From 7cc41a1a92f763509815562e7dd6ab12eb3fe0db Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 8 Mar 2016 22:25:00 +0100 Subject: [PATCH 01/10] logfile, jsonfile and csvfile parameters work without = (as documented in help) --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5c71f90..b8f4830 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6656,7 +6656,7 @@ parse_cmd_line() { do_logging=true ;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --logfile=*) + --logfile|--logfile=*) LOGFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_logging=true @@ -6665,7 +6665,7 @@ parse_cmd_line() { do_json=true ;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --jsonfile=*) + --jsonfile|--jsonfile=*) JSONFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_json=true @@ -6674,7 +6674,7 @@ parse_cmd_line() { do_csv=true ;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --csvfile=*) + --csvfile|--csvfile=*) CSVFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_csv=true From cba7fddbddc2b4e4405a89830872a2789176f49a Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 16 May 2016 16:52:51 -0400 Subject: [PATCH 02/10] Revised parse_tls_serverhello() Revised parse_tls_serverhello() to more carefully check the response for errors, and to provide for more flexibility (e.g., if handshake messages are split across multiple fragments). --- testssl.sh | 304 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 240 insertions(+), 64 deletions(-) diff --git a/testssl.sh b/testssl.sh index 04b2cf4..aaca298 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4011,92 +4011,268 @@ parse_sslv2_serverhello() { # arg1: name of file with socket reply parse_tls_serverhello() { local tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$1") - local tls_content_type tls_protocol tls_len_all -#TODO: all vars here + local tls_handshake_ascii="" tls_alert_ascii="" + local -i tls_hello_ascii_len tls_handshake_ascii_len tls_alert_ascii_len msg_len + local tls_serverhello_ascii="" + local -i tls_serverhello_ascii_len=0 + local tls_alert_descrip + local -i tls_sid_len offset + local tls_msg_type tls_content_type tls_protocol tls_protocol2 tls_hello_time + local tls_err_level tls_err_descr tls_cipher_suite tls_compression_method + local -i i TLS_TIME="" DETECTED_TLS_VERSION="" - # server hello, handshake details see http://en.wikipedia.org/wiki/Transport_Layer_Security-SSL#TLS_record + # $tls_hello_ascii may contain trailing whitespace. Remove it: + tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}" + [[ "$DEBUG" -eq 5 ]] && echo $tls_hello_ascii # one line without any blanks + + # Client messages, including handshake messages, are carried by the record layer. + # First, extract the handshake and alert messages. + # see http://en.wikipedia.org/wiki/Transport_Layer_Security-SSL#TLS_record # byte 0: content type: 0x14=CCS, 0x15=TLS alert x16=Handshake, 0x17 Aplication, 0x18=HB # byte 1+2: TLS version word, major is 03, minor 00=SSL3, 01=TLS1 02=TLS1.1 03=TLS 1.2 - # byte 3+4: length all - # byte 5: handshake type (2=hello) TLS alert: level (2=fatal), descr (0x28=handshake failure) - # byte 6+7+8: length server hello - # byte 9+10: 03, TLS version word see byte 1+2 - # byte 11-14: TLS timestamp for OpenSSL <1.0.1f - # byte 15-42: random, 28 bytes - # byte 43: session id length - # byte 44+45+sid-len: cipher suite! - # byte 46+sid-len: compression method: 00: none, 01: deflate - # byte 47+48+sid-len: extension length - - [[ "$DEBUG" -eq 5 ]] && echo $tls_hello_ascii # one line without any blanks - if [[ -z "$tls_hello_ascii" ]]; then - debugme echo "server hello empty, TCP connection closed" - return 1 # no server hello received + # byte 3+4: fragment length + # bytes 5...: message fragment + tls_hello_ascii_len=${#tls_hello_ascii} + if [[ $DEBUG -ge 2 ]] && [[ $tls_hello_ascii_len -gt 0 ]]; then + echo "TLS message fragments:" fi - - # now scrape two bytes out of the reply per byte - tls_content_type="${tls_hello_ascii:0:2}" # normally this is x16 (Handshake) here - tls_protocol="${tls_hello_ascii:2:4}" - DETECTED_TLS_VERSION=$tls_protocol - - tls_len_all=${tls_hello_ascii:6:4} - - sid_len_offset=86 - tls_hello="${tls_hello_ascii:10:2}" # normally this is x02 - tls_protocol2="${tls_hello_ascii:18:4}" - tls_hello_time="${tls_hello_ascii:22:8}" - - if [[ $tls_content_type == "15" ]]; then # TLS ALERT - tls_err_level=${tls_hello_ascii:10:2} # 1: warning, 2: fatal - tls_err_descr=${tls_hello_ascii:12:2} # 112/0x70: Unrecognized name, 111/0x6F: certificate_unobtainable, - # 113/0x71: bad_certificate_status_response, #114/0x72: bad_certificate_hash_value - if [[ $DEBUG -ge 2 ]]; then - echo "tls_protocol (reclyr): 0x$tls_protocol" - echo "tls_content_type: 0x$tls_content_type" - echo "tls_len_all: $tls_len_all" - echo "tls_err_descr: 0x${tls_err_descr} / = $(hex2dec ${tls_err_descr})" - echo "tls_err_level: ${tls_err_level} (warning:1, fatal:2)" + for (( i=0; i - # we get a TLS ALERT saying "unrecognized_name" (0x70) and a warning (0x1), see RFC https://tools.ietf.org/html/rfc6066#page-17 - # note that RFC recommended to fail instead: https://tools.ietf.org/html/rfc6066#section-3 - # we need to handle this properly -- otherwise we always return that the protocol or cipher is not available! - if [[ "$tls_err_descr" == 70 ]] && [[ "${tls_err_level}" == "01" ]]; then - sid_len_offset=100 # we are 2x7 bytes off (formerly: 86 instead of 100) - tls_hello="${tls_hello_ascii:24:2}" # here, too (normally this is (02) - tls_protocol2="${tls_hello_ascii:32:4}" # here, too - tls_hello_time="${tls_hello_ascii:36:8}" # and here, too - else + tls_content_type="${tls_hello_ascii:i:2}" + i=$i+2 + tls_protocol="${tls_hello_ascii:i:4}" + i=$i+4 + msg_len=2*$(hex2dec "${tls_hello_ascii:i:4}") + i=$i+4 + + if [[ $DEBUG -ge 2 ]]; then + echo " tls_protocol (reclyr): 0x$tls_protocol" + out " tls_content_type: 0x$tls_content_type" + case $tls_content_type in + 15) outln " (alert)" ;; + 16) outln " (handshake)" ;; + *) outln ;; + esac + echo " msg_len: $((msg_len/2))" + outln + fi + if [[ $tls_content_type != "15" ]] && [[ $tls_content_type != "16" ]]; then + debugme pr_svrty_criticalln "Content type other than alert or handshake detected." + return 1 + elif [[ "${tls_protocol:0:2}" != "03" ]]; then + debugme pr_svrty_criticalln "Protocol record_version.major is not 03." return 1 fi + DETECTED_TLS_VERSION=$tls_protocol + + if [[ $msg_len -gt $tls_hello_ascii_len-$i ]]; then + # This could just be a result of the server's response being + # split across two or more packets. Just grab the part that + # is available. + msg_len=$tls_hello_ascii_len-$i + fi + + if [[ $tls_content_type == "16" ]]; then + tls_handshake_ascii="$tls_handshake_ascii${tls_hello_ascii:i:msg_len}" + elif [[ $tls_content_type == "15" ]]; then # TLS ALERT + tls_alert_ascii="$tls_alert_ascii${tls_hello_ascii:i:msg_len}" + fi + done + + # Now check the alert messages. + tls_alert_ascii_len=${#tls_alert_ascii} + if [[ $tls_alert_ascii_len -gt 0 ]]; then + debugme echo "TLS alert messages:" + for (( i=0; i+3 < tls_alert_ascii_len; i=i+4 )); do + tls_err_level=${tls_alert_ascii:i:2} # 