Commit Graph

4190 Commits

Author SHA1 Message Date
Dirk Wetter d534447da2 Merge pull request #816 from dcooper16/cipher_match_json
Fix single cipher and JSON pretty
2017-08-29 11:18:48 +02:00
David Cooper fa063ccd98 Fix single cipher and JSON pretty
testssl.sh produces an invalid JSON file if the --json-pretty option is used with the --single-cipher option. The reason is that fileout_section_header() isn't called before run_cipher_match() calls fileout() and fileout_section_footer() is not called afterwards.

There is also a problem with MEASURE_TIME, since the "cleanup" at the end of lets_roll() is not performed.

This PR fixes these problems by adding a call to fileout_section_header() before the call to run_cipher_match() and by copying the code from the end of lets_roll() to run_cipher_match() (just before the call to exit).
2017-08-28 16:12:57 -04:00
Dirk b5c92e9a90 renaming the id of client simul to be consistent with previously used function at least 2017-08-28 21:14:39 +02:00
Dirk 6bb3494d98 addressing @dcooper's remark in #815 2017-08-28 21:09:09 +02:00
Dirk 0933cfd041 further fixes WARNING in fileout (should be WARN) 2017-08-28 20:54:08 +02:00
Dirk 078f4a9992 Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-08-28 18:38:19 +02:00
Dirk 16dae3511e FIX #815
Extra client side warning led to a non-valid JSON pretty output. This fixes
this bug by adding an extra object. The objects are named "clientProblem${NUMBER}".
By "extra client side" I mean extra warnings which are not happening during regular
tests -- those are no extra ones and should just warn with ``fileout()`` instead
of ``fileout_insert_warning()``.

Also some ``fileout arg1 WARN`` were patched: WARN is not a finding. It is just
a report that either on the client side something doesn't work as expected or
the server could not be checked during a particular test. WARNING doesn't
exist at all, WARn should be used instead.

Some lines where a warning output to JSON or CSV was missing, was added.
2017-08-28 18:25:45 +02:00
Dirk Wetter 9f994cc9a4 Update Readme.md 2017-08-26 11:20:46 +02:00
Dirk Wetter 5ea2b7c612 typo 2017-08-13 11:32:24 +02:00
Dirk Wetter 484e5bef7a Merge pull request #813 from dcooper16/update_readme
Update README.md for etc directory
2017-08-05 11:16:50 +02:00
David Cooper 966f9c499a Update README.md for etc directory 2017-08-04 09:10:41 -04:00
Dirk Wetter 6776a66603 Merge pull request #811 from dcooper16/certificate_transparency
Certificate Transparency
2017-08-03 21:55:28 +02:00
David Cooper 3e179ad30d Certificate Transparency
This commit implements a check for Certificate Transparency support, as proposed in #771.
2017-08-03 15:02:41 -04:00
Dirk Wetter a81b99fd04 Merge pull request #809 from dcooper16/parse_tls_serverhello_debug_levels
parse_tls_serverhello(), dh_bits, debug level 2
2017-08-02 09:30:46 +02:00
Dirk 8b378ea218 FIX #808 2017-08-01 21:42:33 +02:00
David Cooper 185a25ac3e parse_tls_serverhello(), dh_bits, debug level 2
Currently, when `$DEBUG` is 2 and the connection is successful, `parse_tls_serverhello()` prints out information about the server's ephermal (EC)DH key, but nothing else. For example:
```
sending client hello... reading server hello...
dh_bits:                ECDH, P-256, 256 bits
sending close_notify...
  (183 lines returned)
```

This commit changes `parse_tls_serverhello()` so that information about dh_bits is only displayed if `$DEBUG` is at least 3, making it the same as for other information about the server's response.

In addition, it indents the printing of the information about dh_bits in order to better align with other information displayed at  this debug level.
2017-08-01 14:49:06 -04:00
Dirk 4536678b82 FIX (again) 804 and PRTG monitoring server 2017-08-01 15:37:40 +02:00
Dirk 6a4fd280bf FIX #802 2017-08-01 13:23:21 +02:00
Dirk 9540224722 adding comments for David's PR #807 and pointing to the cipher list in #806 2017-07-31 12:59:36 +02:00
Dirk Wetter 9c1fe0589c Merge pull request #807 from dcooper16/fix_806
Fix #806
2017-07-31 12:50:19 +02:00
Dirk 4276030500 STARTTLS improvements and no protocol detections
- add forgotten servive FTP and XMPP
- polish other services

