mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 12:59:44 +01:00
Merge pull request #2360 from mum-viadee/run_renego_sni_patch
Secure renegotiations tests need servername for servers that use SNI
This commit is contained in:
commit
be987d17a0
10
testssl.sh
10
testssl.sh
@ -16896,7 +16896,7 @@ run_renego() {
|
||||
local hint=""
|
||||
local jsonID=""
|
||||
local ssl_reneg_attempts=$SSL_RENEG_ATTEMPTS
|
||||
# No SNI needed here as there won't be two different SSL stacks for one IP
|
||||
# In cases where there's no default host configured we need SNI here as openssl then would return otherwise an error and the test will fail
|
||||
|
||||
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
|
||||
|
||||
@ -16913,7 +16913,7 @@ run_renego() {
|
||||
fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe"
|
||||
else
|
||||
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
|
||||
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
||||
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
|
||||
if sclient_connect_successful $? $TMPFILE; then
|
||||
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
|
||||
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
|
||||
@ -16982,7 +16982,7 @@ run_renego() {
|
||||
else
|
||||
# We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
|
||||
# msg enables us to look deeper into it while debugging
|
||||
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE &
|
||||
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
|
||||
wait_kill $! $HEADER_MAXSLEEP
|
||||
if [[ $? -eq 3 ]]; then
|
||||
pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
|
||||
@ -16990,7 +16990,7 @@ run_renego() {
|
||||
sec_client_renego=1
|
||||
else
|
||||
# second try in the foreground as we are sure now it won't hang
|
||||
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
|
||||
sec_client_renego=$?
|
||||
# 0 means client is renegotiating & doesn't return an error --> vuln!
|
||||
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
|
||||
@ -17011,7 +17011,7 @@ run_renego() {
|
||||
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
||||
else
|
||||
(for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep 1; done) | \
|
||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
|
||||
case $? in
|
||||
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
|
||||
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
||||
|
Loading…
Reference in New Issue
Block a user