1: warning, 2: fatal + j=$i+2 + tls_err_descr=${tls_alert_ascii:j:2} # 112/0x70: Unrecognized name, 111/0x6F: certificate_unobtainable, + # 113/0x71: bad_certificate_status_response, #114/0x72: bad_certificate_hash_value + + debugme out " tls_err_descr: 0x${tls_err_descr} / = $(hex2dec ${tls_err_descr})" + case $tls_err_descr in + 00) tls_alert_descrip="close notify" ;; + 0A) tls_alert_descrip="unexpected message" ;; + 14) tls_alert_descrip="bad record mac" ;; + 15) tls_alert_descrip="decryption failed" ;; + 16) tls_alert_descrip="record overflow" ;; + 1E) tls_alert_descrip="decompression failure" ;; + 28) tls_alert_descrip="handshake failure" ;; + 29) tls_alert_descrip="no certificate RESERVED" ;; + 2A) tls_alert_descrip="bad certificate" ;; + 2B) tls_alert_descrip="unsupported certificate" ;; + 2C) tls_alert_descrip="certificate revoked" ;; + 2D) tls_alert_descrip="certificate expired" ;; + 2E) tls_alert_descrip="certificate unknown" ;; + 2F) tls_alert_descrip="illegal parameter" ;; + 30) tls_alert_descrip="unknown ca" ;; + 31) tls_alert_descrip="access denied" ;; + 32) tls_alert_descrip="decode error" ;; + 33) tls_alert_descrip="decrypt error" ;; + 3C) tls_alert_descrip="export restriction RESERVED" ;; + 46) tls_alert_descrip="protocol version" ;; + 47) tls_alert_descrip="insufficient security" ;; + 50) tls_alert_descrip="internal error" ;; + 56) tls_alert_descrip="inappropriate fallback" ;; + 5A) tls_alert_descrip="user canceled" ;; + 64) tls_alert_descrip="no renegotiation" ;; + 6E) tls_alert_descrip="unsupported extension" ;; + 6F) tls_alert_descrip="certificate unobtainable" ;; + 70) tls_alert_descrip="unrecognized name" ;; + 71) tls_alert_descrip="bad certificate status response" ;; + 72) tls_alert_descrip="bad certificate hash value" ;; + 73) tls_alert_descrip="unknown psk identity" ;; + 78) tls_alert_descrip="no application protocol" ;; + *) tls_alert_descrip="$(hex2dec "$tls_err_descr")";; + esac + + if [[ $DEBUG -ge 2 ]]; then + outln " ($tls_alert_descrip)" + out " tls_err_level: ${tls_err_level}" + case $tls_err_level in + 01) outln " (warning)" ;; + 02) outln " (fatal)" ;; + *) outln ;; + esac + outln + fi + if [[ "$tls_err_level" != "01" ]] && [[ "$tls_err_level" != "02" ]]; then + debugme pr_svrty_criticalln "Unexpected AlertLevel (0x$tls_err_level)." + return 1 + elif [[ "$tls_err_level" == "02" ]]; then + # Fatal alert + return 1 + fi + done fi + # Now extract just the server hello handshake message. + tls_handshake_ascii_len=${#tls_handshake_ascii} + if [[ $DEBUG -ge 2 ]] && [[ $tls_handshake_ascii_len -gt 0 ]]; then + echo "TLS handshake messages:" + fi + for (( i=0; i Date: Tue, 17 May 2016 12:02:12 -0400 Subject: [PATCH 03/10] Don't use dec2hex The dec2hex() was actually converting from hex to decimal. Since it was only being used in one place, and wasn't really needed there, I just deleted it. --- testssl.sh | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/testssl.sh b/testssl.sh index aaca298..af56e21 100755 --- a/testssl.sh +++ b/testssl.sh @@ -488,11 +488,6 @@ hex2dec() { echo $((16#$1)) } -dec2hex() { - #/usr/bin/printf -- "%x" "$1" - echo $((0x$1)) -} - # trim spaces for BSD and old sed count_lines() { wc -l <<<"$1" | sed 's/ //g' @@ -4015,7 +4010,7 @@ parse_tls_serverhello() { local -i tls_hello_ascii_len tls_handshake_ascii_len tls_alert_ascii_len msg_len local tls_serverhello_ascii="" local -i tls_serverhello_ascii_len=0 - local tls_alert_descrip + local tls_alert_descrip tls_sid_len_hex local -i tls_sid_len offset local tls_msg_type tls_content_type tls_protocol