Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2912 from testssl/early_data

Browse Source 
TLS 1.3 early data / 0-RTT
This commit is contained in:
Dirk Wetter
2025-10-09 18:55:14 +02:00
committed by GitHub
parent 8534e72dc3 aacde5dadb
commit 80d05c0831
5 changed files with 841 additions and 760 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -4,6 +4,7 @@
### Features implemented / improvements in 3.3dev ### Features implemented / improvements in 3.3dev
* QUIC protocol check * QUIC protocol check
* TLS 1.3 early data (0-RTT)
* Bump SSLlabs rating guide to 2009r * Bump SSLlabs rating guide to 2009r
* Check for Opossum vulnerability * Check for Opossum vulnerability
* Enable IPv6 automagically, i.e. if target via IPv6 is reachable just (also) scan it * Enable IPv6 automagically, i.e. if target via IPv6 is reachable just (also) scan it

1422
doc/testssl.1
View File

File diff suppressed because it is too large Load Diff

34
doc/testssl.1.html
View File

@@ -470,11 +470,11 @@
encryption sucks. Also this section lists the available encryption sucks. Also this section lists the available
elliptical curves and Diffie Hellman groups, as well as FFDHE elliptical curves and Diffie Hellman groups, as well as FFDHE
groups (TLS 1.2 and TLS 1.3).</p> groups (TLS 1.2 and TLS 1.3).</p>
<p><code>-p, --protocols</code> checks TLS/SSL protocols SSLv2, <p><code>-p, --protocols</code> checks every SSL/TLS protocols:
SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3), SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC
SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and (HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final
several drafts (from 18 on) are tested. QUIC needs OpenSSL &gt;= version and several drafts (from 18 on) are tested. QUIC needs
3.2 which can be automatically picked up when in OpenSSL &gt;= 3.2 which can be automatically picked up when in
<code>/usr/bin/openssl</code> (or when defined environment <code>/usr/bin/openssl</code> (or when defined environment
variable OPENSSL2). If a TLS-1.3-only host is encountered and variable OPENSSL2). If a TLS-1.3-only host is encountered and
the openssl-bad version is used testssl.sh will e.g. for HTTP the openssl-bad version is used testssl.sh will e.g. for HTTP
@@ -493,6 +493,7 @@
<li>Available TLS extensions,</li> <li>Available TLS extensions,</li>
<li>TLS ticket + session ID information/capabilities,</li> <li>TLS ticket + session ID information/capabilities,</li>
<li>session resumption capabilities,</li> <li>session resumption capabilities,</li>
<li>TLS 1.3 early data, a.k.a 0-RTT</li>
<li>Time skew relative to localhost (most server implementations <li>Time skew relative to localhost (most server implementations
return random values).</li> return random values).</li>
<li>Several certificate information <li>Several certificate information
@@ -927,11 +928,11 @@
and when this is set to true, it generates a separate text file and when this is set to true, it generates a separate text file
with epoch times in <code>/tmp/testssl-&lt;XX&gt;.time</code>. with epoch times in <code>/tmp/testssl-&lt;XX&gt;.time</code>.
