diff --git a/testssl.sh b/testssl.sh index a19b18a..b5ee808 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9174,16 +9174,23 @@ run_lucky13() { # http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html run_rc4() { local -i rc4_offered=0 - local -i sclient_success - local hexcode dash rc4_cipher sslvers kx auth enc mac export - local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5" - local rc4_ssl2_ciphers_list="RC4-MD5:RC4-64-MD5:EXP-RC4-MD5" - local rc4_detected="" - local available="" + local -i nr_ciphers=0 nr_ossl_ciphers=0 nr_nonossl_ciphers=0 ret + local n auth mac export hexc sslv2_ciphers_hex="" sslv2_ciphers_ossl="" s + local -a normalized_hexcode hexcode ciph sslvers kx enc export2 sigalg ossl_supported + local -i i + local -a ciphers_found ciphers_found2 hexcode2 ciph2 sslvers2 rfc_ciph2 + local -i -a index + local dhlen available="" ciphers_to_test supported_sslv2_ciphers addcmd="" + local has_dh_bits="$HAS_DH_BITS" rc4_detected="" + local using_sockets=true local cve="CVE-2013-2566, CVE-2015-2808" local cwe="CWE-310" local hint="" + "$SSL_NATIVE" && using_sockets=false + "$FAST" && using_sockets=false + [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false + if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Checking for vulnerable RC4 Ciphers " @@ -9193,62 +9200,215 @@ run_rc4() { fi pr_bold " RC4"; out " ($cve) " - $OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE >$ERRFILE) fi - if [[ $sclient_success -eq 0 ]]; then + + if "$using_sockets" && [[ -n "$sslv2_ciphers_hex" ]]; then + sslv2_sockets "${sslv2_ciphers_hex:2}" "true" + if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then + supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")" + "$WIDE" && "$SHOW_SIGALGO" && s="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)" + for (( i=0 ; i$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE - else - $OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $TMPFILE 2>$ERRFILE - fi - sclient_connect_successful $? $TMPFILE - sclient_success=$? # here we may have a fp with openssl < 1.0, TBC - if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then + for (( i=0 ; i$TEMPDIR/environment.txt << EOF @@ -9667,7 +9827,7 @@ EOF if [[ -e $CIPHERS_BY_STRENGTH_FILE ]]; then "$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)" ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)" - while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do + while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] mac TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do TLS_CIPHER_HEXCODE[TLS_NR_CIPHERS]="$hexc" TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=false if [[ ${#hexc} -eq 9 ]]; then @@ -9945,7 +10105,7 @@ get_local_aaaa() { local etchosts="/etc/hosts /c/Windows/System32/drivers/etc/hosts" # for security testing sometimes we have local entries. Getent is BS under Linux for localhost: No network, no resolution - ip6=$(grep -wh "$NODE" $etchosts 2>/dev/null | grep ':' | grep -v '^#' | egrep "[[:space:]]$NODE" | awk '{ print $1 }') + ip6=$(grep -wh "$1" $etchosts 2>/dev/null | grep ':' | egrep -v '^#|\.local' | egrep "[[:space:]]$1" | awk '{ print $1 }') if is_ipv6addr "$ip6"; then echo "$ip6" else @@ -9958,7 +10118,7 @@ get_local_a() { local etchosts="/etc/hosts /c/Windows/System32/drivers/etc/hosts" # for security testing sometimes we have local entries. Getent is BS under Linux for localhost: No network, no resolution - ip4=$(grep -wh "$1[^\.]" $etchosts 2>/dev/null | egrep -v ':|^#' | egrep "[[:space:]]$1" | awk '{ print $1 }') + ip4=$(grep -wh "$1" $etchosts 2>/dev/null | egrep -v ':|^#|\.local' | egrep "[[:space:]]$1" | awk '{ print $1 }') if is_ipv4addr "$ip4"; then echo "$ip4" else