Commit Graph

4449 Commits

Author SHA1 Message Date
David Cooper 9d1803d6eb More SSLv2 (and SSLv3) related fixes
In doing some work on cipher_pref_check() I noticed that it was failing on SSLv2 since the call to "$OPENSSL s_client" includes SNI. I've also noticed in my testing that "$OPENSSL s_client" will not connect to an SSLv2-only server unless the "-ssl2" flag is included. So, I carefully checked each call to "$OPENSSL s_client" in the program (other than in run_allciphers and run_cipher_per_proto, since those functions are already addresses in PR #341) to see whether they would inappropriate fail with an SSLv2-only (or SSLv3-only) server.

As a general rule, if the call doesn't currently include the protocol, then I added "-ssl2" if $OPTIMAL_PROTO is "-ssl2", indicating that the server only supports SSLv2, and I removed any $SNI if a protocol is specified if a protocol is specified and it is either SSLv2 or SSLv3.

I tested it on an SSLv2-only server, and the results are much better. I also tested it on a collection of other servers, none of which support SSLv2, and the results are the same as with the current code.

The only thing I haven't been able to test is how the revised code works when the "--starttls" option is used. I don't believe the changes I made would cause anything to break in that case, but I also don't think code will work any better in that case, if the server only supports SSLv2. Of course, since no server should support SSLv2 (let alone only SSLv2), it shouldn't really be an issue.

One thing that I did not change, but that I do not understand; why does determine_optimal_proto() try the protocols in the order "-tls1_2 -tls1 -ssl3 -tls1_1 -ssl2" rather than "-tls1_2 -tls1_1 -tls1 -ssl3 -ssl2"? Doesn't the current ordering imply that TLS v1.0 and SSLv3 are better than TLS v1.1?
2016-04-29 17:04:01 -04:00
David Cooper 91bab81e26 "$OPENSSL ciphers" ignores "-tls1_1" and "-tls1_2"
Versions of OpenSSL prior to 1.1.0 ignore the options "-tls1_1" and "-tls1_2". So, a call of the form "$OPENSSL ciphers -tls1_2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' would list all supported ciphers (including SSLv2 ciphers), not just ciphers appropriate for TLS1.2.

This changes the code to use "-tls1" instead of "-tls1_1" or "-tls1_2" if a version of OpenSSL other than 1.1.0 is being used.
2016-04-21 14:05:19 -04:00
Dirk Wetter 269a9e8c60 - fix LF in JSON/CSV output
- fix EV detection
2016-04-21 18:44:57 +02:00
Dirk Wetter 948118c927 Merge pull request #343 from dcooper16/fix_typos
Fix some typos
2016-04-21 18:21:51 +02:00
David Cooper cf84d69171 Fix some typos
Note: I deleted line 207, "HAS_SSL2=false", since it was a repeat of line 203.
2016-04-21 12:04:33 -04:00
Dirk c62177044b - FIX #336 2016-04-20 18:53:04 +02:00
David Cooper fe098d4b39 Use $HAS_SSL2
I changed the code to use the global $HAS_SSL2 rather than $sslv2_locally_supported.

I don't think there's a need to use $HAS_SSL3 in run_allciphers(), since the call to "$OPENSSL s_client" for non-SSLv2 ciphers does not specify a protocol. It's also not needed in run_cipher_per_proto(), since there is already a call to locally_supported() before anything further is done with a protocol.
2016-04-19 09:47:52 -04:00
David Cooper 7e506e5c5a More extensions in socksend_tls_clienthello()
This PR adds the signature algorithms, heartbeat, session ticket, and next protocol extensions to the client hello message created by socksend_tls_clienthello() for TLS 1.0 and above. It also adds the supported elliptic curves and ec points format extensions if the client hello message includes any ECC cipher suites.

I tested this version against several servers with $EXPERIMENTAL set to true and get the same results as with the current code with $EXPERIMENTAL set to false.
2016-04-13 15:39:12 -04:00
David Cooper c6db49066f run_allciphers(),run_cipher_per_proto(), and SSLv2
This PR addresses two problems related to SSLv2 in run_allciphers() and run_cipher_per_proto().