tls_protocol2 tls_hello_time local tls_err_level tls_err_descr tls_cipher_suite tls_compression_method @@ -4239,7 +4234,8 @@ parse_tls_serverhello() { tls_hello_time="${tls_serverhello_ascii:4:8}" TLS_TIME=$(hex2dec "$tls_hello_time") - tls_sid_len=2*$(hex2dec "${tls_serverhello_ascii:68:2}") + tls_sid_len_hex="${tls_serverhello_ascii:68:2}" + tls_sid_len=2*$(hex2dec "$tls_sid_len_hex") let offset=70+$tls_sid_len if [[ $tls_serverhello_ascii_len -lt 76+$tls_sid_len ]]; then @@ -4255,9 +4251,8 @@ parse_tls_serverhello() { if [[ $DEBUG -ge 2 ]]; then echo "TLS server hello message:" if [[ $DEBUG -ge 4 ]]; then - tls_sid_len=$tls_sid_len/2 echo " tls_protocol: 0x$tls_protocol2" - echo " tls_sid_len: 0x$(dec2hex $tls_sid_len) / = $tls_sid_len" + echo " tls_sid_len: 0x$tls_sid_len_hex / = $((tls_sid_len/2))" fi echo -n " tls_hello_time: 0x$tls_hello_time " if "$HAS_GNUDATE"; then From 9a1425da14eeaaa20b9c692306a67eb8c493842a Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Wed, 18 May 2016 19:06:26 +0200 Subject: [PATCH 04/10] - FIX #354 - polish #353 --- testssl.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index af56e21..6080222 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3546,7 +3546,7 @@ run_pfs() { local pfs_ciphers outln - pr_headlineln " Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here " + pr_headlineln " Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here " if ! "$HAS_DH_BITS" && "$WIDE"; then pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)" fi @@ -4059,10 +4059,10 @@ parse_tls_serverhello() { outln fi if [[ $tls_content_type != "15" ]] && [[ $tls_content_type != "16" ]]; then - debugme pr_svrty_criticalln "Content type other than alert or handshake detected." + debugme pr_warningln "Content type other than alert or handshake detected." return 1 elif [[ "${tls_protocol:0:2}" != "03" ]]; then - debugme pr_svrty_criticalln "Protocol record_version.major is not 03." + debugme pr_warningln "Protocol record_version.major is not 03." return 1 fi DETECTED_TLS_VERSION=$tls_protocol @@ -4139,7 +4139,7 @@ parse_tls_serverhello() { outln fi if [[ "$tls_err_level" != "01" ]] && [[ "$tls_err_level" != "02" ]]; then - debugme pr_svrty_criticalln "Unexpected AlertLevel (0x$tls_err_level)." + debugme pr_warningln "Unexpected AlertLevel (0x$tls_err_level)." return 1 elif [[ "$tls_err_level" == "02" ]]; then # Fatal alert @@ -4196,7 +4196,7 @@ parse_tls_serverhello() { if [[ "$tls_msg_type" == "02" ]]; then if [[ -n "$tls_serverhello_ascii" ]]; then - debugme pr_svrty_criticalln "Response contained more than one ServerHello handshake message." + debugme pr_warningln "Response contained more than one ServerHello handshake message." return 1 fi tls_serverhello_ascii="${tls_handshake_ascii:i:msg_len}" @@ -4212,7 +4212,7 @@ parse_tls_serverhello() { return 1 elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then # the ServerHello MUST be the first handshake message - debugme pr_svrty_criticalln "The first handshake protocol message is not a ServerHello." + debugme pr_warningln "The first handshake protocol message is not a ServerHello." return 1 fi @@ -4226,7 +4226,7 @@ parse_tls_serverhello() { # byte 38+39+sid-len: extension length tls_protocol2="${tls_serverhello_ascii:0:4}" if [[ "${tls_protocol2:0:2}" != "03" ]]; then - debugme pr_svrty_criticalln "server_version.major in ServerHello is not 03." + debugme pr_warningln "server_version.major in ServerHello is not 03." return 1 fi DETECTED_TLS_VERSION="$tls_protocol2" @@ -7177,4 +7177,4 @@ fi exit $? -# $Id: testssl.sh,v 