From d67fff322307bf358dea55e8a8dd68bf20ade36d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 26 Jul 2016 10:22:36 -0400 Subject: [PATCH 01/11] SSLv2 fixes for server preference This PR addresses two issues related to SSLv2 for "--server-preference" checks. First, some versions of OpenSSL that support SSLv2 will fail if `s_client` is provided both the `-ssl2` and `-servername` options. Second, the line for extracting the chosen cipher,`cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)`, fails for SSLv2. For SSLv2, the output from `$OPENSSL s_client` is as shown below, and the `cipher=` line extracts the word `between` from `Ciphers common between both SSL endpoints:` rather than `IDEA-CBC-MD5` from ` Cipher : IDEA-CBC-MD5`. ``` ... Ciphers common between both SSL endpoints: RC4-MD5 RC2-CBC-MD5 IDEA-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 --- SSL handshake has read 1191 bytes and written 373 bytes --- New, SSLv2, Cipher is IDEA-CBC-MD5 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv2 Cipher : IDEA-CBC-MD5 ... ``` --- testssl.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5245616..0591e93 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3456,7 +3456,11 @@ run_server_preference() { out " (SSLv3: "; local_problem "$OPENSSL doesn't support \"s_client -ssl3\"" ; outln ")"; continue fi - $OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$ERRFILE >$TMPFILE + if [[ "$p" =~ ssl ]]; then + $OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY >$ERRFILE >$TMPFILE + else + $OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$ERRFILE >$TMPFILE + fi if sclient_connect_successful $? $TMPFILE; then proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g') cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') @@ -3587,7 +3591,7 @@ check_tls12_pref() { cipher_pref_check() { - local p proto protos npn_protos + local p proto protos npn_protos sni local tested_cipher cipher order local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA" @@ -3604,11 +3608,12 @@ cipher_pref_check() { continue fi # with the supplied binaries SNI works also for SSLv2 (+ SSLv3) - $OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI $ERRFILE >$TMPFILE + [[ "$p" =~ ssl ]] && sni="" || sni=$SNI + $OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $sni $ERRFILE >$TMPFILE if sclient_connect_successful $? $TMPFILE; then tested_cipher="" proto=$(awk '/Protocol/ { print $3 }' $TMPFILE) - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE) [[ -z "$proto" ]] && continue # for early openssl versions sometimes needed outln printf " %-10s" "$proto: " @@ -3631,9 +3636,9 @@ cipher_pref_check() { else out " $cipher" # this is the first cipher for protocol while true; do - $OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI >$ERRFILE >$TMPFILE + $OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni >$ERRFILE >$TMPFILE sclient_connect_successful $? $TMPFILE || break - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE) out " $cipher" order+=" $cipher" tested_cipher="$tested_cipher:-$cipher" From 358a4082e8b6339b8830a80c638533c546923b29 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 11 Aug 2016 14:16:33 -0400 Subject: [PATCH 02/11] Move printing of results out of sslv2_sockets() This PR addresses the "FIXME" in `run_protocols()`: ``` sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level ``` It also changes `run_drown()` to call `sslv2_sockets()` in order to avoid duplicate code. --- testssl.sh | 92 ++++++++++++++++++++++++------------------------------ 1 file changed, 41 insertions(+), 51 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..1b06630 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2922,6 +2922,7 @@ run_protocols() { local supported_no_ciph2="supported but couldn't detect a cipher" local latest_supported="" # version.major and version.minor of highest version