From f8df2432eff2bb996286f375c911478392688744 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 26 Jan 2018 16:49:08 -0500 Subject: [PATCH 1/4] Fix HelloRetryRequest In TLSv1.3, if a HelloRetryRequest needs to be sent and the call to tls_sockets() includes additional request extensions (other than key_share or cookie), then resend_if_hello_retry_request() adds an extra comma between extensions in the value sent to socksend_tls_clienthello(), which creates errors. This commit fixes the problem by removing the extra comma. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 338a599..5ea7e83 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11172,7 +11172,7 @@ resend_if_hello_retry_request() { part2=$j+3 len_extn=3*$(hex2dec "${extra_extensions:j:2}${extra_extensions:part2:2}") if [[ "$extn_type" != "00$KEY_SHARE_EXTN_NR" ]] && [[ "$extn_type" != "002c" ]]; then - j=12+$len_extn + j=11+$len_extn new_extra_extns+=",${extra_extensions:i:j}" fi done From fa87f8ffd595b71794aa12b4ded29a9e7bcf2388 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 26 Jan 2018 16:56:31 -0500 Subject: [PATCH 2/4] Add TLSv1.3 support for run_server_defaults() This commit adds TLSv1.3 support for run_server_defaults(). It uses get_server_certificate() to run separate checks for RSA and ECDSA certificates by sending TLSv1.3 ClientHello messages with different signature_algorithms values. A similar change is made to certificate_transparency() in order to check for certificate transparency support for certificates returned over TLSv1.3. It also modifies the check for certificates offered without SNI by including an option to use tls_sockets() with servers that support TLSv1.3 if OpenSSL does not support TLSv1.3. --- testssl.sh | 101 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 85 insertions(+), 16 deletions(-) diff --git a/testssl.sh b/testssl.sh index 338a599..74b30e9 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6037,6 +6037,38 @@ get_server_certificate() { local success local npn_params="" line + if [[ "$1" =~ "-cipher tls1_3" ]]; then + [[ $(has_server_protocol "tls1_3") -eq 1 ]] && return 1 + if "$HAS_TLS13"; then + if [[ "$1" =~ "-cipher tls1_3_RSA" ]]; then + $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -sigalgs PSS+SHA256:PSS+SHA384") $ERRFILE >$TMPFILE + elif [[ "$1" =~ "-cipher tls1_3_ECDSA" ]]; then + $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -sigalgs ECDSA+SHA256:ECDSA+SHA384") $ERRFILE >$TMPFILE + else + return 1 + fi + sclient_connect_successful $? $TMPFILE || return 1 + DETECTED_TLS_VERSION="0304" + extract_certificates "tls1_3" + success=$? + else + if [[ "$1" =~ "-cipher tls1_3_RSA" ]]; then + tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01" + elif [[ "$1" =~ "-cipher tls1_3_ECDSA" ]]; then + tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03" + else + return 1 + fi + success=$? + [[ $success -eq 0 ]] || return 1 + cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE + fi + [[ $success -eq 0 ]] && add_tls_offered tls1_3 yes + extract_new_tls_extensions $TMPFILE + tmpfile_handle $FUNCNAME.txt + return $success + fi + "$HAS_SPDY" && [[ -z "$STARTTLS" ]] && npn_params="-nextprotoneg \"$NPN_PROTOs\"" if [[ -n "$2" ]]; then @@ -6301,6 +6333,7 @@ certificate_transparency() { local sni="" local ciphers="" local hexc n ciph sslver kx auth enc mac export + local extra_extns="" local -i success # First check whether signed certificate timestamps (SCT) are included in the @@ -6326,13 +6359,24 @@ certificate_transparency() { fi if [[ $number_of_certificates -gt 1 ]] && ! "$SSL_NATIVE"; then - while read hexc n ciph sslver kx auth enc mac export; do - if [[ ${#hexc} -eq 9 ]]; then - ciphers+=", ${hexc:2:2},${hexc:7:2}" + if [[ "$tls_version" == "0304" ]]; then + ciphers=", 13,01, 13,02, 13,03, 13,04, 13,05" + if [[ "$cipher" == "tls1_3_RSA" ]]; then + extra_extns=", 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01" + elif [[ "$cipher" == "tls1_3_ECDSA" ]]; then + extra_extns=", 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03" + else + return 1 fi - done < <($OPENSSL ciphers -V $cipher 2>>$ERRFILE) + else + while read hexc n ciph sslver kx auth enc mac export; do + if [[ ${#hexc} -eq 