1.481 2016/04/21 16:44:56 dirkw Exp $ +# $Id: testssl.sh,v 1.483 2016/05/18 17:06:25 dirkw Exp $ From dccf9bef63261ccff81e316a3466f7216248c867 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 19 May 2016 16:39:06 -0400 Subject: [PATCH 05/10] Fix typo in Server key size check When certificate_info() is trying to determine what type of public key the server has so that it can determine whether the key size is acceptable, it sometimes looks at $cert_sig_algo rather than $cert_key_algo. This PR fixes that and also adds support for DSA public keys. --- testssl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 6080222..6285a82 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3089,7 +3089,7 @@ certificate_info() { # http://infoscience.epfl.ch/record/164526/files/NPDF-22.pdf # see http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf # Table 2 @ chapter 5.6.1 (~ p64) - if [[ $cert_sig_algo =~ ecdsa ]] || [[ $cert_key_algo =~ ecPublicKey ]]; then + if [[ $cert_key_algo =~ ecdsa ]] || [[ $cert_key_algo =~ ecPublicKey ]]; then if [[ "$cert_keysize" -le 110 ]]; then # a guess pr_svrty_critical "$cert_keysize" fileout "${json_prefix}key_size" "NOT ok" "Server keys $cert_keysize EC bits (NOT ok)" @@ -3110,7 +3110,7 @@ certificate_info() { fileout "${json_prefix}key_size" "WARN" "Server keys $cert_keysize bits (not expected)" fi outln " bits" - elif [[ $cert_sig_algo = *RSA* ]]; then + elif [[ $cert_key_algo = *RSA* ]] || [[ $cert_key_algo = *rsa* ]] || [[ $cert_key_algo = *dsa* ]]; then if [[ "$cert_keysize" -le 512 ]]; then pr_svrty_critical "$cert_keysize" outln " bits" From 2ffed62d53db498a0e1e083b44af356c9ae9d11f Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 19 May 2016 16:45:56 -0400 Subject: [PATCH 06/10] Recognize more signature algorithms This PR adds to the list of signature algorithms recognized in certificate_info(). --- testssl.sh | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 6080222..18e9abf 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3018,7 +3018,7 @@ certificate_info() { local cert_keysize=$4 local ocsp_response=$5 local ocsp_response_status=$6 - local cert_sig_algo cert_key_algo + local cert_sig_algo cert_sig_hash_algo cert_key_algo local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_C issuer_O issuer sans san cn cn_nosni local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial local policy_oid @@ -3051,6 +3051,10 @@ certificate_info() { pr_svrty_mediumln "SHA1 with RSA" fileout "${json_prefix}algorithm" "WARN" "Signature Algorithm: SHA1 with RSA (warning)" ;; + sha224WithRSAEncryption) + outln "SHA224 with RSA" + fileout "${json_prefix}algorithm" "INFO" "Signature Algorithm: SHA224 with RSA" + ;; sha256WithRSAEncryption) pr_done_goodln "SHA256 with RSA" fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: SHA256 with RSA (OK)" @@ -3063,10 +3067,75 @@ certificate_info() { pr_done_goodln "SHA512 with RSA" fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: SHA512 with RSA (OK)" ;; + ecdsa-with-SHA1) + pr_svrty_mediumln "ECDSA with SHA1" + fileout "${json_prefix}algorithm" "WARN" "Signature Algorithm: ECDSA with SHA1 (warning)" + ;; + ecdsa-with-SHA224) + outln "ECDSA with SHA224" + fileout "${json_prefix}algorithm" "INFO" "Signature Algorithm: ECDSA with SHA224" + ;; ecdsa-with-SHA256) pr_done_goodln "ECDSA with SHA256" fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: ECDSA with SHA256 (OK)" ;; + ecdsa-with-SHA384) + pr_done_goodln "ECDSA with SHA384" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: ECDSA with SHA384 (OK)" + ;; + ecdsa-with-SHA512) + pr_done_goodln "ECDSA with SHA512" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: ECDSA with SHA512 (OK)" + ;; + dsaWithSHA1) + pr_svrty_mediumln "DSA with SHA1" + fileout "${json_prefix}algorithm" "WARN" "Signature Algorithm: DSA with SHA1 (warning)" + ;; + dsa_with_SHA224) + outln "DSA with SHA224" + fileout "${json_prefix}algorithm" "INFO" "Signature Algorithm: DSA with SHA224" + ;; + dsa_with_SHA256) + pr_done_goodln "DSA with SHA256" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: DSA with SHA256 (OK)" + ;; + rsassaPss) + cert_sig_hash_algo="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A 1 "Signature Algorithm" | head -2 | tail -1 | sed 's/^.*Hash Algorithm: //')" + case $cert_sig_hash_algo in + sha1) + pr_svrty_mediumln "RSASSA-PSS with SHA1" + fileout "${json_prefix}algorithm" "WARN" "Signature Algorithm: RSASSA-PSS with SHA1 (warning)" + ;; + sha224) + outln "RSASSA-PSS with SHA224" + fileout "${json_prefix}algorithm" "INFO" "Signature Algorithm: RSASSA-PSS with SHA224" + ;; + sha256) + pr_done_goodln "RSASSA-PSS with SHA256" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: RSASSA-PSS with SHA256 (OK)" + ;; + sha384) + pr_done_goodln "RSASSA-PSS with SHA384" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: RSASSA-PSS with SHA384 (OK)" + ;; + sha512) + pr_done_goodln "RSASSA-PSS with SHA512" + fileout "${json_prefix}algorithm" "OK" "Signature Algorithm: RSASSA-PSS with SHA512 (OK)" + ;; + *) + out "RSASSA-PSS with $cert_sig_hash_algo" + pr_warningln " (Unknown hash algorithm)" + fileout "${json_prefix}algorithm" "WARN" "Signature Algorithm: RSASSA-PSS with $cert_sig_hash_algo" + esac + ;; + md2*) + pr_svrty_criticalln "MD2" + fileout "${json_prefix}algorithm" "NOT ok" "Signature Algorithm: MD2 (NOT ok)" + ;; + md4*) + pr_svrty_criticalln "MD4" + fileout "${json_prefix}algorithm" "NOT ok" "Signature Algorithm: MD4 (NOT ok)" + ;; md5*) pr_svrty_criticalln "MD5" fileout "${json_prefix}algorithm" "NOT ok" "Signature Algorithm: MD5 (NOT ok)" From aa99c5eb88126613bb5d5081a4843bcc013cb2a1 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Fri, 20 May 2016 13:45:53 +0200 Subject: [PATCH 07/10] - FIX #347 - LF removed in JSON --- testssl.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 341e324..8a8e96d 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1073,7 +1073,7 @@ run_server_banner() { if [[ "$serverbanner" = *Microsoft-IIS/6.* ]] && [[ $OSSL_VER == 1.0.2* ]]; then pr_warningln " It's recommended to run another test w/ OpenSSL 1.0.1 !" # see https://github.com/PeterMosmans/openssl/issues/19#issuecomment-100897892 - fileout "IIS6_openssl_mismatch" "WARN" "It is recommended to rerun this test w/ OpenSSL 1.0.1\nSee https://github.com/PeterMosmans/openssl/issues/19#issuecomment-100897892" + fileout "IIS6_openssl_mismatch" "WARN" "It is recommended to rerun this test w/ OpenSSL 1.0.1. See https://github.com/PeterMosmans/openssl/issues/19#issuecomment-100897892" fi fi # mozilla.github.io/server-side-tls/ssl-config-generator/ @@ -5824,7 +5824,8 @@ special invocations: partly mandatory parameters: URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified) pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits - protocol is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl) + protocol is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap + (for the latter two you need e.g. the supplied openssl) tuning options (can also be preset via environment variables): --bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s @@ -6082,6 +6083,11 @@ parse_hn_port() { # strip trailing urlpath NODE=$(echo "$NODE" | sed -e 's/\/.