They need to be concatenated by They need to be concatenated by
<code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code> <!--- <code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code>
* FAST_SOCKET &lt;!—</li>
* SHOW_SIGALGO <li>FAST_SOCKET</li>
* FAST <li>SHOW_SIGALGO</li>
--></li> <li>FAST &gt;</li>
<li>EXPERIMENTAL=true is an option which is sometimes used in <li>EXPERIMENTAL=true is an option which is sometimes used in
the development process to make testing easier. In released the development process to make testing easier. In released
versions this has no effect.</li> versions this has no effect.</li>
@@ -969,10 +970,9 @@
may be made larger on systems with faster processors.</li> may be made larger on systems with faster processors.</li>
<li>MAX_WAIT_TEST is the maximum time (in seconds) to wait for a <li>MAX_WAIT_TEST is the maximum time (in seconds) to wait for a
single test in parallel mass testing mode to complete. The single test in parallel mass testing mode to complete. The
default is 1200. <!--- default is 1200. &lt;!—</li>
* USLEEP_SND <li>USLEEP_SND</li>
* USLEEP_REC <li>USLEEP_REC &gt;</li>
--></li>
<li>HSTS_MIN is preset to 179 (days). If you want warnings <li>HSTS_MIN is preset to 179 (days). If you want warnings
sooner or later for HTTP Strict Transport Security you can sooner or later for HTTP Strict Transport Security you can
change this.</li> change this.</li>
@@ -1194,6 +1194,7 @@
News Transfer Protocol (NNTP)</li> News Transfer Protocol (NNTP)</li>
<li>RFC 8446: The Transport Layer Security (TLS) Protocol <li>RFC 8446: The Transport Layer Security (TLS) Protocol
Version 1.3</li> Version 1.3</li>
<li>RFC 8470: Using Early Data in HTTP</li>
<li>RFC 8701: Applying Generate Random Extensions And Sustain <li>RFC 8701: Applying Generate Random Extensions And Sustain
Extensibility (GREASE) to TLS Extensibility</li> Extensibility (GREASE) to TLS Extensibility</li>
<li>RFC 9000: QUIC: A UDP-Based Multiplexed and Secure <li>RFC 9000: QUIC: A UDP-Based Multiplexed and Secure
@@ -1201,7 +1202,12 @@
<li>W3C CSP: Content Security Policy Level 1-3</li> <li>W3C CSP: Content Security Policy Level 1-3</li>
<li>TLSWG Draft: The Transport Layer Security (TLS) Protocol <li>TLSWG Draft: The Transport Layer Security (TLS) Protocol
Version 1.3</li> Version 1.3</li>
<li>FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism
Standard</li>
</ul> </ul>
<p><a
href="ihttps://www.rfc-editor.org/search/rfc_search_detail.php?title=TLS&amp;page=All">More
RFCs</a> might be applicable.</p>
<h2 id="exit-status">EXIT STATUS</h2> <h2 id="exit-status">EXIT STATUS</h2>
<ul> <ul>
<li>0 testssl.sh finished successfully without errors and <li>0 testssl.sh finished successfully without errors and

9
doc/testssl.1.md
View File

@@ -178,7 +178,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
`-f, --fs, --nsa, --forward-secrecy` Checks robust forward secrecy key exchange. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1.2 and TLS 1.3). `-f, --fs, --nsa, --forward-secrecy` Checks robust forward secrecy key exchange. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1.2 and TLS 1.3).
`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and several drafts (from 18 on) are tested. QUIC needs OpenSSL >= 3.2 which can be automatically picked up when in `/usr/bin/openssl` (or when defined environment variable OPENSSL2). If a TLS-1.3-only host is encountered and the openssl-bad version is used testssl.sh will e.g. for HTTP header checks switch to `/usr/bin/openssl` (or when defined via ENV to OPENSSL2). Also this will be tried for the QUIC check. `-p, --protocols` checks every SSL/TLS protocols: SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and several drafts (from 18 on) are tested. QUIC needs OpenSSL >= 3.2 which can be automatically picked up when in `/usr/bin/openssl` (or when defined environment variable OPENSSL2). If a TLS-1.3-only host is encountered and the openssl-bad version is used testssl.sh will e.g. for HTTP header checks switch to `/usr/bin/openssl` (or when defined via ENV to OPENSSL2). Also this will be tried for the QUIC check.
`-P, --server-preference, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol. `-P, --server-preference, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol.
@@ -187,6 +187,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
* Available TLS extensions, * Available TLS extensions,
* TLS ticket + session ID information/capabilities, * TLS ticket + session ID information/capabilities,
* session resumption capabilities, * session resumption capabilities,
* TLS 1.3 early data, a.k.a 0-RTT
* Time skew relative to localhost (most server implementations return random values). * Time skew relative to localhost (most server implementations return random values).
