From e2067d1663e73a6409299ce2412e08f139220ec2 Mon Sep 17 00:00:00 2001 From: Dirk Date: Thu, 27 Nov 2014 21:33:33 +0100 Subject: [PATCH] - BUGFIX: BSD now has proper heartbleed and ccs injection detection - significant code improvement of hex-byte parser <-> socket sender - BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing - bumped to 2.1rc3, hoping that'll be the last --- testssl.sh | 148 ++++++++++++++++++++++++++--------------------------- 1 file changed, 73 insertions(+), 75 deletions(-) diff --git a/testssl.sh b/testssl.sh index 33723ba..66c5f01 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4,7 +4,7 @@ # Program for spotting weak SSL encryption, ciphers, version and some vulnerablities or features -VERSION="2.1rc2" +VERSION="2.1rc3" SWURL="https://testssl.sh" SWCONTACT="dirk aet testssl dot sh" @@ -48,42 +48,44 @@ SWCONTACT="dirk aet testssl dot sh" #OPENSSL="${OPENSSL:-/usr/bin/openssl}" # private openssl version --> is now evaluated below CAPATH="${CAPATH:-/etc/ssl/certs/}" # same as previous. Doing nothing yet. FC has only a CA bundle per default, ==> openssl version -d -OSSL_VER="" # openssl version, will be autodetermined -NC="" # netcat will be autodetermined -ECHO="/usr/bin/printf --" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin +ECHO="/usr/bin/printf --" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all -SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally) -VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better - # whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1 +SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally) +VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better + # whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1 LOCERR=${LOCERR:-0} # displays the local error -SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested +SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual -#FIXME: consequently we should mute the initial netcat and openssl s_client -connect as they cause a 400 (nginx, apache) +#FIXME: consequently we should mute the initial openssl s_client -connect as they cause a 400 (nginx, apache) #FIXME: still to be filled with (more) sense: -DEBUG=${DEBUG:-0} # if 1 the temp file won't be erased. Currently only keeps the last output anyway +DEBUG=${DEBUG:-0} # if 1 the temp file won't be erased. Currently only keeps the last output anyway VERBOSE=${VERBOSE:-0} # if 1 it shows what's going on. Currently only used for heartbleed and ccs injection VERB_CLIST="" # ... and if so, "-V" shows them row by row cipher, SSL-version, KX, Au, Enc and Mac -HSTS_MIN=180 #>180 days is ok for HSTS -HPKP_MIN=9 #>9 days should be ok for HPKP_MIN, practical hiints? + +HSTS_MIN=180 # >180 days is ok for HSTS +HPKP_MIN=30 # >30 days should be ok for HPKP_MIN, practical hints? MAX_WAITSOCK=10 # waiting at max 10 seconds for socket reply CLIENT_MIN_PFS=5 # number of ciphers needed to run a test for PFS -NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1" -RUN_DIR=`dirname $0` -# more global vars: +# more global vars, empty: TLS_PROTO_OFFERED="" SOCKREPLY="" HEXC="" SNI="" IP4="" IP6="" +OSSL_VER="" # openssl version, will be autodetermined OSSL_VER_MAJOR=0 OSSL_VER_MINOR=0 OSSL_VER_APPENDIX="none" NODEIP="" IPS="" +NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1" +RUN_DIR=`dirname $0` + + # make sure that temporary files are cleaned up after use trap cleanup QUIT EXIT @@ -98,7 +100,7 @@ out() { } outln() { - [ ! -z "$1" ] && $ECHO "$1" + [[ -z "$1" ]] || $ECHO "$1" $ECHO "\n" } @@ -526,12 +528,14 @@ std_cipherlists() { # sockets inspired by http://blog.chris007.de/?p=238 -# ARG1: hexbyte, ARG2: hexode for TLS Version, ARG3: sleep +# ARG1: hexbyte with a leading comma (!!), seperated by commas +# ARG2: sleep socksend() { - data=`echo $1 | sed 's/tls_version/'"$2"'/g'` + # the following works under BSD and Linux, which is quite tricky. So don't mess with it unless you're really sure what you do + data=`echo "$1" | sed -e 's/# .*$//g' -e 's/ //g' | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\\/g' | tr -d '\n'` [ $VERBOSE -eq 1 ] && echo "\"$data\"" - printf $data >&5 2>/dev/null & - sleep $3 + printf -- "$data" >&5 2>/dev/null & + sleep $2 } @@ -568,7 +572,7 @@ sockread() { show_rfc_style(){ [ ! -r "$MAP_RFC_FNAME" ] && return 1 RFCname=`grep -iw $1 "$MAP_RFC_FNAME" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'` - [ -n "$RFCname" ] && out "$RFCname" + [ -n "$RFCname" ] && out "$RFCname" return 0 } @@ -585,7 +589,7 @@ neat_list(){ strength=`echo $strength | sed -e 's/ChaCha20-Poly1305/ly1305/g'` # workaround for empty bits ChaCha20-Poly1305 enc=`echo $enc | sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g'` # workaround for empty bits ChaCha20-Poly1305 echo "$export" | grep -iq export && strength="$strength,export" - $ECHO " %-7s %-30s %-10s %-11s%-11s${MAP_RFC_FNAME:+ %-48s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)" + printf -- " %-7s %-30s %-10s %-11s%-11s${MAP_RFC_FNAME:+ %-48s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)" } test_just_one(){ @@ -1069,38 +1073,39 @@ ok_ids(){ exit 0 } + ccs_injection(){ # see https://www.openssl.org/news/secadv_20140605.txt # mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607 bold " CCS "; out " (CVE-2014-0224), experimental " - ccs_message="\x14\x03\tls_version\x00\x01\x01" # ChangeCipherSpec, TLS version 2 bytes, lenght 2 bytes, payload CCS 1 byte - # 20/0x14=Change Ciipher Spexcc $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT &>$TMPFILE $TMPFILE