Commit Graph

4449 Commits

Author SHA1 Message Date
Magnus Larsen cce7566dc8 Moved grade_caps to run_rating() function; added KEY_EXCH_SCORE=20 back again 2020-06-02 16:26:55 +02:00
Dirk Wetter 9a22e9af1a
Merge pull request #1649 from dcooper16/SC2034
Fix Shellcheck SC2034 issues
2020-06-02 11:08:33 +02:00
David Cooper edefce5998 Fix Shellcheck SC2034 issues
This commit fixes several issues related to Shellcheck issue SC2034: unused variables.

In most cases variables are declared in a function, but are referenced later. The exceptions are:

* SESS_RESUMPTION is declared and values are assigned to it, but it us never used. (Same applies for not_new_reused in sub_seession_resumption().)

* In run_cipherlists(), there is a typo in the declaration of sslv2_tdes_ciphers.

* In get_caa_rr_record(), "hash", "len", and "line" are used but not declared.
2020-06-01 15:31:01 -04:00
Magnus Larsen 30d5710768 ephemeral is the word 2020-05-28 21:12:14 +02:00
Magnus Larsen dca50fc49a allow multiple equal key sizes 2020-05-28 21:00:45 +02:00
Magnus Larsen e6150a2348 Missed todo comment fix; cleanup output 2020-05-28 20:33:17 +02:00
Magnus Larsen 985e647cdf merge upstream 2020-05-28 20:20:32 +02:00
Dirk Wetter 4f9c5158dc
Merge pull request #1646 from drwetter/get_TXT_record
Add get_txt_record(), fix variable declaration in get_mx_record()
2020-05-25 21:31:18 +02:00
Dirk a4ae05c90c Add get_txt_record(), fix variable declaration in get_mx_record()
This commit adds a function for querying the TXT DNS record, so
that subsequently we'll can build on top of that a function for
checking MTA-STS, see #1073.

Also it modifies a local variable mxs in get_mx_record() which
was declared as mx but mxs was used. (That is pending an backport
to 3.0.)
2020-05-25 13:23:49 +02:00
Dirk Wetter e87880ee92
Merge pull request #1643 from dcooper16/EdDSA
Support EdDSA
2020-05-18 14:39:33 +02:00
David Cooper 37ffabf8d5 Remove some unnecessary quotation marks 2020-05-18 07:38:49 -04:00
David Cooper 3ae48931fb Support EdDSA
This commit adds support for EdDSA (Ed25519 and Ed448). In particular:

* It modifies prepare_tls_clienthello() to include Ed25519 and Ed448 in the signature_algorithms extension of the TLS 1.2 and earlier ClientHello (RFC 8422).

* It modifies run_server_defaults() and get_server_certificate() to check whether the server offers EdDSA certificates with TLS 1.3.

* It modifies certificate_info() to handle certificates signed with EdDSA or with EdDSA public keys, even if $OPENSSL does not support pretty printing such keys and signatures.

* It modifies read_sigalg_from_file() to recognize EdDSA signatures even if $OPENSSL does not.
2020-05-18 07:37:46 -04:00
Dirk Wetter 42386e512b
Merge pull request #1642 from dcooper16/peer_signature_type
Extract server's signature algorithm
2020-05-16 12:46:55 +02:00
David Cooper df42eeb8b4 Extract server's signature algorithm
PR #1519 requested that testssl.sh show the signature algorithm that the server uses during the TLS handshake. In TLS 1.3, this appears in the CertificateVerify message. In TLS 1.2 it appears in the ServerKeyExchange message when the chosen cipher suite uses an ephemeral (DH or ECDH) key, except in the case of cipher suites that provide no authentication. This information is not present in TLS 1.1 and earlier, as the hash algorithm to use in these earlier versions of the protocol is hard coded into the specification.

This commit takes a first step towards being able to show the signature algorithm by extending parse_tls_serverhello() to extract the signature algorithm when it is present. Matching the output produced by OpenSSL, it output two separate lines, the "Peer signature type" (RSA, RSA-PSS, DSA, ECDSA, Ed25519, or Ed448) and the "Peer signing digest" (MD5, SHA1, SHA224, SHA256, SHA384, or SHA512). This will allow the same function to extract the signature algorithm and digest, whether the handshake was performed using "$OPENSSL s_client" or tls_sockets().
2020-05-14 14:42:08 -04:00
Dirk Wetter 2022754b4a
Merge pull request #1636 from drwetter/breach_improvements
Improve compression detection for BREACH
2020-05-12 10:16:14 +02:00
Dirk Wetter 7fbb79b147
Merge pull request #1638 from dcooper16/fix_show_sigalgo
Fix $SHOW_SIGALGO
2020-05-12 10:13:22 +02:00
David Cooper d5671a0352 Fix $SHOW_SIGALGO
This commit fixes two issues related to $SHOW_SIGALGO.