- after TLS 1.2 run is finished run a check whether no protocol has been detected and ask the user for confirmation to proceed
2017-07-30 22:46:17 +02:00
David Cooper ee40625d40 Fix typo in comment
$TLS12_CIPHER only includes 123 standard ciphers; 0x00,0xFF doesn't count as a "standard cipher."
2017-07-28 12:23:21 -04:00
David Cooper 7ccb611d13 Update TLS12_CIPHER
Update `$TLS12_CIPHER` to contain only 128 ciphers (so that it will work with servers that can't handle larger ClientHello messages), and also add some newer ciphers to `$TLS12_CIPHER`. Also define  a `$TLS12_CIPHER_2ND_TRY` containing a list of 127 ciphers that do not appear in `$TLS12_CIPHER`. `$TLS12_CIPHER_2ND_TRY` is used in `run_protocols()` in order to perform a second test against servers that do not establish a TLSv1.2 connection when offered `$TLS12_CIPHER`.
2017-07-28 12:14:44 -04:00
David Cooper a20d98bbfa Make two attempts to connect with TLSv1.2
In `run_protocols()` for TLS 1.2, try one set of 127 ciphers and if the result isn't a connection at TLSv1.2 then try another set of 127 ciphers before giving up and assuming that TLS 1.2 isn't supported.
2017-07-28 12:07:29 -04:00
Dirk Wetter eeda1ef684 Merge pull request #805 from dcooper16/client_sim_ssl2_server
Client simulation and SSLv2 servers
2017-07-27 17:34:42 +02:00
David Cooper d81c740ca6 Merge branch '2.9dev' into client_sim_ssl2_server
Conflicts:
	testssl.sh
2017-07-27 09:26:03 -04:00
Dirk Wetter 64f6591210 Merge pull request #800 from dcooper16/fix_client_sim_sslv2
Fix client simulations with SSLv2 ClientHello
2017-07-27 12:58:23 +02:00
Dirk 8b2dfb81c5 reflect 37c8ee8c4e99ee5aa11618703af1706abcf5db04: debug level 2 is showing only minimal information like rough status and errors 2017-07-26 23:13:57 +02:00
Dirk 37c8ee8c4e Straigthen DEBUG level 2
FIX #786

Fixed all other occurences so that debug level 2 is showing only minimal information like rough status and errors

Better line breaks for level 2

In ``client_simulation_sockets()`` and ``tls_sockets()`` moved debug output into if statements (may save a bit of time)

Replaced "$DEBUG -eq" by "$DEBUG -ge"

Removed obsolete hb_rounds in ``run_heartbleed()``

Adjusted wide output in vulnerabilities
2017-07-26 22:37:50 +02:00
David Cooper afc46344b1 client simulation and SSLv2 servers
The data for `run_client_simulation()` currently includes two clients that send version 2.0 CLIENT-HELLO messages (see Appendix E.2 of RFC 5246). Each of the CLIENT-HELLO messages advertises support for newer protocol versions (SSLv3 in the case of IE6XP and TLSv1.0 in the case of Java 6u45). A server may reject one of these version 2.0 CLIENT-HELLO messages, or it may respond with an SSLv2, SSLv3, or TLSv1.0 ServerHello.

The current code in `client_simulation_sockets()` assumes that the server's response with be an SSLv3 or later ServerHello. So, it can support cases in which servers respond with an SSLv3 or TLSv1.0 ServerHello (once PR #800 is accepted to undo the mistake in PR #797), but not cases in which servers response with an SSLv2 ServerHello.

This PR adds code to `client_simulation_sockets()` to check if the server's response is an SSLv2 ServerHello, so that it can process such responses with `parse_sslv2_serverhello()` rather than `parse_tls_serverhello()`.

