Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Backport pull request #2360 to fix #2389

Browse Source 
Not exactly for the same reason, but we need SNI too for secure renego tests.
This commit is contained in:
Tazmaniac 2023-09-08 16:31:38 +02:00 committed by GitHub
parent 5cb30aa510
commit eb006e4173
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -14540,7 +14540,8 @@ run_renego() {
local cwe="CWE-310"
local hint=""
local jsonID=""
# No SNI needed here as there won't be two different SSL stacks for one IP
# In cases where there's no default host configured we need SNI here as openssl then would return otherwise an error and the test will fail
# And for the secure_client_renego, the config could be per vhost
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
@ -14557,7 +14558,7 @@ run_renego() {
fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe"
else
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
if sclient_connect_successful $? $TMPFILE; then
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
sec_renego=$? # 0= Secure Renegotiation IS NOT supported
@ -14625,7 +14626,7 @@ run_renego() {
else
# We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
# msg enables us to look deeper into it while debugging
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE &
echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
wait_kill $! $HEADER_MAXSLEEP
if [[ $? -eq 3 ]]; then
pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
@ -14633,7 +14634,7 @@ run_renego() {
sec_client_renego=1
else
# second try in the foreground as we are sure now it won't hang
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
sec_client_renego=$?
# 0 means client is renegotiating & doesn't return an error --> vuln!
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
@ -14651,7 +14652,7 @@ run_renego() {
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
else
(for i in {1..4}; do echo R; sleep 1; done) | \
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
case $? in
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"