supported by the server. local detected_version_string latest_supported_string + local lines nr_ciphers_detected local extra_spaces=" " outln; pr_headline " Testing protocols " @@ -2946,7 +2947,40 @@ run_protocols() { pr_bold " SSLv2 $extra_spaces"; if ! "$SSL_NATIVE"; then - sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level + sslv2_sockets + case $? in + 7) # strange reply, couldn't convert the cipher spec length to a hex number + pr_cyan "strange v2 reply " + outln " (rerun with DEBUG >=2)" + [[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1 + fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)" + ;; + 1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP! + pr_done_bestln "not offered (OK)" + fileout "sslv2" "OK" "SSLv2 not offered (OK)" + ;; + 0) # reset + pr_done_bestln "not offered (OK)" + fileout "sslv2" "OK" "SSLv2 not offered (OK)" + ;; + 3) # everything else + lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)") + [[ "$DEBUG" -ge 2 ]] && out " ($lines lines) " + if [[ "$lines" -gt 1 ]]; then + nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) + add_tls_offered "ssl2" + if [[ 0 -eq "$nr_ciphers_detected" ]]; then + pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 "; + fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197" + else + pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack"; + outln " -- $nr_ciphers_detected ciphers" + fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected" + fi + fi ;; + esac + pr_off + debugme outln else run_prototest_openssl "-ssl2" case $? in @@ -5607,7 +5641,7 @@ parse_tls_serverhello() { sslv2_sockets() { - local nr_ciphers_detected + local ret fd_socket 5 || return 6 debugme outln "sending client hello... " @@ -5621,43 +5655,7 @@ sslv2_sockets() { fi parse_sslv2_serverhello "$SOCK_REPLY_FILE" - case $? in - 7) # strange reply, couldn't convert the cipher spec length to a hex number - pr_cyan "strange v2 reply " - outln " (rerun with DEBUG >=2)" - [[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1 - ret=7 - fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)" - ;; - 1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP! - pr_done_bestln "not offered (OK)" - ret=0 - fileout "sslv2" "OK" "SSLv2 not offered (OK)" - ;; - 0) # reset - pr_done_bestln "not offered (OK)" - ret=0 - fileout "sslv2" "OK" "SSLv2 not offered (OK)" - ;; - 3) # everything else - lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)") - [[ "$DEBUG" -ge 2 ]] && out " ($lines lines) " - if [[ "$lines" -gt 1 ]]; then - nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) - add_tls_offered "ssl2" - if [[ 0 -eq "$nr_ciphers_detected" ]]; then - pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 "; - fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197" - else - pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack"; - outln " -- $nr_ciphers_detected ciphers" - fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected" - fi - ret=1 - fi ;; - esac - pr_off - debugme outln + ret=$? close_socket TMPFILE=$SOCK_REPLY_FILE @@ -6651,26 +6649,18 @@ run_drown() { fi # if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. " - fd_socket 5 || return 6 - debugme outln "sending client hello... " - socksend_sslv2_clienthello "$SSLv2_CLIENT_HELLO" - sockread_serverhello 32768 - debugme outln "reading server hello... " - if [[ "$DEBUG" -ge 4 ]]; then - hexdump -C "$SOCK_REPLY_FILE" | head -6 - outln - fi - parse_sslv2_serverhello "$SOCK_REPLY_FILE" + sslv2_sockets + case $? in 7) # strange reply, couldn't convert the cipher spec length to a hex number fixme "strange v2 reply " outln " (rerun with DEBUG >=2)" - [[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1 + [[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1 ret=7 fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)" ;; 3) # vulnerable - lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)") + lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)") debugme out " ($lines lines) " if [[ "$lines" -gt 1 ]]; then nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) From 2b7a77979c69a5b3447654eec2c205fe66a95c3d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 11 Aug 2016 14:40:20 -0400 Subject: [PATCH 03/11] Fix "--devel" with SSLv2 If testssl.sh is called with `--devel 22` and the response from `sslv2_sockets()` is not 0, then `tls_sockets()` will be called, and the result of the `tls_sockets()` command will be output rather than the result of the `sslv2_sockets()` command. --- testssl.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..4bf34dd 100755 --- a/testssl.sh +++ b/testssl.sh @@ -8527,9 +8527,8 @@ lets_roll() { determine_rdns determine_service "$1" # any starttls service goes here - $do_tls_sockets && { [[ $TLS_LOW_BYTE -eq 22 ]] && \ - sslv2_sockets || \ - tls_sockets "$TLS_LOW_BYTE" "$HEX_CIPHER"; echo "$?" ; exit 0; } + $do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets; echo "$?" ; exit 0; } + $do_tls_sockets && [[ $TLS_LOW_BYTE -ne 22 ]] && { tls_sockets "$TLS_LOW_BYTE" "$HEX_CIPHER"; echo "$?" ; exit 0; } $do_test_just_one && test_just_one ${single_cipher} # all top level functions now following have the prefix "run_" From 7dd1d15e9a2779a0c687ebcb719193b382fc8cda Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 23 Aug 2016 11:31:04 -0400 Subject: [PATCH 04/11] run_ssl_poodle() when OpenSSL doesn't support SSLv3 If the version of OpenSSL being used doesn't support `s_client -ssl3` (e.g., OpenSSL 1.1.0), `run_ssl_poodle()` displays `not vulnerable (OK)` even though it can't test whether the server is vulnerable. This PR fixes it so that a "Local problem" warning is displayed is `s_client -ssl3` isn't supported. The PR also removes the `$SNI` from the call to `$OPENSSL s_client` since OpenSSL ignores the `-servername` directive for `-ssl3` anyways. --- testssl.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..fb6cd1d 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6447,10 +6447,11 @@ run_ssl_poodle() { [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln pr_bold " POODLE, SSL"; out " (CVE-2014-3566) " + locally_supported "-ssl3" || return 1 cbc_ciphers=$(actually_supported_ciphers $cbc_ciphers) debugme echo $cbc_ciphers - $OPENSSL s_client -ssl3 $STARTTLS $BUGS -cipher $cbc_ciphers -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE Date: Tue, 23 Aug 2016 11:35:03 -0400 Subject: [PATCH 05/11] Return 0 even if test couldn't be performed --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index fb6cd1d..f8ba8c5 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6447,7 +6447,7 @@ run_ssl_poodle() { [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln pr_bold " POODLE, SSL"; out " (CVE-2014-3566) " - locally_supported "-ssl3" || return 1 + locally_supported "-ssl3" || return 0 cbc_ciphers=$(actually_supported_ciphers $cbc_ciphers) debugme echo $cbc_ciphers From 0fcb2bcb44503c16b71b7848834f4db7e969251e Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 23 Aug 2016 12:29:31 -0400 Subject: [PATCH 06/11] Fix SSLv2-only test in determine_optimal_proto() The test for whether a server only supports SSLv2 was broken, since `$OPTIMAL_PROTO` will be `-ssl2` whether SSLv2 is the only protocol that succeeds or no protocol succeeds. This PR sets $OPTIMAL_PROTO (or $STARTTLS_OPTIMAL_PROTO) to "" if no protocol succeeds. --- testssl.