polishing #784 and #788

Also introduced the global BAD_SERVER_HELLO_CIPHER which can be later used
for notifying crappy cipher negotiations

testssl.sh

@@ -201,7 +201,7 @@ UNBRACKTD_IPV6=${UNBRACKTD_IPV6:-false} # some versions of OpenSSL (like Gentoo)
 SERVER_SIZE_LIMIT_BUG=false             # Some servers have either a ClientHello total size limit or a 128 cipher limit (e.g. old ASAs)
 CHILD_MASS_TESTING=${CHILD_MASS_TESTING:-false}
 
-# tuning vars, can not be set by a cmd line switch
+# tuning vars, can be set by a cmd line switch
 EXPERIMENTAL=${EXPERIMENTAL:-false}
 HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5}   # we wait this long before killing the process to retrieve a service banner / http header
 MAX_WAITSOCK=${MAX_WAITSOCK:-10}        # waiting at max 10 seconds for socket reply. There shouldn't be any reason to change this.
@@ -255,6 +255,7 @@ HEADERVALUE=""
 HTTP_STATUS_CODE=""
 PROTOS_OFFERED=""
 TLS_EXTENSIONS=""
+BAD_SERVER_HELLO_CIPHER=false           # reserved for cases where a ServerHello doesn't contain a cipher offered in the ClientHello
 GOST_STATUS_PROBLEM=false
 DETECTED_TLS_VERSION=""
 PATTERN2SHOW=""
@@ -8126,6 +8127,8 @@ parse_tls_serverhello() {
      fi
 
      # If a CIPHER_SUITES string was provided, then check that $tls_cipher_suite is in the string.
+     # this appeared in yassl + MySQL (https://github.com/drwetter/testssl.sh/pull/784) but adds robustness
+     # to the implemenation
      if [[ -n "$cipherlist" ]]; then
           tls_cipher_suite="$(tolower "$tls_cipher_suite")"
           tls_cipher_suite="${tls_cipher_suite:0:2}\\x${tls_cipher_suite:2:2}"
@@ -8134,6 +8137,7 @@ parse_tls_serverhello() {
                [[ "${cipherlist:i:6}" == "$tls_cipher_suite" ]] && break
           done
           if [[ $i -ge $cipherlist_len ]]; then
+               BAD_SERVER_HELLO_CIPHER=true
                debugme echo "The ServerHello specifies a cipher suite that wasn't included in the ClientHello."
                tmpfile_handle $FUNCNAME.txt
                return 1
@@ -9169,8 +9173,8 @@ run_ccs_injection(){
 # in general, see https://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol
 #                 https://tools.ietf.org/html/rfc5246#section-7.2
 #
-# not ok fo CCSI:  15 | 0301    | 00 02    | 02 15
-#               ALERT | TLS 1.0 | Length=2 | Decryption failed (21)
+# not ok for CCSI:  15 | 0301    | 00 02    | 02 15
+#                ALERT | TLS 1.0 | Length=2 | Decryption failed (21)
 #
 # ok:   nothing: ==> RST
 #
@@ -9202,7 +9206,8 @@ run_ccs_injection(){
           # MySQL community edition (yaSSL) returns a MySQL error instead of a TLS Alert
           # Error: #08S01 Bad handshake
           pr_done_best "not vulnerable (OK)"
-          fileout "ccs" "OK" "CCS: not vulnerable" "$cve" "$cwe"
+          out ", looks like MySQL community edition (yaSSL)"
+          fileout "ccs" "OK" "CCS: not vulnerable (MySQL community edition (yaSSL) detected)" "$cve" "$cwe"
      elif [[ "$byte6" == [0-9a-f][0-9a-f] ]] && [[ "${tls_hello_ascii:2:2}" != "03" ]]; then
           pr_warning "test failed"
           out ", probably read buffer too small (${tls_hello_ascii:0:14})"