Commit Graph

3921 Commits

Author SHA1 Message Date
David Cooper 4f802502a0 Implement $HAS_SIGALGS
The "-sigalgs" option is used in get_server_certificate() to obtain certificates the server uses with TLS 1.3. get_server_certificate() is currently designed to use $OPENSSL, if $OPENSSL supports TLS 1.3.

LibreSSL 3.1.{0,1} has added client support for TLS 1.3, but does not support the "-sigalgs" option. So, this commit determines whether the "-sigalgs" option is supported, and if it isn't, then uses tls_sockets().
2020-05-08 16:15:32 -04:00
David Cooper ec4feb52e7 Fix "local problem" output in ciher_pref_check()
When cipher_pref_check() is called in "--ssl-native" mode and the specified protocol is not supported, the message indicating a "local problem" is not properly formatted.
2020-05-08 16:13:30 -04:00
Dirk Wetter 4f868a76a7
Merge pull request #1629 from dcooper16/bad_exponent_rating
Rate RSA e=1 as CRITICAL
2020-05-08 17:13:09 +02:00
David Cooper cde2ecdc5d Rate RSA e=1 as CRITICAL
PR #1619 set the grade cap to 'F' is the server has a certificate with an RSA with e=1, however, it did not change the rating in the JSON/CSV output. This commit changes the cert_keySize rating to CRITICAL for an RSA key with e=1, regardless of the size of the modulus. It also uses pr_svrty_critical() to print the exponent in this case.
2020-05-08 08:23:14 -04:00
Dirk Wetter d16f8a20c5
Merge pull request #1621 from drwetter/drwetter-patch-1
Labelling, look @ 3.0.2
2020-05-07 19:57:49 +02:00
Dirk Wetter e53ea4a115
Merge pull request #1623 from dcooper16/fix_cp_error
Fix copy and paste error
2020-05-07 19:38:28 +02:00
Dirk Wetter a137f73926
Merge pull request #1620 from dcooper16/improve_key_exchange_grading
Improve key exchange grading
2020-05-07 19:37:36 +02:00
Dirk Wetter e243b3d77a
Merge pull request #1619 from dcooper16/fix_1576
Fix #1576
2020-05-07 19:35:42 +02:00
David Cooper 8697e3417a Fix copy and paste error
This commit fixes a bug that was introduced by an accidental copy and paste.
2020-05-07 12:33:23 -04:00
Dirk Wetter 6fa82ea2f7 Fix typos 2020-05-07 17:15:11 +02:00
Dirk Wetter 7b3adf8195
Labelling, look @ 3.0.2
* label 3.1dev it as a ~rolling release
* outlook to 3.0.2 (~tomorrow)
2020-05-07 10:50:41 +02:00
David Cooper 46bf8c90ac Improve key exchange grading
This commit makes a couple of improvements to set_key_str_score().

It rates (finite-field) DH keys the same as RSA and DSA keys.

Second, in the case of a server that has more than one certificate, the current code sets $KEY_EXCH_SCORE based on the length of the public key in the last certificate that is parsed. This commit changes set_key_str_score() so that $KEY_EXCH_SCORE is set based on the weakest public key.

Note that there is still the issue that the key exchange score does not take into account any ephemeral keys used. However, that needs to be addressed by callling set_key_str_score() from run_fs() and run_logjam(), as certificate_info() cannot provide information about ephemeral keys.
2020-05-06 14:30:44 -04:00
David Cooper a8c9133fc6 Check for RSA exponent of 1
As suggested in #1576, set the grade cap to F if the RSA key has an exponent of 1.
2020-05-06 14:25:59 -04:00
David Cooper 9dba2a8c9c Fix #1576
This commit adds additional information to the "Server key size" line for a certificate if the subject public key is RSA, ECDSA, or DH.

