mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-06 00:39:44 +01:00
Merge pull request #444 from dcooper16/sslv2_sockets
Move printing of results out of sslv2_sockets()
This commit is contained in:
commit
dbb7d6f4be
92
testssl.sh
92
testssl.sh
@ -2924,6 +2924,7 @@ run_protocols() {
|
|||||||
local supported_no_ciph2="supported but couldn't detect a cipher"
|
local supported_no_ciph2="supported but couldn't detect a cipher"
|
||||||
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
||||||
local detected_version_string latest_supported_string
|
local detected_version_string latest_supported_string
|
||||||
|
local lines nr_ciphers_detected
|
||||||
local extra_spaces=" "
|
local extra_spaces=" "
|
||||||
|
|
||||||
outln; pr_headline " Testing protocols "
|
outln; pr_headline " Testing protocols "
|
||||||
@ -2948,7 +2949,40 @@ run_protocols() {
|
|||||||
|
|
||||||
pr_bold " SSLv2 $extra_spaces";
|
pr_bold " SSLv2 $extra_spaces";
|
||||||
if ! "$SSL_NATIVE"; then
|
if ! "$SSL_NATIVE"; then
|
||||||
sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level
|
sslv2_sockets
|
||||||
|
case $? in
|
||||||
|
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
||||||
|
pr_cyan "strange v2 reply "
|
||||||
|
outln " (rerun with DEBUG >=2)"
|
||||||
|
[[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1
|
||||||
|
fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
||||||
|
;;
|
||||||
|
1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP!
|
||||||
|
pr_done_bestln "not offered (OK)"
|
||||||
|
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
|
||||||
|
;;
|
||||||
|
0) # reset
|
||||||
|
pr_done_bestln "not offered (OK)"
|
||||||
|
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
|
||||||
|
;;
|
||||||
|
3) # everything else
|
||||||
|
lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)")
|
||||||
|
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
||||||
|
if [[ "$lines" -gt 1 ]]; then
|
||||||
|
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||||
|
add_tls_offered "ssl2"
|
||||||
|
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
||||||
|
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
|
||||||
|
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
|
||||||
|
else
|
||||||
|
pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack";
|
||||||
|
outln " -- $nr_ciphers_detected ciphers"
|
||||||
|
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected"
|
||||||
|
fi
|
||||||
|
fi ;;
|
||||||
|
esac
|
||||||
|
pr_off
|
||||||
|
debugme outln
|
||||||
else
|
else
|
||||||
run_prototest_openssl "-ssl2"
|
run_prototest_openssl "-ssl2"
|
||||||
case $? in
|
case $? in
|
||||||
@ -5611,7 +5645,7 @@ parse_tls_serverhello() {
|
|||||||
|
|
||||||
|
|
||||||
sslv2_sockets() {
|
sslv2_sockets() {
|
||||||
local nr_ciphers_detected
|
local ret
|
||||||
|
|
||||||
fd_socket 5 || return 6
|
fd_socket 5 || return 6
|
||||||
debugme outln "sending client hello... "
|
debugme outln "sending client hello... "
|
||||||
@ -5625,43 +5659,7 @@ sslv2_sockets() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
|
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
|
||||||
case $? in
|
ret=$?
|
||||||
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
|
||||||
pr_cyan "strange v2 reply "
|
|
||||||
outln " (rerun with DEBUG >=2)"
|
|
||||||
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
|
|
||||||
ret=7
|
|
||||||
fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
|
||||||
;;
|
|
||||||
1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP!
|
|
||||||
pr_done_bestln "not offered (OK)"
|
|
||||||
ret=0
|
|
||||||
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
|
|
||||||
;;
|
|
||||||
0) # reset
|
|
||||||
pr_done_bestln "not offered (OK)"
|
|
||||||
ret=0
|
|
||||||
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
|
|
||||||
;;
|
|
||||||
3) # everything else
|
|
||||||
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
|
|
||||||
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
|
|
||||||
if [[ "$lines" -gt 1 ]]; then
|
|
||||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
|
||||||
add_tls_offered "ssl2"
|
|
||||||
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
|
|
||||||
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
|
|
||||||
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
|
|
||||||
else
|
|
||||||
pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack";
|
|
||||||
outln " -- $nr_ciphers_detected ciphers"
|
|
||||||
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected"
|
|
||||||
fi
|
|
||||||
ret=1
|
|
||||||
fi ;;
|
|
||||||
esac
|
|
||||||
pr_off
|
|
||||||
debugme outln
|
|
||||||
|
|
||||||
close_socket
|
close_socket
|
||||||
TMPFILE=$SOCK_REPLY_FILE
|
TMPFILE=$SOCK_REPLY_FILE
|
||||||
@ -6656,26 +6654,18 @@ run_drown() {
|
|||||||
fi
|
fi
|
||||||
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
|
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
|
||||||
pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. "
|
pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. "
|
||||||
fd_socket 5 || return 6
|
sslv2_sockets
|
||||||
debugme outln "sending client hello... "
|
|
||||||
socksend_sslv2_clienthello "$SSLv2_CLIENT_HELLO"
|
|
||||||
sockread_serverhello 32768
|
|
||||||
debugme outln "reading server hello... "
|
|
||||||
if [[ "$DEBUG" -ge 4 ]]; then
|
|
||||||
hexdump -C "$SOCK_REPLY_FILE" | head -6
|
|
||||||
outln
|
|
||||||
fi
|
|
||||||
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
|
|
||||||
case $? in
|
case $? in
|
||||||
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
7) # strange reply, couldn't convert the cipher spec length to a hex number
|
||||||
fixme "strange v2 reply "
|
fixme "strange v2 reply "
|
||||||
outln " (rerun with DEBUG >=2)"
|
outln " (rerun with DEBUG >=2)"
|
||||||
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
|
[[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1
|
||||||
ret=7
|
ret=7
|
||||||
fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
|
||||||
;;
|
;;
|
||||||
3) # vulnerable
|
3) # vulnerable
|
||||||
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
|
lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)")
|
||||||
debugme out " ($lines lines) "
|
debugme out " ($lines lines) "
|
||||||
if [[ "$lines" -gt 1 ]]; then
|
if [[ "$lines" -gt 1 ]]; then
|
||||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||||
|
Loading…
Reference in New Issue
Block a user