* Several certificate information * Several certificate information
- signature algorithm, - signature algorithm,
@@ -525,10 +526,14 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
* RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security * RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security
* RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) * RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
* RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 * RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
* RFC 8470: Using Early Data in HTTP
* RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility * RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
* RFC 9000: QUIC: A UDP-Based Multiplexed and Secure Transport * RFC 9000: QUIC: A UDP-Based Multiplexed and Secure Transport
* W3C CSP: Content Security Policy Level 1-3 * W3C CSP: Content Security Policy Level 1-3
* TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3 * TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3
* FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
[More RFCs](ihttps://www.rfc-editor.org/search/rfc_search_detail.php?title=TLS&page=All) might be applicable.
## EXIT STATUS ## EXIT STATUS
@@ -549,7 +554,7 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
* 252 (ERR_FNAMEPARSE) Input file couldn't be parsed * 252 (ERR_FNAMEPARSE) Input file couldn't be parsed
* 253 (ERR_FCREATE) Output file couldn't be created * 253 (ERR_FCREATE) Output file couldn't be created
* 254 (ERR_CMDLINE) Cmd line couldn't be parsed * 254 (ERR_CMDLINE) Cmd line couldn't be parsed
* 255 (ERR_BASH) Bash version incorrect * 255 (ERR_BASH) Bash version incorrect
## FILES ## FILES

135
testssl.sh
View File

@@ -247,10 +247,10 @@ CIPHERS_BY_STRENGTH_FILE=""
TLS_DATA_FILE="" # mandatory file for socket-based handshakes TLS_DATA_FILE="" # mandatory file for socket-based handshakes
OPENSSL="" # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl OPENSSL="" # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl
OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL) OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL)
OPENSSL2_HAS_TLS_1_3=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true HAS2_TLS13=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true
OPENSSL2_HAS_CHACHA20=false HAS2_CHACHA20=false
OPENSSL2_HAS_AES128_GCM=false HAS2_AES128_GCM=false
OPENSSL2_HAS_AES256_GCM=false HAS2_AES256_GCM=false
OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # If you don't want automagically switch from $OPENSSL to $OPENSSL2 for TLS 1.3-only hosts, set this to false OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # If you don't want automagically switch from $OPENSSL to $OPENSSL2 for TLS 1.3-only hosts, set this to false
OPENSSL_LOCATION="" OPENSSL_LOCATION=""
OPENSSL_NOTIMEOUT="" # Needed for renegotiation tests OPENSSL_NOTIMEOUT="" # Needed for renegotiation tests
@@ -5560,6 +5560,7 @@ run_prototest_openssl() {
# #
# arg1: protocol # arg1: protocol
# arg2: available (yes) or not (no) # arg2: available (yes) or not (no)
#
add_proto_offered() { add_proto_offered() {
# the ":" is mandatory here (and @ other places), otherwise e.g. tls1 will match tls1_2 # the ":" is mandatory here (and @ other places), otherwise e.g. tls1 will match tls1_2
if [[ "$2" == yes ]] && [[ "$PROTOS_OFFERED" =~ $1:no ]]; then if [[ "$2" == yes ]] && [[ "$PROTOS_OFFERED" =~ $1:no ]]; then
@@ -5571,7 +5572,7 @@ add_proto_offered() {
fi fi
} }
# function which checks whether SSLv2 - TLS 1.2 is being offered, see add_proto_offered() # function which checks whether the supplied protocol was tested to be offered; see also add_proto_offered()
# arg1: protocol string or hex code for TLS protocol # arg1: protocol string or hex code for TLS protocol
# echos: 0 if proto known being offered, 1: known not being offered, 2: we don't know yet whether proto is being offered # echos: 0 if proto known being offered, 1: known not being offered, 2: we don't know yet whether proto is being offered
