol is being offered. See has_server_protocol(). TLS12_CIPHER_OFFERED="" # This contains the hexcode of a cipher known to be supported by the server with TLS 1.2 CURVES_OFFERED="" # This keeps which curves have been detected. Just for error handling +NO_CIPHER_ORDER_LEVEL=5 # This is the finding level to report if the server does not enforce a cipher order for one or more protocol versions. KNOWN_OSSL_PROB=false # We need OpenSSL a few times. This variable is an indicator if we can't connect. Eases handling DETECTED_TLS_VERSION="" # .. as hex string, e.g. 0300 or 0303 APP_TRAF_KEY_INFO="" # Information about the application traffic keys for a TLS 1.3 connection. @@ -4243,6 +4244,7 @@ ciphers_by_strength() { local available proto_supported=false local id local has_dh_bits="$HAS_DH_BITS" + local -i quality worst_cipher=8 best_cipher=0 difference_rating=5 # for local problem if it happens "$wide" || out " " @@ -4505,12 +4507,51 @@ ciphers_by_strength() { fi if "$wide" && [[ "${FUNCNAME[1]}" == run_server_preference ]] && "$proto_supported"; then - if [[ $proto_ossl == tls1_3 ]]; then - outln " (no server order, thus listed by strength)" - elif ! "$serverpref_known"; then + if ! "$serverpref_known"; then outln " (listed by strength)" else - prln_svrty_high " (no server order, thus listed by strength)" + # Determine the best and worst quality level findings for the supported ciphers + for (( i=0 ; i Date: Thu, 20 Oct 2022 12:29:12 -0700 Subject: [PATCH 2/2] Include cipher order information in file output on a per protocol basis This commit fileout() calls to ciphers_by_strength() and cipher_pref_check() to indicate whether or not the server enforces a cipher order for a protocol version. --- t/baseline_data/default_testssl.csvfile | 4 ++++ testssl.sh | 28 ++++++++++++++++++++----- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile index dbb3ba0..9598077 100644 --- a/t/baseline_data/default_testssl.csvfile +++ b/t/baseline_data/default_testssl.csvfile @@ -18,6 +18,7 @@ "cipherlist_AVERAGE","testssl.sh/81.169.166.184","443","LOW","offered","","CWE-310" "cipherlist_GOOD","testssl.sh/81.169.166.184","443","OK","offered","","" "cipherlist_STRONG","testssl.sh/81.169.166.184","443","OK","offered","","" +"cipher_order-tls1","testssl.sh/81.169.166.184","443","OK","server","","" "cipher-tls1_xc014","testssl.sh/81.169.166.184","443","LOW","TLSv1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","","" "cipher-tls1_xc013","testssl.sh/81.169.166.184","443","LOW","TLSv1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","","" "cipher-tls1_x88","testssl.sh/81.169.166.184","443","LOW","TLSv1 x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","","" @@ -26,6 +27,7 @@ "cipher-tls1_x33","testssl.sh/81.169.166.184","443","LOW","TLSv1 x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA","","" "cipher-tls1_x35","testssl.sh/81.169.166.184","443","LOW","TLSv1 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" "cipherorder_TLSv1","testssl.sh/81.169.166.184","443","INFO","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","","" +"cipher_order-tls1_1","testssl.sh/81.169.166.184","443","OK","server","","" "cipher-tls1_1_xc014","testssl.sh/81.169.166.184","443","LOW","TLSv1.1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","","" "cipher-tls1_1_xc013","testssl.sh/81.169.166.184","443","LOW","TLSv1.1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","","" "cipher-tls1_1_x88","testssl.sh/81.169.166.184","443","LOW","TLSv1.1 x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","","" @@ -34,6 +36,7 @@ "cipher-tls1_1_x33","testssl.sh/81.169.166.184","443","LOW","TLSv1.1 x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA","","" "cipher-tls1_1_x35","testssl.sh/81.169.166.184","443","LOW","TLSv1.1 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" "cipherorder_TLSv1_1","testssl.sh/81.169.166.184","443","INFO","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","","" +"cipher_order-tls1_2","testssl.sh/81.169.166.184","443","OK","server","","" "cipher-tls1_2_xc030","testssl.sh/81.169.166.184","443","OK","TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","","" "cipher-tls1_2_xc02f","testssl.sh/81.169.166.184","443","OK","TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","","" "cipher-tls1_2_x9f","testssl.sh/81.169.166.184","443","OK","TLSv1.2 x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","","" @@ -52,6 +55,7 @@ "cipher-tls1_2_x3d","testssl.sh/81.169.166.184","443","LOW","TLSv1.2 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256","","" "cipher-tls1_2_x35","testssl.sh/81.169.166.184","443","LOW","TLSv1.2 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" "cipherorder_TLSv1_2","testssl.sh/81.169.166.184","443","INFO","ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES256-SHA","","" +"cipher_order-tls1_3","testssl.sh/81.169.166.184","443","OK","server","","" "cipher-tls1_3_x1302","testssl.sh/81.169.166.184","443","OK","TLSv1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384","","" "cipher-tls1_3_x1303","testssl.sh/81.169.166.184","443","OK","TLSv1.3 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256","","" "cipher-tls1_3_x1301","testssl.sh/81.169.166.184","443","OK","TLSv1.3 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256","","" diff --git a/testssl.sh b/testssl.sh index d7b3b16..c40a586 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4545,12 +4545,28 @@ ciphers_by_strength() { fi [[ $difference_rating -lt $NO_CIPHER_ORDER_LEVEL ]] && NO_CIPHER_ORDER_LEVEL=$difference_rating + id="cipher_order${proto}" case $difference_rating in - 5) outln " (no server order, thus listed by strength)" ;; - 4) prln_svrty_low " (no server order, thus listed by strength)" ;; - 3) prln_svrty_medium " (no server order, thus listed by strength)" ;; - 2) prln_svrty_high " (no server order, thus listed by strength)" ;; - 1) prln_svrty_critical " (no server order, thus listed by strength)" ;; + 5) + outln " (no server order, thus listed by strength)" + fileout "$id" "INFO" "NOT a cipher order configured" + ;; + 4) + prln_svrty_low " (no server order, thus listed by strength)" + fileout "$id" "LOW" "NOT a cipher order configured" + ;; + 3) + prln_svrty_medium " (no server order, thus listed by strength)" + fileout "$id" "MEDIUM" "NOT a cipher order configured" + ;; + 2) + prln_svrty_high " (no server order, thus listed by strength)" + fileout "$id" "HIGH" "NOT a cipher order configured" + ;; + 1) + prln_svrty_critical " (no server order, thus listed by strength)" + fileout "$id" "CRITICAL" "NOT a cipher order configured" + ;; esac fi elif "$wide" && "$proto_supported" || [[ $proto != -ssl2 ]]; then @@ -7448,8 +7464,10 @@ cipher_pref_check() { fi if "$prioritize_chacha"; then outln " (server order -- server prioritizes ChaCha ciphers when preferred by clients)" + fileout "cipher_order-${proto}" "OK" "server -- server prioritizes ChaCha ciphers when preferred by clients" elif [[ -n "$order" ]]; then outln " (server order)" + fileout "cipher_order-${proto}" "OK" "server" else outln fi