First, cipher_pref_check() does not show the signature algorithm if any of the ciphers were found using tls_sockets(), since the call to tls_sockets() does not specify that the server's certificate should be extracted.

Second, in run_beast() the call to tls_sockets() indicates that the server's certificate should be extracted if "$SHOW_SIGALGO" is true, even if "$WIDE" is false. While this does not cause any problems, extracting the certificate is a waste of effort if "$WIDE" is false, since the signature algorithm is not shown in that case.
2020-05-11 10:09:02 -04:00
Magnus Larsen 8b74d41487 unintended linebreak 2020-05-11 15:22:51 +02:00
Magnus Larsen 6119d8538e proper rating of dh group length 2020-05-11 15:20:16 +02:00
Dirk Wetter 78a95d73c8 Add BREACH extension 2020-05-11 14:07:02 +02:00
Dirk Wetter 25f87455a4 Amendment for compression detection (BREACH)
This commit saves more or less time for a detection of the compression.

First it assembles the GET command with all available compressions and send them all.
If the result is negative: we can just tell the finding and return. If it's
positive: We already have identified 1x compression. Then we cycle through the
remaining compressions with single GET requests.

In order to not duplicate code we introduced a helper function sub_breach_helper()
which takes care sending the request and analysis the result.

We treat now failed requests differently: When the first fails we don't
continue anymore.
2020-05-11 13:57:50 +02:00
Dirk Wetter 825cbf7b1d Improve compression detection for BREACH
This commit tries to enummerate through all possible compressions
instead of just raising the arm because of the first one detected.

As far as the performance is concerned there's room for improvements
which subsequent commits will address.
2020-05-11 10:41:48 +02:00
Dirk Wetter 78612c86a0
Merge pull request #1635 from drwetter/dockerfile+_31dev
Better Dockerfile: doesn't require "git clone"
2020-05-09 13:18:57 +02:00
Dirk d065bda3b8 Better Dockerfile: doesn't require "git clone"
.. see also #1559.

It "mkdirs" the needed etc and bin directories first, then copies
stuff over. It also reduces a few layers.

Also it corrects a mistake in the Readme.md (docker exec --> run)

Thanks for the discussion @Alex131089
2020-05-09 13:17:02 +02:00
Dirk Wetter bbd46b4e03
Merge pull request #1631 from dcooper16/has_sigalgs
Implement $HAS_SIGALGS
2020-05-09 10:38:03 +02:00
Dirk Wetter cc8a83ccc0
Merge pull request #1630 from dcooper16/cipher_pre_check_local_problem
Fix "local problem" output in ciher_pref_check()
2020-05-09 10:36:17 +02:00
Dirk Wetter 6897b4abeb
Merge pull request #1632 from unit193/3.1dev
Fix a couple typos in the documentation.
2020-05-09 10:34:44 +02:00
Unit 193 871db32fb5 Fix a couple typos.
enviroment → environment
ususally → usually
2020-05-08 22:48:20 -04:00
David Cooper 4f802502a0 Implement $HAS_SIGALGS
The "-sigalgs" option is used in get_server_certificate() to obtain certificates the server uses with TLS 1.3. get_server_certificate() is currently designed to use $OPENSSL, if $OPENSSL supports TLS 1.3.