9 ]]; then + ciphers+=", ${hexc:2:2},${hexc:7:2}" + fi + done < <($OPENSSL ciphers -V $cipher 2>>$ERRFILE) + fi [[ -z "$sni_used" ]] && sni="$SNI" && SNI="" - tls_sockets "${tls_version:2:2}" "${ciphers:2}" "all" "00,12,00,00" + tls_sockets "${tls_version:2:2}" "${ciphers:2}" "all" "00,12,00,00$extra_extns" success=$? [[ -z "$sni_used" ]] && SNI="$sni" if ( [[ $success -eq 0 ]] || [[ $success -eq 2 ]] ) && \ @@ -7122,23 +7166,26 @@ run_server_defaults() { ciphers_to_test[5]="aECDH" ciphers_to_test[6]="aECDSA" ciphers_to_test[7]="aGOST" + ciphers_to_test[8]="tls1_3_RSA" + ciphers_to_test[9]="tls1_3_ECDSA" certificate_type[1]="RSASig" ; certificate_type[2]="RSAKMK" certificate_type[3]="DSA"; certificate_type[4]="DH" certificate_type[5]="ECDH" ; certificate_type[6]="ECDSA" - certificate_type[7]="GOST" + certificate_type[7]="GOST" ; certificate_type[8]="RSASig" + certificate_type[9]="ECDSA" - for (( n=1; n <= 14 ; n++ )); do + for (( n=1; n <= 16 ; n++ )); do # Some servers use a different certificate if the ClientHello # specifies TLSv1.1 and doesn't include a server name extension. # So, for each public key type for which a certificate was found, # try again, but only with TLSv1.1 and without SNI. - if [[ $n -ge 8 ]]; then + if [[ $n -ge 10 ]]; then ciphers_to_test[n]="" - [[ ${success[n-7]} -eq 0 ]] && ciphers_to_test[n]="${ciphers_to_test[n-7]}" && certificate_type[n]="${certificate_type[n-7]}" + [[ ${success[n-9]} -eq 0 ]] && ciphers_to_test[n]="${ciphers_to_test[n-9]}" && certificate_type[n]="${certificate_type[n-9]}" fi - if [[ -n "${ciphers_to_test[n]}" ]] && [[ $(count_ciphers $($OPENSSL ciphers "${ciphers_to_test[n]}" 2>>$ERRFILE)) -ge 1 ]]; then - if [[ $n -ge 8 ]]; then + if [[ -n "${ciphers_to_test[n]}" ]] && ( [[ "${ciphers_to_test[n]}" =~ "tls1_3" ]] || [[ $(count_ciphers $($OPENSSL ciphers "${ciphers_to_test[n]}" 2>>$ERRFILE)) -ge 1 ]] ); then + if [[ $n -ge 10 ]]; then sni="$SNI" SNI="" get_server_certificate "-cipher ${ciphers_to_test[n]}" "tls1_1" @@ -7148,8 +7195,8 @@ run_server_defaults() { get_server_certificate "-cipher ${ciphers_to_test[n]}" success[n]=$? fi - if [[ ${success[n]} -eq 0 ]]; then - [[ $n -ge 8 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni + if [[ ${success[n]} -eq 0 ]] && [[ -s "$HOSTCERT" ]]; then + [[ $n -ge 10 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni cp "$TEMPDIR/$NODEIP.get_server_certificate.txt" $TMPFILE >$ERRFILE if [[ -z "$sessticket_lifetime_hint" ]]; then @@ -7167,7 +7214,7 @@ run_server_defaults() { fi i=$((i + 1)) done - if ! "$match_found" && [[ $n -ge 8 ]] && [[ $certs_found -ne 0 ]]; then + if ! "$match_found" && [[ $n -ge 10 ]] && [[ $certs_found -ne 0 ]]; then # A new certificate was found using TLSv1.1 without SNI. # Check to see if the new certificate should be displayed. # It should be displayed if it is either a match for the @@ -7218,7 +7265,7 @@ run_server_defaults() { ocsp_response_status[certs_found]=$(grep -a "OCSP Response Status" $TMPFILE) previous_hostcert[certs_found]=$newhostcert previous_intermediates[certs_found]=$(cat $TEMPDIR/intermediatecerts.pem) - [[ $n -ge 8 ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI" + [[ $n -ge 10 ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI" tls_version[certs_found]="$DETECTED_TLS_VERSION" previous_hostcert_type[certs_found]=" ${certificate_type[n]}" else @@ -7352,7 +7399,29 @@ run_server_defaults() { if [[ -n "$SNI" ]] && [[ $certs_found -ne 0 ]] && [[ ! -e $HOSTCERT.nosni ]]; then # no cipher suites specified here. We just want the default vhost subject - $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO") 2>>$ERRFILE $HOSTCERT.nosni + if ! "$HAS_TLS13" && [[ $(has_server_protocol "tls1_3") -eq 0 ]]; then + sni="$SNI" ; SNI="" + mv $HOSTCERT $HOSTCERT.save + # Send same list of cipher suites as OpenSSL 1.1.1 sends (but with + # all 5 TLSv1.3 ciphers offered. + tls_sockets "04" \ + "c0,2c, c0,30, 00,9f, cc,a9, cc,a8, cc,aa, c0,2b, c0,2f, + 00,9e, c0,24, c0,28, 00,6b, c0,23, c0,27, 00,67, c0,0a, + c0,14, 00,39, c0,09, c0,13, 00,33, 00,9d, 00,9c, 13,02, + 13,03, 13,01, 13,04, 13,05, 00,3d, 00,3c, 00,35, 00,2f, + 00,ff" \ + "all" + success[0]=$? + if [[ ${success[0]} -eq 0 ]] || [[ ${success[0]} -eq 2 ]]; then + mv $HOSTCERT $HOSTCERT.nosni + else + echo "" > $HOSTCERT.nosni + fi + mv $HOSTCERT.save $HOSTCERT + SNI="$sni" + else + $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $OPTIMAL_PROTO") 2>>$ERRFILE $HOSTCERT.nosni + fi fi for (( i=1; i <= certs_found; i++ )); do From ee0b12bfca590a866c5ff59d3a62e0d881f63ca4 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 26 Jan 2018 17:27:10 -0500 Subject: [PATCH 3/4] Label elliptic curve public keys as "EC" In the output created by certificate_info(), the "Server key size" line labels an elliptic curve key as "ECDSA." This commit changes the label to "EC." I believe this a more correct label since ECDSA is a signature algorithm, not a key type. Also, while unlikely, an elliptic curve key in a certificate may be used for ECDH (e.g, in TLS_ECDH_RSA_WITH_AES_128_CBC_SHA) rather than ECDSA. Note that this does not impact the JSON or CSV output, since the corresponding fileout command already uses "$cert_keysize EC bits" --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 338a599..149f66a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6522,7 +6522,7 @@ certificate_info() { case $cert_key_algo in *RSA*|*rsa*) out "RSA ";; *DSA*|*dsa*) out "DSA ";; - *ecdsa*|*ecPublicKey) out "ECDSA ";; + *ecdsa*|*ecPublicKey) out "EC ";; *GOST*|*gost*) out "GOST ";; *dh*|*DH*) out "DH " ;; *) pr_fixme "don't know $cert_key_algo " ;; From 659a6176b685c4dea3ffe743509f834d67455070 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sun, 28 Jan 2018 12:47:05 +0100 Subject: [PATCH 4/4] Add TLS 1.3, better explanation for -6 --- doc/testssl.1 | 12 ++++++------ doc/testssl.1.html | 18 +++++++++++------- doc/testssl.1.md | 17 +++++++++++------ 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 5244e13..52947d0 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "TESTSSL" "1" "December 2017" "" "" +.TH "TESTSSL" "1" "January 2018" "" "" . .SH "NAME" \fBtestssl\fR @@ -25,7 +25,7 @@ testssl\.sh is a free command line tool which checks a server\'s service on any The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad\. The (screen) output has several sections in which classes of checks are being performed\. To ease readability on the screen it aligns and indents the output properly\. . .P -Except DNS lookups it doesn\'t use any third parties for checks, it\'s only you who sees the result and you also can use it internally on your LAN\. +Only you see the result\. You also can use it internally on your LAN\. Except DNS lookups it doesn\'t use any other hosts or even third parties for checks\. . .P It is out of the box pretty much portable: testssl\.sh runs under any Unix\-like stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2)\. \fBbash\fR (also version 3 is still supported) is a prerequisite as well as standard utilities like awk, sed, tr and head\. This can be of BSD, System 5 or GNU flavor whereas grep from System V is not yet supported\. @@ -64,7 +64,7 @@ It is out of the box pretty much portable: testssl\.sh runs under any Unix\-like 9) client simulation . .SH "OPTIONS AND PARAMETERS" -Options are either short or long options\. All options requiring a value can be called with or without an equal sign \'=\' e\.g\. \fBtestssl\.sh \-t=smtp \-\-wide \-\-openssl=/usr/bin/openssl \fR is equivalent to \fBtestssl\.sh \-\-starttls smtp \-\-wide \-\-openssl /usr/bin/openssl \fR\. Some command line options can also be preset via ENV variables\. \fBWIDE=true OPENSSL=/usr/bin/openssl testssl\.sh \-\-starttls smtp \fR would be the equivalent to the aforementioned examples\. Preference has the command line over any environment variables\. +Options are either short or long options\. Any option requiring a value can be called with or without an equal sign \'=\' e\.g\. \fBtestssl\.sh \-t=smtp \-\-wide \-\-openssl=/usr/bin/openssl \fR (short option with equal sign) is equivalent to \fBtestssl\.sh \-\-starttls smtp \-\-wide \-\-openssl /usr/bin/openssl \fR (long option without equal sign)\. Some command line options can also be preset via ENV variables\. \fBWIDE=true OPENSSL=/usr/bin/openssl testssl\.sh \-\-starttls=smtp \fR would be the equivalent to the aforementioned examples\. Preference