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/testssl.sh b/testssl.sh index 1d91590..7f76b99 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7828,6 +7828,7 @@ determine_optimal_proto() { fi all_failed=0 done + [[ $all_failed -eq 0 ]] && STARTTLS_OPTIMAL_PROTO="" debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO" else for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do @@ -7839,6 +7840,7 @@ determine_optimal_proto() { fi all_failed=0 done + [[ $all_failed -eq 0 ]] && OPTIMAL_PROTO="" debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO" if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then pr_magentaln "$NODEIP:$PORT appears to only support SSLv2." From 7cfe97f23ad2eeb81c0a7ed8a9a10d915eda06e9 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 23 Aug 2016 12:37:22 -0400 Subject: [PATCH 07/11] Warning on BEAST when no local SSLv3 support If the version of OpenSSL being used doesn't support `s_client -ssl3` (e.g., OpenSSL 1.1.0), `run_beast()` doesn't display a warning that testing for CBC in SSLv3 isn't locally supported. This PR adds a "Local problem" warning if the OpenSSL being used doesn't support `s_client -ssl3`. --- testssl.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..507fd6e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6742,11 +6742,21 @@ run_beast(){ done for proto in ssl3 tls1; do + if [[ "$proto" == "ssl3" ]] && ! locally_supported "-$proto"; then + continued=true + out " " + continue + fi $OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE Date: Wed, 24 Aug 2016 10:14:12 -0400 Subject: [PATCH 08/11] OpenSSL 1.1.0 doesn't have "-no_ssl2" option With OpenSSL 1.1.0, `s_client -no_ssl2` fails with an "unknown option" error. At the moment the `-no_ssl2` option is only used in two functions, `run_client_simulation()` and `run_crime()`. In `run_crime()`, the `-no_ssl2` option is only included if the OpenSSL version is 0.9.8. This PR checks whether the OpenSSL version in use supports the `-no_ssl2` option, and if it doesn't, it removes it from the calls to `s_client` in `run_client_simulation()`. --- testssl.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/testssl.sh b/testssl.sh index 1d91590..54086ff 100755 --- a/testssl.sh +++ b/testssl.sh @@ -212,6 +212,7 @@ OSSL_VER_APPENDIX="none" HAS_DH_BITS=${HAS_DH_BITS:-false} # initialize openssl variables HAS_SSL2=false HAS_SSL3=false +HAS_NO_SSL2=false HAS_ALPN=false HAS_SPDY=false ADD_RFC_STR="rfc" # display RFC ciphernames @@ -2798,6 +2799,7 @@ run_client_simulation() { [[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE fi else + ! "$HAS_NO_SSL2" && protos[i]="$(sed 's/-no_ssl2//' <<< "${protos[i]}")" $OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} $TMPFILE 2>$ERRFILE debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} &1 | grep -aq "unknown option" || \ HAS_SSL3=true + $OPENSSL s_client -no_ssl2 2>&1 | grep -aq "unknown option" || \ + HAS_NO_SSL2=true + $OPENSSL s_client -help 2>&1 | grep -qw '\-alpn' && \ HAS_ALPN=true @@ -7270,6 +7275,7 @@ OPENSSL_CONF: $OPENSSL_CONF HAS_IPv6: $HAS_IPv6 HAS_SSL2: $HAS_SSL2 HAS_SSL3: $HAS_SSL3 +HAS_NO_SSL2: $HAS_NO_SSL2 HAS_SPDY: $HAS_SPDY HAS_ALPN: $HAS_ALPN From 98dc3bfadb2545fd599aa5bf5e9ed85312e46317 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 25 Aug 2016 15:23:53 -0400 Subject: [PATCH 09/11] Support DH server keys When `certificate_info()` is given a certificate with a DH public key it displays something like: ``` Server key size fixme: dhKeyAgreement 3072 bits (FIXME: can't tell whether this is good or not) ``` This PR fixes that so that the output is: ``` Server key size DH 3072 bits ``` --- testssl.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..21a184c 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4216,6 +4216,7 @@ certificate_info() { *DSA*|*dsa*) out "DSA ";; *ecdsa*|*ecPublicKey) out "ECDSA ";; *GOST*|*gost*) out "GOST ";; + *dh*|*DH*) out "DH " ;; *) pr_warning "fixme: $cert_key_algo " ;; esac # https://tools.ietf.org/html/rfc4492, http://www.keylength.com/en/compare/ @@ -4243,7 +4244,8 @@ certificate_info() { fileout "${json_prefix}key_size" "DEBUG" "Server keys $cert_keysize bits (not expected)" fi outln " bits" - elif [[ $cert_key_algo = *RSA* ]] || [[ $cert_key_algo = *rsa* ]] || [[ $cert_key_algo = *dsa* ]]; then + elif [[ $cert_key_algo = *RSA* ]] || [[ $cert_key_algo = *rsa* ]] || [[ $cert_key_algo = *dsa* ]] || \ + [[ $cert_key_algo =~ dhKeyAgreement ]] || [[ $cert_key_algo =~ "X9.42 DH" ]]; then if [[ "$cert_keysize" -le 512 ]]; then pr_svrty_critical "$cert_keysize" outln " bits" From 54a66b9d884a3aa3dff6e0e25b49f7031576c73c Mon Sep 17 00:00:00 2001 From: Dirk Date: Sun, 28 Aug 2016 21:41:30 +0200 Subject: [PATCH 10/11] - minor output fixes - removed "experimental" from TLS_FALLBACK_SCSV + DROWN - bumped up version to rc2 --- testssl.