*$//') + # if there's a trailing ':' probably a starttls/application protocol was specified + if grep -q ':$' <<< $NODE ; then + fatal "\"$1\" is not a valid URI" 1 + fi + # was the address supplied like [AA:BB:CC::]:port ? if echo "$NODE" | grep -q ']' ; then tmp_port=$(printf "$NODE" | sed 's/\[.*\]//' | sed 's/://') @@ -7246,4 +7252,4 @@ fi exit $? -# $Id: testssl.sh,v 1.483 2016/05/18 17:06:25 dirkw Exp $ +# $Id: testssl.sh,v 1.485 2016/05/20 11:45:52 dirkw Exp $ From bf17a17b7089fe6ac3870274f272e419998d8dba Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Mon, 23 May 2016 18:56:05 +0200 Subject: [PATCH 08/10] - 3DES in standard cipher list is medium, thus "NOT ok" is too much (need for elegant general way for "medium") (see also https://www.keylength.com/en/8/) --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 8a8e96d..fc21df2 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1387,8 +1387,8 @@ std_cipherlists() { ;; 3) # not totally bad if [[ $sclient_success -eq 0 ]]; then - pr_svrty_mediumln "offered (NOT ok)" - fileout "std_$4" "NOT ok" "$2 offered (NOT ok) - not too bad" + pr_svrty_mediumln "offered" + fileout "std_$4" "NOT ok" "$2 offered - not too bad" else outln "not offered (OK)" fileout "std_$4" "OK" "$2 not offered (OK)" @@ -7252,4 +7252,4 @@ fi exit $? -# $Id: testssl.sh,v 1.485 2016/05/20 11:45:52 dirkw Exp $ +# $Id: testssl.sh,v 1.486 2016/05/23 16:56:04 dirkw Exp $ From 5a03e9630480f1c34a7195425a0baaad020ee72e Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 23 May 2016 22:42:40 +0200 Subject: [PATCH 09/10] - consequently removed "NOT ok" for not-av of TLS 1.2 --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index fc21df2..8869b8a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2372,10 +2372,10 @@ run_protocols() { fileout "tls1_2" "NOT ok" "TLSv1.2 is not offered (NOT ok)" ;; # no GCM, penalty 2) - pr_svrty_medium "not offered (NOT ok)" + pr_svrty_medium "not offered" [[ $DEBUG -eq 1 ]] && out " -- downgraded" outln - fileout "tls1_2" "NOT ok" "TLSv1.2 is not offered and downgraded to a weaker protocol (NOT ok)" + fileout "tls1_2" "INFO" "TLSv1.2 is not offered and downgraded to a weaker protocol (medium)" ;; 5) outln "$supported_no_ciph1" @@ -7252,4 +7252,4 @@ fi exit $? -# $Id: testssl.sh,v 1.486 2016/05/23 16:56:04 dirkw Exp $ +# $Id: testssl.sh,v 1.487 2016/05/23 20:42:39 dirkw Exp $ From e0c147ec86932535670aee085ac3c26f5a54523d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 24 May 2016 13:57:47 -0400 Subject: [PATCH 10/10] run_pfs() and run_rc4() show each fixes When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs(). In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect. This PR fixes both issues. --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 8869b8a..6ba1ff9 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3679,7 +3679,7 @@ run_pfs() { out "$pfs_cipher " fi fi - pfs_ciphers+="$pfs_cipher " + [[ $sclient_success -eq 0 ]] && pfs_ciphers+="$pfs_cipher " debugme rm $tmpfile done < <($OPENSSL ciphers -V "$pfs_cipher_list" 2>$ERRFILE) # -V doesn't work with openssl < 1.0 debugme echo $pfs_offered @@ -5586,9 +5586,9 @@ run_rc4() { fi outln else - pr_svrty_high "$rc4_cipher " + [[ $sclient_success -eq 0 ]] && pr_svrty_high "$rc4_cipher " fi - rc4_detected+="$rc4_cipher " + [[ $sclient_success -eq 0 ]] && rc4_detected+="$rc4_cipher " done < <($OPENSSL ciphers -V $rc4_ciphers_list:@STRENGTH) outln "$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)"