has the command line over any environment variables\. . .P \fB\fR or \fB\-\-file \fR always needs to be the last parameter\. @@ -134,7 +134,7 @@ Please note that the content of \fBfname\fR has to be in Unix format\. DOS carri \fB\-\-proxy :\fR does the whole check via the specified HTTP proxy\. \fB\-\-proxy=auto\fR inherits the proxy setting from the environment\. Proxying via IPv6 addresses is not possible\. The hostname supplied will only be resolved to the first A record\. Authentication to the proxy is not supported\. In addition if you want lookups via proxy you can specify \fBDNS_VIA_PROXY=true\fR\. . .P -\fB\-6\fR does (also) IPv6 checks\. This works only with both a supporting openssl binary like the one supplied and IPv6 connectivity\. testssl\.sh does no connectivity checks for IPv6, it also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support\. \fBHAS_IPv6\fR is the respective environment variable\. +\fB\-6\fR does (also) IPv6 checks\. Please note if a supplied URI resolves (also) to an IPv6 address that testssl\.sh doesn\'t do checks on an IPv6 address automatically\. This is because testssl\.sh does no connectivity checks for IPv6\. It also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support\. \fB\-6\fR assumes both is the case\. If both conditions are met and you want in general enable IPv6 tests you might as well add \fBHAS_IPv6\fR to your shell environment\. . .P \fB\-\-ssl\-native\fR instead of using a mixture of bash sockets and openssl s_client connects testssl\.sh uses the latter only\. This is at the moment faster but provides less accurate results, especially in the client simulation and if the openssl binary lacks cipher support\. For TLS protocol checks and standard cipher lists and certain other checks you will see a warning if testssl\.sh internally can tell if one check cannot be performed or will give you inaccurate results\. For e\.g\. single cipher checks (\fB\-\-each\-cipher\fR and \fB\-\-cipher\-per\-proto\fR) you might end up getting false negatives without a warning\. @@ -146,7 +146,7 @@ Please note that the content of \fBfname\fR has to be in Unix format\. DOS carri \fB\-\-bugs\fR does some workarounds for buggy servers like padding for old F5 devices\. The option is passed as \fB\-bug\fR to openssl when needed, see \fBs_client(1)\fR\. For the socket part testssl\.sh tries its best also without that option to cope with broken server implementations (environment preset via \fBBUGS="\-bugs"\fR) . .P -\fB\-\-assuming\-http\fR testssl\.sh does upfront a protocol detection on the application layer\. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option\. It tells testssl\.sh not to skip HTTP specific tests and to run the client simulation with browsers\. Sometimes also the severity depends on the application protocol, e\.g\. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server\. +\fB\-\-assuming\-http\fR testssl\.sh does upfront an application protocol detection\. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option\. It tells testssl\.sh not to skip HTTP specific tests and to run the client simulation with browsers\. Sometimes also the severity depends on the application protocol, e\.g\. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server\. . .IP "\(bu" 4 \fB\-n, \-\-no\-dns\fR instructs testssl\.sh to not do any DNS lookups\. This is useful if you either can\'t or are not willing to perform DNS lookups\. The latter applies e\.g\. to some pentests, the former could e\.g\. help you to avoid timeouts by DNS lookups\. \fBNODNS=true\fR has the same effect\. @@ -195,7 +195,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing .IP "" 0 . .P -\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS1\.2 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2 +\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are suuported\. . .P \fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there\'s a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there\'s not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only) diff --git a/doc/testssl.1.html b/doc/testssl.1.html index 6664a12..54a45ea 100644 --- a/doc/testssl.1.html +++ b/doc/testssl.1.html @@ -98,9 +98,13 @@