# return value is always zero # return value is always zero
@@ -7130,6 +7131,59 @@ sub_session_resumption() {
return $ret return $ret
} }
# Tests for TSL 1.3 early data / 0-RTT (see RFC 8470). Defer processing or HTTP 425 is not yet tested.
# Returns:
# - 0: Early Data was accepted
# - 1: not
# - 2: no TLS 1.3
# - 3: STARTTLS
# - 4/5: problem with openssl binary
# - 6: Client Auth not possible
# - 7: no session data
#
sub_early_data() {
local sess_data=$TEMPDIR/session_data.log
local early_data=$TEMPDIR/early_data.log
local openssl_bin=""
[[ "$CLIENT_AUTH" == required ]] && [[ -z "$MTLS" ]] && return 6
[[ $(has_server_protocol 04) -eq 1 ]] && return 2
[[ -n "$STARTTLS" ]] && return 3
if "$HAS_TLS13"; then
openssl_bin=$OPENSSL
elif "$HAS2_TLS13"; then
openssl_bin="$OPENSSL2"
else
return 4
fi
if "$HAS_EARLYDATA"; then
# OpenSSL also has early data, LibreSSL won't succeeded here
openssl_bin=$OPENSSL
elif "$HAS2_EARLYDATA"; then
openssl_bin="$OPENSSL2"
else
return 5
fi
safe_echo "HEAD / HTTP/1.1\r\nHost: $NODE\r\nConnection: close\r\nEarly-Data: 1\r\n\r\n" > $early_data
$openssl_bin s_client $(s_client_options "$STARTTLS $BUGS -tls1_3 -connect $NODEIP:$PORT $PROXY $SNI") -sess_out $sess_data -ign_eof \
< $early_data >/dev/null 2>$ERRFILE
if [[ ! -s "$sess_data" ]]; then
exit 7
fi
$openssl_bin s_client $(s_client_options "$STARTTLS $BUGS -tls1_3 -connect $NODEIP:$PORT $PROXY $SNI") -sess_in $sess_data \
-early_data $early_data </dev/null 2>$ERRFILE | grep -qi '^Early Data was accepted'
if [[ $? -eq 0 ]]; then
return 0
else
return 1
fi
}
run_server_preference() { run_server_preference() {
local cipher1="" cipher2="" tls13_cipher1="" tls13_cipher2="" default_proto="" local cipher1="" cipher2="" tls13_cipher1="" tls13_cipher2="" default_proto=""
local default_cipher="" ciph local default_cipher="" ciph
@@ -10665,20 +10719,20 @@ run_server_defaults() {
jsonID="sessionresumption_ticket" jsonID="sessionresumption_ticket"
sub_session_resumption "$sessticket_proto" sub_session_resumption "$sessticket_proto"
case $? in case $? in
0) out "Tickets: yes, " 0) out "tickets: yes, "
fileout "$jsonID" "INFO" "supported" fileout "$jsonID" "INFO" "supported"
;; ;;
1) out "Tickets no, " 1) out "tickets no, "
fileout "$jsonID" "INFO" "not supported" fileout "$jsonID" "INFO" "not supported"
;; ;;
5) pr_warning "Ticket resumption test failed, pls report / " 5) pr_warning "ticket resumption test failed, pls report / "
fileout "$jsonID" "WARN" "check failed, pls report" fileout "$jsonID" "WARN" "check failed, pls report"
((ret++)) ((ret++))
;; ;;
6) pr_warning "Client Auth: Ticket resumption test not supported / " 6) pr_warning "Client Auth: Ticket resumption test not supported / "
fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication" fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication"
;; ;;
7) pr_warning "Connect problem: Ticket resumption test not possible / " 7) pr_warning "connect problem: Ticket resumption test not possible / "
fileout "$jsonID" "WARN" "check failed because of connect problem" fileout "$jsonID" "WARN" "check failed because of connect problem"
((ret++)) ((ret++))