In run_cipher_per_proto(), the call to "$OPENSSL s_client" is changed to that $SNI is not included if $proto is -sslv2 or -sslv3. As noted in a comment within run_prototest_openssl(), "newer openssl throw an error if SNI is supplied with SSLv2" and "SSLv3 doesn't have SNI (openssl doesn't complain though -- yet)."

run_allciphers() will sometimes incorrectly report that a server supports an SSLv2 cipher, even if the server does not support SSLv2 at all. The problem occurs if there is a supported SSLv3 cipher suite that has the same OpenSSL name as an SSLv2 cipher suite (e.g., RC4-MD5). Since the call to "$OPENSSL s_client" only uses the OpenSSL name, but the results report both the name, hexcode, and RFC cipher suite name, both the SSLv2 and SSLv3 cipher suites are reported as being supported (e.g., 0x04=RC4-MD5=TLS_RSA_WITH_RC4_128_MD5 and x010080=RC4-MD5=SSL_CK_RC4_128_WITH_MD5). This PR fixes the problem by testing SSLv2 cipher suites separately from non-SSLv2 cipher suites.
2016-04-11 15:51:53 -04:00
Dirk Wetter 199708f94c Merge pull request #335 from dcooper16/run_cipher_per_proto_speedup
run_cipher_per_proto speedup
2016-04-08 22:11:59 +02:00
Dirk Wetter e7c27a6dbe Merge pull request #338 from dcooper16/neat_list_bugfix
Fix typo in neat_list()
2016-04-08 21:57:47 +02:00
David Cooper bbb8af804e Fix typo in neat_list()
The last line of neat_list currently uses $HEXC as the parameter to show_rfc_style(), but it should use $hexcode. At the moment using $HEXC instead of $hexcode makes no difference, since hexcode="$1" and in all calls to neat_list() the first parameter is $HEXC. However, this bug could create problems in the future since neat_list() will misbehave if the value of the first parameter (hexcode) isn't the same as $HEXC.
2016-04-08 14:49:44 -04:00
Dirk Wetter 52bd89921b Update Readme.md 2016-04-04 21:52:57 +02:00
David Cooper bbcc869dec run_cipher_per_proto speedup
This PR makes basically the same changes to run_cipher_per_proto() as I previously made to run_allciphers(). The main difference is that in this function, round 0 consists of a single call to "$OPENSSL s_client" with "-cipher" including all of the locally supported ciphers. The reason for the difference is that in run_allciphers() its saves time to assume the server supports at least one cipher suite. In the case of run_cipher_per_proto(), however, it is likely that the server will not support some protocols at all, so its usually faster to start with a single call to "$OPENSSL s_client" that tests whether the server supports the protocol at all.
2016-03-31 09:38:20 -04:00
Dirk 16927f523f - NOT OK ==> NOT ok
- FIX #332 (--show-each w/o --wide)
- polishing PR #329
2016-03-30 23:28:31 +02:00
Dirk 1ea6e944f3 - new chacha/poly ciphers 2016-03-29 21:56:54 +02:00
Dirk bed1a602f1 - small hint for new chacha/poly ciphers 2016-03-29 21:56:31 +02:00
Dirk 62f34cfda2 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-03-29 19:47:26 +02:00
Dirk 02f6e07709 - ipv6 changes (tested with 1.0.2h) 2016-03-29 19:46:44 +02:00
Dirk Wetter c033ebd885 Merge pull request #330 from dcooper16/fix_mapping_RFC_typo
Fix typo in mapping-rfc.txt
2016-03-29 19:18:04 +02:00
David Cooper 02e41951cb Fix typo in mapping-rfc.txt
There is a tab on the line for SSL_CK_RC2_128_CBC_WITH_MD5. When testssl.sh is called with "-E" and "--show-each," this causes the string "not a/v" to be printed two characters to the right of the same string on every other line (at least on Linux systems). This PR just deletes the tab character.
2016-03-29 09:23:59 -04:00
Dirk Wetter c4d84451f1 Merge pull request #326 from dcooper16/run_allciphers_speedup
run_allciphers() speedup
2016-03-28 18:41:03 +02:00
David Cooper eac2df6d81 run_allciphers() speedup
The run_allciphers() function currently works by calling "$OPENSSL s_client" once for each cipher suite supported by $OPENSSL. In the case of "OpenSSL 1.0.2-chacha (1.0.2e-dev)" that means 195 calls to  "$OPENSSL s_client" even though servers tend to only support a small fraction of these cipher suites.