The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad. The (screen) output has several sections in which classes of checks are being performed. To ease readability on the screen it aligns and indents the output properly.

-

Except DNS lookups it doesn't use any third parties for checks, it's only you who sees the result and you also can use it internally on your LAN.

+

Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks.

-

It is out of the box pretty much portable: testssl.sh runs under any Unix-like stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). bash (also version 3 is still supported) is a prerequisite as well as standard utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU flavor whereas grep from System V is not yet supported.

+

It is out of the box pretty much portable: testssl.sh runs under any Unix-like +stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). bash +(also version 3 is still supported) is a prerequisite as well as standard +utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU +flavor whereas grep from System V is not yet supported.

GENERAL

@@ -128,7 +132,7 @@

OPTIONS AND PARAMETERS

-

Options are either short or long options. All options requiring a value can be called with or without an equal sign '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI> is equivalent to testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl <URI>. Some command line options can also be preset via ENV variables. WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls smtp <URI> would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables.

+

Options are either short or long options. Any option requiring a value can be called with or without an equal sign '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI> (short option with equal sign) is equivalent to testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl <URI> (long option without equal sign). Some command line options can also be preset via ENV variables. WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls=smtp <URI> would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables.

<URI> or --file <FILE> always needs to be the last parameter.

@@ -181,7 +185,7 @@ host.example.com:631

--proxy <host>:<port> does the whole check via the specified HTTP proxy. --proxy=auto inherits the proxy setting from the environment. Proxying via IPv6 addresses is not possible. The hostname supplied will only be resolved to the first A record. Authentication to the proxy is not supported. In addition if you want lookups via proxy you can specify DNS_VIA_PROXY=true.

-

-6 does (also) IPv6 checks. This works only with both a supporting openssl binary like the one supplied and IPv6 connectivity. testssl.sh does no connectivity checks for IPv6, it also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support. HAS_IPv6 is the respective environment variable.

+

-6 does (also) IPv6 checks. Please note if a supplied URI resolves (also) to an IPv6 address that testssl.sh doesn't do checks on an IPv6 address automatically. This is because testssl.sh does no connectivity checks for IPv6. It also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support. -6 assumes both is the case. If both conditions are met and you want in general enable IPv6 tests you might as well add HAS_IPv6 to your shell environment.

--ssl-native instead of using a mixture of bash sockets and openssl s_client connects testssl.sh uses the latter only. This is at the moment faster but provides less accurate results, especially in the client simulation and if the openssl binary lacks cipher support. For TLS protocol checks and standard cipher lists and certain other checks you will see a warning if testssl.sh internally can tell if one check cannot be performed or will give you inaccurate results. For e.g. single cipher checks (--each-cipher and --cipher-per-proto) you might end up getting false negatives without a warning.

@@ -190,7 +194,7 @@ host.example.com:631

--bugs does some workarounds for buggy servers like padding for old F5 devices. The option is passed as -bug to openssl when needed, see s_client(1). For the socket part testssl.sh tries its best also without that option to cope with broken server implementations (environment preset via BUGS="-bugs")

-

--assuming-http testssl.sh does upfront a protocol detection on the application layer. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option. It tells testssl.sh not to skip HTTP specific tests and to run the client simulation with browsers. Sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server.

+

--assuming-http testssl.sh does upfront an application protocol detection. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option. It tells testssl.sh not to skip HTTP specific tests and to run the client simulation with browsers. Sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server.

  • -n, --no-dns instructs testssl.sh to not do any DNS lookups. This is useful if you either can't or are not willing to perform DNS lookups. The latter applies e.g. to some pentests, the former could e.g. help you to avoid timeouts by DNS lookups. NODNS=true has the same effect.

  • @@ -220,7 +224,7 @@ host.example.com:631
-

-p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS1.2 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2

+

-p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported.