When a connection is made using SSLv3 or later, `run_client_simulation()` will show to the protocol and cipher selected for the connection. With this PR, if the connection is made using SSLv2, `run_client_simulation()` will just show "SSLv2." In the case of SSLv2, the ServerHello contains a list of all ciphers that the server and client have in common, and it is up to the client to choose one. So, if the client and server have more than one cipher in common, more information about the client would be needed to know which cipher it would choose.
2017-07-26 14:02:56 -04:00
David Cooper f5da066c05 Merge branch '2.9dev' into fix_client_sim_sslv2 2017-07-26 09:03:31 -04:00
Dirk 2932e1f29e FIX #798 2017-07-26 09:55:49 +02:00
David Cooper 42de1dc7e8 Merge branch '2.9dev' into fix_client_sim_sslv2 2017-07-25 16:12:19 -04:00
Dirk d783bd5856 reminder after #759 has been addressed 2017-07-25 21:53:05 +02:00
Dirk Wetter b60e25fbea Merge pull request #801 from dcooper16/std_cipherlists_has_server_protocol
std_cipherlists() and has_server_protocol()
2017-07-25 21:48:52 +02:00
Dirk 512cb81325 typo in comment for run_std_cipherlists() 2017-07-25 20:38:02 +02:00
David Cooper 1ee4db4e41 std_cipherlists() and has_server_protocol()
`std_cipherlists()` uses `has_server_protocol()` to determine whether to test for ciphers using SSLv2. However, this was resulting in false negatives due to #759. This PR removes the `has_server_protocol()` check so that SSLv2 is checked whenever the connection attempt with the TLSv1.2 ClientHello failed.
2017-07-25 13:24:29 -04:00
David Cooper cf0da7f994 Fix client simulations with SSLv2 ClientHello
This PR fixes the extraction of the cipher suites in SSLv2 ClientHellos in `client_simulation_sockets()`. Since `client_simulation_sockets()` can only handle SSLv3 and above ServerHellos, it removes any SSLv2 ciphers and converts the other cipher from 3-byte format to 2-byte format.
2017-07-25 12:46:37 -04:00
Dirk Wetter 468e96f419 Merge pull request #787 from sdann/fix_has_server_protocol
Fix logic in has_server_protocol()
2017-07-25 16:27:36 +02:00
Dirk b7f4b23c23 commenting #797 2017-07-25 16:19:36 +02:00
Dirk Wetter 007d54fa26 Merge pull request #797 from dcooper16/yaSSL_client_simulation
yaSSL and client simulation
2017-07-25 16:15:29 +02:00
David Cooper 6be478da0b Merge branch '2.9dev' into yaSSL_client_simulation 2017-07-25 08:48:05 -04:00
Dirk 3adb5ac71f Logic for POODLE && TLS_FALLBACK_SCSV
If vulnernable to POODLE and has no TLS_FALLBACK_SCSV ==> HIGH.
If only run the fallback check and it has none, still label it as MEDIUM but issue
a clear warning that test under this circumstances is incomplete.
2017-07-25 10:54:01 +02:00
David Cooper c370f2359b Extract cipher suites from SSLv2 ClientHello 2017-07-24 11:26:18 -04:00
Dirk 615a93e69e in html mode the sed statement for the server banner had and error resulting in sed messages like "unknown option to s" 2017-07-22 20:57:32 +02:00
David Cooper 91927e0f59 yaSSL and client simulation
This PR adds the same additional check to `client_simulation_sockets()` as was previously added to `tls_sockets()`. It extracts the list of cipher suites offered from each ClientHello and passes the list to `parse_tls_serverhello()` so that `parse_tls_serverhello()` can check that the cipher offered in the ServerHello was included in the ClientHello.

This assumes that a real client would abort the connection if it was presented with a cipher in the ServerHello that it didn't offer in its ClientHello.
2017-07-21 10:59:23 -04:00
Dirk 4e3b2318ab FIX #795 awk had word match, didn't work and wasn't needed
If certicate was determined before running dorwn, we needed to remove "SHA256 " (regression)
2017-07-20 19:13:06 +02:00
Dirk baeca77021 drown additions
* also provide links to censys.io if there's drown detected
* remove SHOW_CENSYS_LINK variable
* calculate fingerprint upfront (if not done yet)
2017-07-20 17:44:00 +02:00
Steven Danneman 72851c7e3f Catch MySQL (yaSSL) server bug when testing standard cipher categories
Unfortunately, most categories were passing incorrectly, since a
tls_socket() error was interpreted as a success for many of the cases.
Now we explicitely check for the known yaSSL failure and raise a warning
that the test is inconclusive.

New output against --starttls=mysql looks like:

Testing ~standard cipher categories
-----------------------------------

 NULL ciphers (no encryption)                  SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug.
 Anonymous NULL Ciphers (no authentication)    SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug.
 Export ciphers (w/o ADH+NULL)                 SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug.
 LOW: 64 Bit + DES encryption (w/o export)     offered (NOT ok)
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug.
 Triple DES Ciphers (Medium)                   offered
 High encryption (AES+Camellia, no AEAD)       offered (OK)
 Strong encryption (AEAD ciphers)              SERVER_ERROR: test inconclusive due to MySQL Community Edition (yaSSL) bug.

Partial workaround for #793
2017-07-19 17:35:37 -07:00
Dirk ad1dd01466 polishing #784 and #788
Also introduced the global BAD_SERVER_HELLO_CIPHER which can be later used
for notifying crappy cipher negotiations
2017-07-19 18:46:46 +02:00