For RSA it show the public exponent. For ECDSA, it shows the curve. For DH, it shows the group used, if it is a common prime.
2020-05-06 12:16:15 -04:00
Dirk Wetter f492cf0336
Merge pull request #1616 from dcooper16/tls_sockets_return_value
tls_sockets() return value
2020-05-06 16:34:40 +02:00
Dirk Wetter 7c5fc48d25
Merge pull request #1618 from dcooper16/fix_1433
Fix #1433
2020-05-06 15:42:05 +02:00
David Cooper 329ba95d5b Fix #1433
This commit fixes #1433 by adding "@SECLEVEL=0" to the "$OPENSSL s_client" and "$OPENSSL ciphers" command lines if that option is supported. Adding this option configures OpenSSL to support some weak ciphers that it would not use in the default configuration.
2020-05-06 08:43:13 -04:00
David Cooper 84a82dbddc tls_sockets() return value
There is one place in parse_tls_serverhello() that returns 8 if the server's response is not well-formed TLS. However, there is no code in testssl.sh that is prepared to handle this return value. Every function except run_protocols() only distinguishes between 0, 2, and everything else. run_protocols(), however, gets confused if tls_sockets() returns a value that it is not expecting. So, this commit changes parse_tls_serverhello() to return 1 whenever the server's response can not be parsed.
2020-05-06 08:31:09 -04:00
Dirk Wetter 693cb216f7
Merge pull request #1615 from drwetter/license_patch3.1dev
Amendment to "Relax the possible GPL license contradiction"
2020-05-06 09:18:51 +02:00
Dirk 908975380d Amendment to "Relax the possible GPL license contradiction"
fix it also in the man pages. See #1590 / #1593
2020-05-06 09:17:42 +02:00
Dirk Wetter 41259d2f1b
Merge pull request #1612 from drwetter/TYPO3-Parsetime
Add X-TYPO3-Parsetime
2020-05-05 19:53:15 +02:00
Dirk Wetter 918d358e95 Add X-TYPO3-Parsetime 2020-05-05 13:37:58 +02:00
Dirk Wetter ec37a6e1bd
Merge pull request #1610 from drwetter/xmpp_improvements
Fix STARTTLS pretests, improve XMPP handshakes
2020-05-05 08:47:34 +02:00
Dirk Wetter d949b305c0 Fix STARTTLS pretests, improve XMPP handshakes
There was a empty variable in determine_optimal_proto() which prevented to save
STARTTLS_OPTIMAL_PROTO. This is fixed.

The buffers and return codes for XMPP in starttls_io() were under not every
circumstances correct. This fixes those cases and making that in general more
robust (hopefully).  (There's still code commented out which I'll leave it for
now).

When openssl did not support -starttls xmpp-server there was a copy
and paste error saying that -xmpphost option was not supported.
2020-05-04 22:38:02 +02:00
Dirk Wetter 1a0ade585e
Merge pull request #1609 from dcooper16/check_server_response
Check server's response
2020-05-04 21:35:50 +02:00
Dirk Wetter 308582bd0e
Merge pull request #1608 from drwetter/1590_2_3.1dev
Address further potential license restriction
2020-05-04 20:35:37 +02:00
Dirk cdc1a08819 Address further potential license restriction
.. see https://github.com/drwetter/testssl.sh/issues/1590#issuecomment-623526604

Added some formatting and verbal improvements in the intruductory comment section.
2020-05-04 20:34:32 +02:00
David Cooper ae8a056afe Check server's response
There is code at the beginning of parse_tls_serverhello() that checks whether the server's response appears to consist of a sequence of messages of the form <protocol><content type><content>. However, at the moment the check is only performed if "$do_starttls" is false. This commit changes parse_tls_serverhello() so that the check is always performed.
2020-05-04 14:29:13 -04:00
Dirk Wetter 934c5fc60c
Merge pull request #1603 from drwetter/aes_cgm_doc
Fix typo in docs: Strong grade Ciphers / AEAD
2020-05-02 19:54:54 +02:00
Dirk 381fdfa985 Fix typo in docs: Strong grade Ciphers / AEAD 2020-05-02 19:49:01 +02:00
Dirk Wetter 8e6c80ffba
Merge pull request #1601 from drwetter/xmpp_server_polish
STARTTLS xmpp-server polish
2020-05-02 19:41:24 +02:00
Dirk 7981a238a5 Comment out S2S XMPP server test for now 2020-05-02 19:40:45 +02:00
Dirk 05c90d4c3a remove add_tls_offered 2020-05-02 18:37:02 +02:00
Dirk 485bcc1888 Change Travis/CI environment to bionic
... as it comes with openssl 1.1.1 and we can check also XMPP S2S
protocol
2020-05-02 18:34:10 +02:00
Dirk 5da54b9ce8 fix var declaration 2020-05-01 21:42:41 +02:00
Dirk 9e61d6605e Perl needs a semicolon ;-/ 2020-05-01 19:17:58 +02:00
Dirk 191c69fbdd Minor probe for STARTTLS xmpp-server
... don't know whether this gets through -- depends on the
version openssl used (1.0.2 doesn't have that)
2020-05-01 18:39:36 +02:00
Dirk 1d7adebb4e Add HAS_XMPP_SERVER
... see also #1575
2020-05-01 18:32:22 +02:00
Dirk 0e6fb44bd3 add xmpp-server 2020-05-01 18:31:35 +02:00
Dirk 53ee37b046 XMPP server 2020-05-01 18:03:19 +02:00
Dirk Wetter 2b174821e4
Merge pull request #1575 from horazont/feature/xmpp-server
STARTTLS: add support for xmpp-server
2020-05-01 17:53:34 +02:00
Jonas Schäfer 4daf20585d STARTTLS: add support for xmpp-server
XMPP client-to-server and server-to-server links historically use
different XML namespaces. Some server implementations are strict
about this and will not proceed with the connection attempt when
the client namespace (`jabber:client`) is used on a
server-to-server link.