-P, --preference displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)

@@ -519,7 +523,7 @@ to create the hashes for HPKP.
  1. -
  2. December 2017
  3. +
  4. January 2018
  5. testssl(1)
diff --git a/doc/testssl.1.md b/doc/testssl.1.md index 883ded7..40ff2b6 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -17,9 +17,13 @@ testssl.sh is a free command line tool which checks a server's service on any po The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad. The (screen) output has several sections in which classes of checks are being performed. To ease readability on the screen it aligns and indents the output properly. -Except DNS lookups it doesn't use any third parties for checks, it's only you who sees the result and you also can use it internally on your LAN. +Only you see the result. You also can use it internally on your LAN. Except DNS lookups it doesn't use any other hosts or even third parties for checks. -It is out of the box pretty much portable: testssl.sh runs under any Unix-like stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). `bash` (also version 3 is still supported) is a prerequisite as well as standard utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU flavor whereas grep from System V is not yet supported. +It is out of the box pretty much portable: testssl.sh runs under any Unix-like +stack (Linux, *BSD, MacOS X, WSL=bash on Windows, Cygwin and MSYS2). `bash` +(also version 3 is still supported) is a prerequisite as well as standard +utilities like awk, sed, tr and head. This can be of BSD, System 5 or GNU +flavor whereas grep from System V is not yet supported. ## GENERAL @@ -46,9 +50,10 @@ It is out of the box pretty much portable: testssl.sh runs under any Unix-like s 9) client simulation + ## OPTIONS AND PARAMETERS -Options are either short or long options. All options requiring a value can be called with or without an equal sign '=' e.g. `testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl ` is equivalent to `testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl `. Some command line options can also be preset via ENV variables. `WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls smtp ` would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables. +Options are either short or long options. Any option requiring a value can be called with or without an equal sign '=' e.g. `testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl ` (short option with equal sign) is equivalent to `testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl ` (long option without equal sign). Some command line options can also be preset via ENV variables. `WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls=smtp ` would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables. `` or `--file ` always needs to be the last parameter. @@ -103,7 +108,7 @@ Please note that the content of `fname` has to be in Unix format. DOS carriage r `--proxy :` does the whole check via the specified HTTP proxy. `--proxy=auto` inherits the proxy setting from the environment. Proxying via IPv6 addresses is not possible. The hostname supplied will only be resolved to the first A record. Authentication to the proxy is not supported. In addition if you want lookups via proxy you can specify `DNS_VIA_PROXY=true`. -`-6` does (also) IPv6 checks. This works only with both a supporting openssl binary like the one supplied and IPv6 connectivity. testssl.sh does no connectivity checks for IPv6, it also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support. `HAS_IPv6` is the respective environment variable. +`-6` does (also) IPv6 checks. Please note if a supplied URI resolves (also) to an IPv6 address that testssl.sh doesn't do checks on an IPv6 address automatically. This is because testssl.sh does no connectivity checks for IPv6. It also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support. `-6` assumes both is the case. If both conditions are met and you want in general enable IPv6 tests you might as well add `HAS_IPv6` to your shell environment. `--ssl-native` instead of using a mixture of bash sockets and openssl s_client connects testssl.sh uses the latter only. This is at the moment faster but provides less accurate results, especially in the client simulation and if the openssl binary lacks cipher support. For TLS protocol checks and standard cipher lists and certain other checks you will see a warning if testssl.sh internally can tell if one check cannot be performed or will give you inaccurate results. For e.g. single cipher checks (`--each-cipher` and `--cipher-per-proto`) you might end up getting false negatives without a warning. @@ -112,7 +117,7 @@ Please note that the content of `fname` has to be in Unix format. DOS carriage r `--bugs` does some workarounds for buggy servers like padding for old F5 devices. The option is passed as `-bug` to openssl when needed, see `s_client(1)`. For the socket part testssl.sh tries its best also without that option to cope with broken server implementations (environment preset via `BUGS="-bugs"`) -`--assuming-http` testssl.sh does upfront a protocol detection on the application layer. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option. It tells testssl.sh not to skip HTTP specific tests and to run the client simulation with browsers. Sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server. +`--assuming-http` testssl.sh does upfront an application protocol detection. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option. It tells testssl.sh not to skip HTTP specific tests and to run the client simulation with browsers. Sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server. * `-n, --no-dns` instructs testssl.sh to not do any DNS lookups. This is useful if you either can't or are not willing to perform DNS lookups. The latter applies e.g. to some pentests, the former could e.g. help you to avoid timeouts by DNS lookups. `NODNS=true` has the same effect. @@ -141,7 +146,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a * `Strong grade Ciphers` (AEAD): 'AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM' -`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS1.2 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2 +`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported. `-P, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)