This PR produces the same output as the current run_allciphers() with fewer calls to "$OPENSSL s_client", which results in the function running faster (usually much faster). The basic idea behind the revised function is to test cipher suites in blocks. If $OPENSSL supports 195 cipher suites, then it group these cipher suites into 4 blocks of 64 (with the final block being smaller). It makes one call to "$OPENSSL s_client" with cipher suites 1-64, and if it fails, then it knows that none of these 64 cipher suites are supported by the server and it doesn't need to perform any more tests on these 64 cipher suites. If it succeeds, then it breaks the 64 cipher suites into 4 blocks of 16 and calls "$OPENSSL s_client" with each of those blocks. The blocks of 16 that are successful are broken into blocks of 4, and for each of the successful blocks of 4 the individual cipher suites are tested.

For testssl.sh and www.google.com the number of calls to "$OPENSSL s_client" is reduced from 195 to 88. For github.com the number of calls is reduced to 56!

I haven't made any changes to run_cipher_per_proto yet, but if this PR is accepted I can make the same changes in that function.

Thanks,

David
2016-03-25 10:00:50 -04:00
Dirk c684ba7d9c - polishing 2016-03-25 11:52:23 +01:00
Dirk Wetter ad8fd1804a Merge pull request #325 from Niko78/patch-2
Update README.md
2016-03-25 09:22:35 +01:00
Niko78 e233480ca2 Update README.md 2016-03-25 09:20:20 +01:00
Dirk Wetter a95c807c5e Delete microsoft.pem 2016-03-25 09:07:45 +01:00
Dirk Wetter 7bb8ecc566 - now the stores are properly named 2016-03-24 18:56:26 +01:00
Dirk Wetter 53b0843664 - added Apple certificate store
- renamed the other stores accordingly (caps in the beginng)
2016-03-24 18:52:10 +01:00
Dirk dd30b8225e - FIX #324 (thx, @dawsonpaul 2016-03-21 23:03:42 +01:00
Dirk Wetter b5b158d5b2 - BREACH missed a LF 2016-03-19 18:15:38 +01:00
Dirk ab7f66533c - FIX #323
- add  MicrosoftSharePointTeamServices in header detection
2016-03-19 17:20:36 +01:00
Dirk Wetter a0b7d04974 Update README.md 2016-03-14 22:40:29 +01:00
Dirk Wetter 50660e9edd typos, minor additions 2016-03-13 21:13:03 +01:00
Dirk Wetter 682ea066d6 typos, clarification 2016-03-13 21:10:00 +01:00
Dirk Wetter 7f28b17b3c - updated, see #317 2016-03-13 20:38:06 +01:00
Dirk Wetter 46407ad2e4 - updated Mozilla truststore from http://curl.haxx.se/ instead of local firefox install, #317 2016-03-12 18:19:15 +01:00
Dirk Wetter 942359c8c1 - FIX #318
- minor code housekeeping
- increased amount of buffer read for sockets, real fix follows. #313
2016-03-12 17:08:43 +01:00
Dirk Wetter cf7fb4f773 Update Readme.md 2016-03-11 16:42:20 +01:00
Dirk Wetter 9753f0dbb7 Update Readme.md 2016-03-11 16:41:46 +01:00
Thomas Patzke 7cc41a1a92 logfile, jsonfile and csvfile parameters work without = (as documented in help) 2016-03-08 22:25:00 +01:00
Dirk Wetter a72133419a web frontend 2016-03-08 18:12:34 +01:00
Dirk 3ab9ec0230 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-03-08 10:39:13 +01:00
Dirk 7b0fabdbc4 - making the read buffer for server hello bigger+variable 2016-03-08 10:38:21 +01:00
Dirk Wetter 0cae7a9a7d Merge pull request #311 from noqqe/master
Format readme for better readability
2016-03-07 20:20:24 +01:00
Florian Baumann 1f3cd99ce8 Format readme for better readability 2016-03-07 13:04:30 +01:00
Dirk 483139f0a4 - show censy link by default 2016-03-05 21:35:30 +01:00
Dirk Wetter 28a6199109 - several code housekeepings
* SHOW_EACH_C has now the correct logic
  * pr_litemagenta ==> pr_warning
  * fileout WARN according to pr_warning then changed appropiately
  * some global vars in "" to avoid unneccessary shell expansion
  * HAS_SSL2/HAS_SSL3 now works more reliably
  * warning added in cipher order if ssl2/ssl3 is not supported by openssl
2016-03-05 21:07:49 +01:00
Dirk Wetter 118f897d6d Merge pull request #308 from skunkwerks/master
fix certificate_info() test
2016-03-04 00:33:25 +01:00
Dave Cottlehuber 9e77f38318 fix certificate_info() test 2016-03-03 21:47:36 +01:00