openssl s_client also supports `xmpp-server`.
2020-05-01 17:44:30 +02:00
Dirk f5a1884439 Merge branch 'magnuslarsen-grading_dev' into 3.1dev 2020-05-01 17:37:13 +02:00
Dirk ebe75252fa Merge branch '3.1dev' into magnuslarsen-grading_dev 2020-05-01 17:36:29 +02:00
Dirk Wetter aa702369c1
Merge pull request #1597 from dcooper16/use_has_x25519
Use $HAS_X25519 and $HAS_X448
2020-05-01 16:21:47 +02:00
Dirk Wetter ece209886c
Merge pull request #1598 from dcooper16/improve_libressl_302_compat
Improve compatibility with LibreSSL 3.0.2 and earlier
2020-05-01 16:16:28 +02:00
Dirk Wetter c52ba088cf
Merge pull request #1599 from dcooper16/improve_libressl_310_compat
Improve LibreSSL 3.1.0 compatibility
2020-05-01 16:12:28 +02:00
David Cooper a5a28d2457 Improve LibreSSL 3.1.0 compatibility
This commit addresses two compatibility issues with LibreSSL 3.1.0, which has added client support for TLS 1.3.

The first issue is that LibreSSL has named the TLS 1.3 ciphers that it supports AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, and AEAD-AES128-GCM-SHA256, rather than using the OpenSSL names, which are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256. (Draft versions of OpenSSL 1.1.1 names these ciphers TLS13-AES-256-GCM-SHA384, TLS13-CHACHA20-POLY1305-SHA256, TLS13-AES-128-GCM-SHA256.) There are several places where testssl.sh checks whether a cipher suite is a TLS 1.3 cipher by checking whether its OpenSSL name begins with "TLS_" (or "TLS13"). In order to work with LibreSSL 3.1.0, these checks also need to consider names that begin with "AEAD-" to be TLS 1.3 ciphers.

Second, in sub_session_resumption() there is code that adds "-no_ssl2" to the "$OPENSSL s_client" command line if that option is supported. If "-no_ssl2" is not supported, then other protocol information is added to the command line. I believe this code was written with the assumption that any version of OpenSSL that supports "-no_ssl2" does not support TLS 1.3. However, LibreSSL 3.1.0 supports both. So, this commit changes the code to add the "-no_ssl2" option only if TLS 1.3 is not supported.
2020-04-30 11:08:04 -04:00
David Cooper cb67d91417 Improve compatibility with LibreSSL 3.0.2 and earlier
This commit addresses two compatibility issues with LibreSSL.

First, with LibreSSL, "$OPENSSL s_client" does not support the "-curves" option, so the "-groups" option needs to be used instead. Note that with LibreSSL, the command line "$OPENSSL s_client -groups $curve -connect invalid." will not work, as it will complain "no port defined," but will not indicate whether the specified curve is supported. Adding a port number fixes that problem. (There does not seem to be a need to include a port number for other tests, such as whether the "-curves" option itself is supported.)

Second, including "-out -" in the command line for "$OPENSSL genpkey" causes LibreSSL to create a file with the name "-" if the algorithm is supported. This is not an issue at the moment, since LibreSSL's genpkey does not support X25519 or X448. However, both genpkey with both OpenSSL and LibreSSL uses stdout as the default output if no "-out" is specified, so the "-out -" is not necessary.
2020-04-30 10:37:12 -04:00
David Cooper 541d960924 Use $HAS_X25519 and $HAS_X448
generate_key_share_extension() and prepare_tls_clienthello() currently check the $OPENSSL version number to determine whether X25519 and X448 are supported. The commit changes these functions to use $HAS_X25519 and $HAS_X448.
2020-04-30 10:26:56 -04:00