;; ;;
@@ -10711,6 +10765,43 @@ run_server_defaults() {
esac esac
fi fi
pr_bold " TLS 1.3 early data support "
jsonID="early_data"
if "$NO_SSL_SESSIONID"; then
pr_svrty_good "no early data"; outln " (no SSL session ID)"
fileout "$jsonID" "OK" "No early data: no session SSL ID"
else
sub_early_data
case $? in
0) out "offered, potentially " ; pr_svrty_high "NOT ok"; outln " (check context, see e.g. RFC 8446 E.5)"
fileout "$jsonID" "HIGH" "supported"
# https://www.rfc-editor.org/rfc/rfc8446#appendix-E.5
;;
1) prln_svrty_good "no early data offered"
fileout "$jsonID" "OK" "No early data"
;;
2) outln "not offered, as no TLS 1.3 offered"
fileout "$jsonID" "INFO" "No TLS 1.3 offered"
;;
3) outln "not tested, as STARTTLS doesn't offer that"
fileout "$jsonID" "OK" "not tested, as STARTTLS doesn't offer that"
;;
4) prln_warning "couldn't test it, no OpenSSL TLS 1.3 support"
fileout "$jsonID" "WARN" "no OpenSSL support TLS 1.3 support"
;;
5) prln_warning "couldn't test it, no OpenSSL early_data support"
fileout "$jsonID" "INFO" "no OpenSSL early_data support"
;;
6) prln_warning "Client Auth: early data check not supported"
fileout "$jsonID" "WARN" "check couldn't be performed because of client authentication"
;;
7) prln_warning "check failed (no session data"
fileout "$jsonID" "WARN" "check failed (no session data)"
((ret++))
;;
esac
fi
tls_time tls_time
jsonID="cert_compression" jsonID="cert_compression"
@@ -13434,7 +13525,7 @@ chacha20() {
if "$HAS_CHACHA20"; then if "$HAS_CHACHA20"; then
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
enc_chacha_used=true enc_chacha_used=true
elif "$OPENSSL2_HAS_CHACHA20"; then elif "$HAS2_CHACHA20"; then
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780 # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
enc_chacha_used=true enc_chacha_used=true
@@ -14135,7 +14226,7 @@ gcm-decrypt() {
if "$HAS_AES128_GCM"; then if "$HAS_AES128_GCM"; then
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
enc_aesgcm_used=true enc_aesgcm_used=true
elif "$OPENSSL2_HAS_AES128_GCM"; then elif "$HAS2_AES128_GCM"; then
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780 # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
enc_aesgcm_used=true enc_aesgcm_used=true
@@ -14144,7 +14235,7 @@ gcm-decrypt() {
if "$HAS_AES256_GCM"; then if "$HAS_AES256_GCM"; then
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
aesgcm_used=true aesgcm_used=true
elif "$OPENSSL2_HAS_AES256_GCM"; then elif "$HAS2_AES256_GCM"; then
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780 # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')" plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
enc_aesgcm_used=true enc_aesgcm_used=true
@@ -21137,7 +21228,7 @@ find_openssl_binary() {
# Kind of fine this way as openssl 1.1.1 supports early_data, came with tls 1.3 # Kind of fine this way as openssl 1.1.1 supports early_data, came with tls 1.3
if $OPENSSL s_client -help 2>&1 | grep -q early_data ; then if $OPENSSL s_client -help 2>&1 | grep -q early_data ; then
HAS_EARLYDATA=true HAS_EARLYDATA=true
