According to https://openssl-library.org/roadmap/index.html, OpenSSL 4 is scheduled to be released in April 2026. This commit modifies code that checks $OPENSSL version numbers so that versions 4 and above will be recognized.
This commit modifies testssl.sh so that run_server_defaults() prints the server's supported TLS extensions sorted by extension number rather than listing them in the order in which they were found.
In order to simplify the sorting of the extensions, this commit changes $TLS_EXTENSIONS from a string to an array. In February 2017 comments were added (925e1061b2) saying that it would be $TLS_EXTENSIONS were an array. So, this commit addresses those comments. However, it is possible that the reason for those comments no longer apply.
With the current master branch of OpenSSL (3.5.0-dev), the output that is provided by s_client has changed in the case of a cipher suite that uses an ephemeral key. Rather than preceding the ephemeral key information with "Server Temp Key: ", it is now preceded by either "Peer Temp Key:" or "Negotiated TLS1.3 group:". This commit modifies the lines that extract ephemeral key information from OpenSSL responses to accept any of these strings.
In order to avoid delays due to lookups of the hostname "invalid." we
just avoid to use "invalid." whenever possible. :-)
Therefore we just do a test before whether `$OPENSSL s_client 2>&1 </dev/null`
does a connect, except when a WSL system is discovered. If that succeeds
we omit the part `-connect invalid.` to check whether the curve is supported.
In some quick testing this in fact improved the startup time.
This seemed to work under Linux with several openssl and one LibreSSL binary.
More testing would be required, especially e.g. under WSL / WSL2.
Also in `sclient_supported()` the `$OPENSSL s_client` statement was changed
in a similar fashion. That worked so far but would need to be observed more
closely.
In order to tell openssl binaries better apart the short banner below the
hash tag signs contain now also the date. That is the short version of the
build date unless it is not supplied which is the case of opensuse. Then
the name contains the date and it's taken from there.
The start and end banner lines have the same length now.
"sieve" was added in a comment and the sequence where sieve appears in
a pattern was trying to match other occurences (i.e. after nntp)
While testing the banners it appeared under Linux that a) the vendor
supplied openssl sometimes hangs during startup when determining the
supported curves using -connect b) a pattern was missing to detect
whether the curve was not supported which falsely labeled all supplied curves
as supported when using /usr/bin/openssl . The pattern for the latter
was added (b). For a) there needs to be a follow up PR to avoid the
long delays.
Three changes:
- added grep for "EV TLS" in addition to "EV SSL", as some issuers are
using this. This grep link actually picks-up most EV policies.
- Added policy detection for 2.23.140.1.1. This is from CA Browser
Forum https://cabforum.org/resources/object-registry/ extended-validation(1).
- Added policy detection for 1.3.6.1.4.1.38064.1.3.1.4 , which is SSL.com's EV policy.
OpenSSL 3.X outputs a different error message than previous versions when $OPENSSL s_client -curves X ... is called with an unsupported curve. This was resulting in the check within find_openssl_binary() adding every curve to $OPENSSL_SUPPORTED_CURVES, even ones that were not supported. This commit changes to check in order to detect the new error message.
LibreSSL does not support the -nextprotoneg option. This commit enhances run_npn() to use tls_sockets() when $HAS_NPN is false, rather than reporting that the check can not be performed.
This commit fixes three lines of code that use Bash substring matching. In each case, a list of strings to match was enclosed in brackets. This resulted in a match if the string to test contained any character from any of the strings to match. This commit fixes the issue by removing the brackets.
(The bugs were introduced in b8e9b09ca7 and 8149c2d5cf)
Some versions of OpenSSL/LibreSSL do not support TLS 1.1 and earlier, either because they do not support the protocol (e.g, `$OEPNSSL s_client -tls1` results in a "unknown option" error) or because the cryptography needed to support these protocol versions (e.g., MD5/SHA1) is not available.
Given the limitations of some versions of $OPENSSL, this commit enhances ticketbleed testing in two ways. First, it performs the testing using the newest (non-TLS 1.3) version supported by the server, so that TLS 1 and TLS 1.1 aren't used unless TLS 1.2 is not supported. Second, it adds tests for whether the protocol version to be used is supported by $OPENSSL and for whether connection attempts were successful, rather than assuming connection attempts succeed.
.... by forbidding spaces in supplied CA files/directories
Also now we're sanitizing the cmd line parameter better using `safe_echo()`
See also #2647 .
For this anotehr variable needed to be passed to starttls_full_read()
via starttls_smtp_dialog, where the variable is defined.
Handling of the connection problem will occur at the calling level, fd_socket(),
so that in the future this can be extended if another STARTTLS problem signals
that we're too fast.
Fixes#2098.
When testing a TLS 1.3 host s_client_options used TLS 1.3 ciphers to test
for NPN. As that is not implemented we nee dto make sure any other version
is used.
This PR ensures that --after testing whether it's a TLS 1.3-only host
where this test doesn't make any sense in the first place.
Fix for #2633