LibreSSL 3.1.{0,1} has added client support for TLS 1.3, but does not support the "-sigalgs" option. So, this commit determines whether the "-sigalgs" option is supported, and if it isn't, then uses tls_sockets().
2020-05-08 16:15:32 -04:00
David Cooper ec4feb52e7 Fix "local problem" output in ciher_pref_check()
When cipher_pref_check() is called in "--ssl-native" mode and the specified protocol is not supported, the message indicating a "local problem" is not properly formatted.
2020-05-08 16:13:30 -04:00
Dirk Wetter 4f868a76a7
Merge pull request #1629 from dcooper16/bad_exponent_rating
Rate RSA e=1 as CRITICAL
2020-05-08 17:13:09 +02:00
David Cooper cde2ecdc5d Rate RSA e=1 as CRITICAL
PR #1619 set the grade cap to 'F' is the server has a certificate with an RSA with e=1, however, it did not change the rating in the JSON/CSV output. This commit changes the cert_keySize rating to CRITICAL for an RSA key with e=1, regardless of the size of the modulus. It also uses pr_svrty_critical() to print the exponent in this case.
2020-05-08 08:23:14 -04:00
Dirk Wetter d16f8a20c5
Merge pull request #1621 from drwetter/drwetter-patch-1
Labelling, look @ 3.0.2
2020-05-07 19:57:49 +02:00
Dirk Wetter e53ea4a115
Merge pull request #1623 from dcooper16/fix_cp_error
Fix copy and paste error
2020-05-07 19:38:28 +02:00
Dirk Wetter a137f73926
Merge pull request #1620 from dcooper16/improve_key_exchange_grading
Improve key exchange grading
2020-05-07 19:37:36 +02:00
Dirk Wetter e243b3d77a
Merge pull request #1619 from dcooper16/fix_1576
Fix #1576
2020-05-07 19:35:42 +02:00
David Cooper 8697e3417a Fix copy and paste error
This commit fixes a bug that was introduced by an accidental copy and paste.
2020-05-07 12:33:23 -04:00
Dirk Wetter 6fa82ea2f7 Fix typos 2020-05-07 17:15:11 +02:00
Dirk Wetter 7b3adf8195
Labelling, look @ 3.0.2
* label 3.1dev it as a ~rolling release
* outlook to 3.0.2 (~tomorrow)
2020-05-07 10:50:41 +02:00
David Cooper 46bf8c90ac Improve key exchange grading
This commit makes a couple of improvements to set_key_str_score().

It rates (finite-field) DH keys the same as RSA and DSA keys.

Second, in the case of a server that has more than one certificate, the current code sets $KEY_EXCH_SCORE based on the length of the public key in the last certificate that is parsed. This commit changes set_key_str_score() so that $KEY_EXCH_SCORE is set based on the weakest public key.

Note that there is still the issue that the key exchange score does not take into account any ephemeral keys used. However, that needs to be addressed by callling set_key_str_score() from run_fs() and run_logjam(), as certificate_info() cannot provide information about ephemeral keys.
2020-05-06 14:30:44 -04:00
David Cooper a8c9133fc6 Check for RSA exponent of 1
As suggested in #1576, set the grade cap to F if the RSA key has an exponent of 1.
2020-05-06 14:25:59 -04:00
David Cooper 9dba2a8c9c Fix #1576
This commit adds additional information to the "Server key size" line for a certificate if the subject public key is RSA, ECDSA, or DH.

For RSA it show the public exponent. For ECDSA, it shows the curve. For DH, it shows the group used, if it is a common prime.
2020-05-06 12:16:15 -04:00
Dirk Wetter f492cf0336
Merge pull request #1616 from dcooper16/tls_sockets_return_value
tls_sockets() return value
2020-05-06 16:34:40 +02:00
Dirk Wetter 7c5fc48d25
Merge pull request #1618 from dcooper16/fix_1433
Fix #1433
2020-05-06 15:42:05 +02:00
David Cooper 329ba95d5b Fix #1433
This commit fixes #1433 by adding "@SECLEVEL=0" to the "$OPENSSL s_client" and "$OPENSSL ciphers" command lines if that option is supported. Adding this option configures OpenSSL to support some weak ciphers that it would not use in the default configuration.
2020-05-06 08:43:13 -04:00
David Cooper 84a82dbddc tls_sockets() return value
There is one place in parse_tls_serverhello() that returns 8 if the server's response is not well-formed TLS. However, there is no code in testssl.sh that is prepared to handle this return value. Every function except run_protocols() only distinguishes between 0, 2, and everything else. run_protocols(), however, gets confused if tls_sockets() returns a value that it is not expecting. So, this commit changes parse_tls_serverhello() to return 1 whenever the server's response can not be parsed.
2020-05-06 08:31:09 -04:00
Dirk Wetter 693cb216f7
Merge pull request #1615 from drwetter/license_patch3.1dev
Amendment to "Relax the possible GPL license contradiction"
2020-05-06 09:18:51 +02:00
Dirk 908975380d Amendment to "Relax the possible GPL license contradiction"
fix it also in the man pages. See #1590 / #1593
2020-05-06 09:17:42 +02:00
Dirk Wetter 41259d2f1b
Merge pull request #1612 from drwetter/TYPO3-Parsetime
Add X-TYPO3-Parsetime
2020-05-05 19:53:15 +02:00
Dirk Wetter 918d358e95 Add X-TYPO3-Parsetime 2020-05-05 13:37:58 +02:00