From 85e7fd3a08fd8467abaa40849e0513ac6414ee7c Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 30 Apr 2018 16:47:12 -0400 Subject: [PATCH] Don't offer TLS compression by default There is at least one server that will fail under some circumstances if the ClientHello offers a compression method other than null. In OpenSSL 1.1.0 and 1.1.1, s_client will not offer any other compression methods unless the "-comp" option is provided. However, in earlier versions of OpenSSL, s_client will by default offer the DEFLATE compression method, however, this can be disabled using the "-no_comp" option. This PR addresses the flaw in this server by having s_client_options() add a "-no_comp" option to the command line if "-no_comp" is supported and the test doesn't require offering compression. Since run_crime() requires compression to be offered, run_crime() was changed to always add "-comp" to the command line, and then s_client_options() was changed to remove "-comp" from the command line, if that option isn't supported. --- testssl.sh | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/testssl.sh b/testssl.sh index 63681b2..265e096 100755 --- a/testssl.sh +++ b/testssl.sh @@ -316,6 +316,8 @@ HAS_PKEY=false HAS_NO_SSL2=false HAS_NOSERVERNAME=false HAS_CIPHERSUITES=false +HAS_COMP=false +HAS_NO_COMP=false HAS_ALPN=false HAS_NPN=false HAS_FALLBACK_SCSV=false @@ -1620,6 +1622,20 @@ s_client_options() { # isn't needed for these versions of OpenSSL.) ! "$HAS_NO_SSL2" && options="${options//-no_ssl2/}" + # At least one server will fail under some circumstances if compression methods are offered. + # So, only offer compression methds if necessary for the test. In OpenSSL 1.1.0 and + # 1.1.1 compression is only offered if the "-comp" option is provided. + # OpenSSL 1.0.0, 1.0.1, and 1.0.2 offer compression unless the "-no_comp" option is provided. + # OpenSSL 0.9.8 does not support either the "-comp" or the "-no_comp" option. + if [[ " $options " =~ " -comp " ]]; then + # Compression is needed for the test. So, remove "-comp" if it isn't supported, but + # otherwise make no changes. + ! "$HAS_COMP" && options="${options//-comp/}" + else + # Compression is not needed. So, specify "-no_comp" if that option is supported. + "$HAS_NO_COMP" && options+=" -no_comp" + fi + # If $OPENSSL is compiled with TLSv1.3 support and s_client is called without # specifying a protocol, but specifying a list of ciphers that doesn't include # any TLSv1.3 ciphers, then the command will always fail. So, if $OPENSSL supports @@ -12723,11 +12739,8 @@ run_crime() { fi else [[ "$OSSL_VER" == "0.9.8"* ]] && addcmd="-no_ssl2" - if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0"* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.1"* ]]; then - addcmd="-comp" - fi "$HAS_TLS13" && [[ -z "$OPTIMAL_PROTO" ]] && addcmd+=" -no_tls1_3" - $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS $addcmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI") $TMPFILE + $OPENSSL s_client $(s_client_options "$OPTIMAL_PROTO $BUGS -comp $addcmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI") $TMPFILE sclient_connect_successful $? $TMPFILE sclient_success=$? fi @@ -14942,6 +14955,12 @@ find_openssl_binary() { $OPENSSL s_client -ciphersuites -connect x 2>&1 | grep -aq "unknown option" || \ HAS_CIPHERSUITES=true + $OPENSSL s_client -comp -connect x 2>&1 | grep -aq "unknown option" || \ + HAS_COMP=true + + $OPENSSL s_client -no_comp -connect x 2>&1 | grep -aq "unknown option" || \ + HAS_NO_COMP=true + OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_ciphers 'ALL:COMPLEMENTOFALL' 'ALL')") for curve in "${curves_ossl[@]}"; do