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index 39da531..69098c4 100755 --- a/testssl.sh +++ b/testssl.sh @@ -83,7 +83,7 @@ readonly PS4='${LINENO}> ${FUNCNAME[0]:+${FUNCNAME[0]}(): }' # make sure that temporary files are cleaned up after use in ANY case trap "cleanup" QUIT EXIT -readonly VERSION="2.8rc1" +readonly VERSION="2.8rc2" readonly SWCONTACT="dirk aet testssl dot sh" egrep -q "dev|rc" <<< "$VERSION" && \ SWURL="https://testssl.sh/dev/" || @@ -3163,7 +3163,6 @@ run_protocols() { 1) pr_svrty_mediumln "not offered" if ! "$using_sockets" || ! "$EXPERIMENTAL" || [[ -z $latest_supported ]]; then - outln fileout "tls1_2" "MEDIUM" "TLSv1.2 is not offered" # no GCM, penalty else pr_svrty_criticalln " -- connection failed rather than downgrading to $latest_supported_string" @@ -6487,7 +6486,7 @@ run_tls_fallback_scsv() { local -i ret=0 [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for TLS_FALLBACK_SCSV Protection " && outln - pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507), experim. " + pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507), " # This isn't a vulnerability check per se, but checks for the existence of # the countermeasure to protect against protocol downgrade attacks. @@ -6658,7 +6657,7 @@ run_drown() { outln fi # if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl - pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. " + pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703) " sslv2_sockets case $? in @@ -6678,8 +6677,8 @@ run_drown() { pr_svrty_highln "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)"; fileout "drown" "NOT ok" "SSLv2 offered (NOT ok), CVE-2015-3197: but could not detect a cipher" else - pr_svrty_criticalln "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"; - fileout "drown" "NOT ok" "vulnerable (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers" + pr_svrty_criticalln "VULNERABLE (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"; + fileout "drown" "NOT ok" "VULNERABLE (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers" fi fi ret=1 @@ -8356,7 +8355,7 @@ parse_cmd_line() { do_pfs=true ;; --devel) ### this development feature will soon disappear - HEX_CIPHER="" + HEX_CIPHER="$TLS12_CIPHER" # DEBUG=3 ./testssl.sh --devel 03 "cc, 13, c0, 13" google.de --> TLS 1.2, old CHACHA/POLY # DEBUG=3 ./testssl.sh --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com --> new CHACHA/POLY # DEBUG=3 ./testssl.sh --devel 01 yandex.ru --> TLS 1.0 @@ -8671,4 +8670,4 @@ fi exit $? -# $Id: testssl.sh,v 1.531 2016/07/23 13:12:12 dirkw Exp $ +# $Id: testssl.sh,v 1.533 2016/08/28 19:41:29 dirkw Exp $ From f5792a1e8decfbd301214d005961983fccbcf235 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sun, 28 Aug 2016 21:43:48 +0200 Subject: [PATCH 11/11] 1st important fixes ;-) --- CREDITS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CREDITS.md b/CREDITS.md index 967c0bb..cb857cd 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -20,10 +20,12 @@ - Detection of insecure redirects - JSON and CSV output - Client simulations + - CI integration, test cases for it * David Cooper - Detection + output of multiple certificates - several cleanups of server certificate related stuff + - several minor fixes - improved parsing of TLS ServerHello messages - speed improvements when testing all ciphers