From 0efaf9114fff5a89a45cdf4271918ad2c988a802 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 19 Sep 2017 17:16:41 -0400 Subject: [PATCH] Another fix for OpenSSL 1.1.1 If testssl.sh is used with OpenSSL 1.1.1 and TLSv1.3 support is enabled, then the check for whether the server has a cipher order will always fail. The problem is that since the call to s_client doesn't specify a protocol a TLSv1.3 ClientHello will be sent. However, the call specifies a list of ciphers that doesn't include any TLSv1.3 ciphers. So, OpenSSL will fail with the error: "No ciphers enabled for max supported SSL/TLS version." The solution is to add the "-no_tls1_3" option. This PR fixes the problem by taking advantage of the recently-added s_client_options() function. It adds a "-no_tls1_3" option whenever: * $OPENSSL supports TLSv1.3 * The command line doesn't specify any protocol: -ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, or -tls1_3. * The command line includes the -cipher option * The list of ciphers that will be sent doesn't include any TLSv1.3 ciphers. Add TLSv1.3 support to run_cipher_per_proto() Fix branch --- testssl.sh | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/testssl.sh b/testssl.sh index b462c08..6fa0b42 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1393,6 +1393,7 @@ string_to_asciihex() { # Adjust options to $OPENSSL s_client based on OpenSSL version and protocol version s_client_options() { local options="$1" + local ciphers # Don't include the -servername option for an SSLv2 or SSLv3 ClientHello. [[ -n "$SNI" ]] && [[ " $options " =~ \ -ssl[2|3]\ ]] && options="${options//$SNI/}" @@ -1410,6 +1411,19 @@ s_client_options() { # isn't needed for these versions of OpenSSL.) ! "$HAS_NO_SSL2" && options="${options//-no_ssl2/}" + # If $OPENSSL is compiled with TLSv1.3 support and s_client is called without + # specifying a protocol, but specifying a list of ciphers that doesn't include + # any TLSv1.3 ciphers, then the command will always fail. So, if $OPENSSL supports + # TLSv1.3 and a cipher list is provided, but no protocol is specified, then add + # -no_tls1_3 if the list of ciphers doesn't include any TLSv1.3 ciphers. + if "$HAS_TLS13" && [[ " $options " =~ " -cipher " ]] && \ + [[ ! " $options " =~ \ -ssl[2|3]\ ]] && \ + [[ ! " $options " =~ \ -tls1\ ]] && [[ ! " $options " =~ \ -tls1_[1|2|3]\ ]]; then + ciphers="${options#* -cipher }" + ciphers="${ciphers%% *}" + [[ ! "$($OPENSSL ciphers "$ciphers")" =~ TLS13 ]] && options+=" -no_tls1_3" + fi + tm_out "$options" } @@ -2457,12 +2471,7 @@ std_cipherlists() { "$FAST" && continue [[ $(has_server_protocol "${proto:1}") -eq 1 ]] && continue fi - # FIXME: This check won't be needed once PR #827 is approved. At that point just the "else" statement will be needed. - if "$HAS_TLS13" && [[ "$proto" == "-no_ssl2" ]] && [[ ! "$($OPENSSL ciphers "$1")" =~ TLS13 ]]; then - $OPENSSL s_client $(s_client_options "-cipher "$1" $BUGS $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI $proto -no_tls1_3") 2>$ERRFILE >$TMPFILE $ERRFILE >$TMPFILE $ERRFILE >$TMPFILE