elif OPENSSL_CONF='' $OPENSS2 s_client --help 2>&1 | grep -q early_data ; then elif OPENSSL_CONF='' $OPENSSL2 s_client --help 2>&1 | grep -q early_data ; then
HAS2_EARLYDATA=true HAS2_EARLYDATA=true
fi fi
@@ -21234,15 +21325,15 @@ find_openssl_binary() {
if [[ $OPENSSL2 != $OPENSSL ]] && [[ -x $OPENSSL2 ]]; then if [[ $OPENSSL2 != $OPENSSL ]] && [[ -x $OPENSSL2 ]]; then
if ! "$HAS_CHACHA20"; then if ! "$HAS_CHACHA20"; then
OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test" OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test"
[[ $? -eq 0 ]] && OPENSSL2_HAS_CHACHA20=true [[ $? -eq 0 ]] && HAS2_CHACHA20=true
fi fi
if ! "$HAS_AES128_GCM"; then if ! "$HAS_AES128_GCM"; then
OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test" OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES128_GCM=true [[ $? -eq 0 ]] && HAS2_AES128_GCM=true
fi fi
if ! "$HAS_AES256_GCM"; then if ! "$HAS_AES256_GCM"; then
OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test" OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES256_GCM=true [[ $? -eq 0 ]] && HAS2_AES256_GCM=true
fi fi
# Now check whether the standard $OPENSSL has Unix-domain socket and xmpp-server support. If # Now check whether the standard $OPENSSL has Unix-domain socket and xmpp-server support. If
@@ -21256,7 +21347,7 @@ find_openssl_binary() {
grep -q 'xmpp-server' $s_client2_starttls_has && HAS_XMPP_SERVER2=true grep -q 'xmpp-server' $s_client2_starttls_has && HAS_XMPP_SERVER2=true
# Likely we don't need the following second check here, see 6 lines above # Likely we don't need the following second check here, see 6 lines above
if grep -wq 'tls1_3' $s_client_has2; then if grep -wq 'tls1_3' $s_client_has2; then
OPENSSL_CONF='' OPENSSL2_HAS_TLS_1_3=true OPENSSL_CONF='' HAS2_TLS13=true
fi fi
fi fi
fi fi
@@ -21598,10 +21689,10 @@ HAS_CURVES: $HAS_CURVES
OSSL_SUPPORTED_CURVES: $OSSL_SUPPORTED_CURVES OSSL_SUPPORTED_CURVES: $OSSL_SUPPORTED_CURVES
OPENSSL2: $OPENSSL2 ($($OPENSSL2 version -v 2>/dev/null)) OPENSSL2: $OPENSSL2 ($($OPENSSL2 version -v 2>/dev/null))
OPENSSL2_HAS_TLS_1_3: $OPENSSL2_HAS_TLS_1_3 HAS2_TLS13: $HAS2_TLS13
OPENSSL2_HAS_CHACHA20: $OPENSSL2_HAS_CHACHA20 HAS2_CHACHA20: $HAS2_CHACHA20
OPENSSL2_HAS_AES128_GCM: $OPENSSL2_HAS_AES128_GCM HAS2_AES128_GCM: $HAS2_AES128_GCM
OPENSSL2_HAS_AES256_GCM: $OPENSSL2_HAS_AES256_GCM HAS2_AES256_GCM: $HAS2_AES256_GCM
HAS_SSL2: $HAS_SSL2 HAS_SSL2: $HAS_SSL2
HAS_SSL3: $HAS_SSL3 HAS_SSL3: $HAS_SSL3
@@ -23104,7 +23195,7 @@ determine_optimal_proto() {
[[ $? -ne 0 ]] && exit $ERR_CLUELESS [[ $? -ne 0 ]] && exit $ERR_CLUELESS
elif "$all_failed" && ! "$ALL_FAILED_SOCKETS"; then elif "$all_failed" && ! "$ALL_FAILED_SOCKETS"; then
if ! "$HAS_TLS13" && "$TLS13_ONLY"; then if ! "$HAS_TLS13" && "$TLS13_ONLY"; then
if "$OPENSSL2_HAS_TLS_1_3"; then if "$HAS2_TLS13"; then
if "$OSSL_SHORTCUT" || [[ "$WARNINGS" == batch ]]; then if "$OSSL_SHORTCUT" || [[ "$WARNINGS" == batch ]]; then
# switch w/o asking # switch w/o asking
OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched automagically from\n \"$OPENSSL\" to \"$OPENSSL2\"." OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched automagically from\n \"$OPENSSL\" to \"$OPENSSL2\"."