Commit Graph

3903 Commits

Author SHA1 Message Date
Dirk Wetter 4defa95d0b Negotiated protocol showed no warning for TLS 1.1/1.0
.. whereas the protocol section did that.

This fixes the inconsistency.
2020-04-25 11:12:36 +02:00
Dirk Wetter 3e54f4e4cd Further changes to run_server_preference()
In order not to provide redundant information run_allciphers() is
now not being run via default (1). Therefore run_server_preference()
runs always in wide mode.

In order to archieve that cipher_pref_check() was modified to
accept a fifth argument whether it'll run in wide mode. As
of now cipher_pref_check() is only called by run_server_preference(),
so the code referring to non-wide mode in cipher_pref_check() may also
be deleted in the future.

To provide a better view the run_fs() section is now being run after
run_server_preference().

(1) saves also 5-6 seconds
2020-04-24 13:32:26 +02:00
Dirk Wetter 1a6abb6ab8
Merge pull request #1584 from dcooper16/fix_logjam_ssl_native
Fix run_logjam() in --ssl-native mode
2020-04-24 09:41:59 +02:00
Dirk Wetter b5840153d3
Merge pull request #1586 from dcooper16/improve_ossl30_support
Improve compatibility with OpenSSL 3.0
2020-04-24 09:38:03 +02:00
David Cooper 7f0c2e9137 Improve compatibility with OpenSSL 3.0
This commit fixes a couple of issues related to the use of testssl.sh with OpenSSL 3.0.0-alpha1.

First, when the command line includes an unknown option (e.g., -ssl2), OpenSSL 3.0.0-alpha responds with "Unknown option: -ssl2" rather than "Option unknown option -ssl2". This commit addresses this by making the check for "unknown option" case insensitve.

Second, the printing a DH key, OpenSSL 3.0.0-alpha1 labels the prime and the generator using "prime P:" and "generator G:" rather than just "prime:" and "generator:". This commit by changing testssl.sh to match on either string.
2020-04-23 15:20:50 -04:00
David Cooper bb1c649513 Fix run_logjam() in --ssl-native mode
This commit fixes a problem with run_logjam() when run in --ssl-native mode. If $OPENSSL does not support any DH export ciphers, then no test for such cipher is performed. However, the results of "test" is still checked, leading to testssl.sh incorrectly reporting that the server supports DH EXPORT ciphers.
2020-04-23 14:52:14 -04:00
Dirk Wetter a86ccb6968 First round of polish of David's PR to extend run_server_preference()
See #1580.

This commit brings:

* If there's no cipher for a protocol it adds a "\n - \n" (also for run_cipher_per_proto() )
* further output improvements
* Cipher order --> Cipher listing per protocol
* make some conditional statement easier to read (at least for me)

New open points:
- cipher_pref_check() doesn't save to PROTOS_OFFERED (was there before)
  (just stumbled over this but how about we also use get_protocol() / parse_tls_serverhello()
- do we want run_allciphers() to be started by default?
- $WIDE per default for run_cipher_per_proto() ?
- probably better not to display text in round square brackets when there's no cipher:

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2 (listed by strength)
SSLv3 (server order)
TLSv1 (server order)
TLSv1.1 (server order)
TLSv1.2 (server order)
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[..]

- when a server has no preference at all it shows in wide mode:

Has server cipher order?     no (NOT ok) -- only for TLS 1.3
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher listing per protocol

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
 -
SSLv3
 -
TLSv1 (no server order, thus listed by strength)
 xc014   ECDHE-RSA-AES256-SHA              ECDH 521   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[..]

e.g. dev.testssl.sh
2020-04-23 14:11:33 +02:00
Dirk Wetter c6dfe05874 Merge branch 'extend_run_server_preference' of git://github.com/dcooper16/testssl.sh into dcooper16-extend_run_server_preference 2020-04-23 12:01:03 +02:00
Dirk Wetter a45e9f52d5
Merge pull request #1582 from drwetter/fix_1581
Update documentation (ADDITIONAL_CA_FILES ->  ADDTL_CA_FILES)
2020-04-23 11:25:03 +02:00
Dirk Wetter a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-23 11:20:46 +02:00
Dirk 8566ca80bc Enable rating again
was per default disabled by accident previously
2020-04-23 09:23:21 +02:00
David Cooper f5aa20ceb1 Extended run_server_preference()
This commit extends run_server_preference() to list every cipher supported by each protocol even in cases in which the server does not enforce a preference order.

For protocols where the server enforces a cipher order the list of supported ciphers is ordered by server preference (as now). For protocols where the server does not enforce a cipher order, the ciphers are listed by encryption strength (as run_cipher_per_proto() does).

In order to implement this, ciphers_by_strength() was extended to offer a non-wide mode.
2020-04-22 12:31:45 -04:00
Dirk Wetter 07c06e0f94 declare t variable in set_skip_tests() 2020-04-22 17:19:36 +02:00
Dirk Wetter 32eab3ead9 Fix problem with --disable-rating
by introducing framework for tests to be skipped, see also #1502.
As a first example for the development branch should serve
--disable-rating / --no-rating. The latter is for now undocumented.
Also the big case statement in parse_cmd_line()  may use a general
--disable-* or --no-* clause where all --disable-* / --no-* are
being parsed/

A new function set_skip_tests() is being introduced which
sets do_<variables> according to the new array SKIP_TESTS .
Any new test do be skipped needs to be added to that array.

The changes in the --devel part come from the tries to fix
the syntax highlight in vim -- which in the end difn't work
2020-04-22 17:14:05 +02:00
Dirk Wetter d6a9360f2c Fix known DH but not weak keys to be capped @ A not B 2020-04-22 14:08:58 +02:00
Dirk Wetter 591edb9300
Merge pull request #1579 from drwetter/1571_31dev
Fix misleading phrasing in run of standard ciphers
2020-04-21 20:30:31 +02:00
Dirk Wetter 8c7dcbbc3b Fix misleading phrasing in run of standard ciphers
see #1571. Bit size doesn't matter. It only matters to the
user which ciphers they are.

Additionally phrased the output better (FS + strong enc) and
do less indentation.

Renamed average_ciphers -> obsoleted_ciphers to refect what's
on the output.
2020-04-21 19:22:16 +02:00
Dirk Wetter 7da2e90083 Honor Magnus 2020-04-20 22:49:48 +02:00
Dirk Wetter 577370a272 Add rating 2020-04-20 22:49:31 +02:00
Dirk Wetter b1ef3a020f add single blank for pretty JSON 2020-04-20 22:48:31 +02:00
Dirk Wetter e9e11e213a * Grading --> Rating. But we still hand out grades 2020-04-20 22:45:58 +02:00
Dirk Wetter c3f09f56f7 Grading --> Rating
but we still hand out grades
2020-04-20 22:41:14 +02:00
Dirk Wetter 127cf95e22 Address rating for STARTTLS tests
STARTTLS tests should always give a bad rating because of the missing
trust 1) . That's why we don't provide more details as "T". Maybe we
decide later to provide an environment variable which still
shows this warning but divulges more details. TBC.

Documentation is missing for STARTTLS + grades.

1) There might be cases also for STARTTLS where encryption is enforced
   and e.g. the certificate fingerprint is validated. As this is highly
   protcol specific we won't test that.
2020-04-20 12:26:33 +02:00
Dirk Wetter fe5e10ff9d
Merge pull request #1574 from magnuslarsen/grading_dev
Less aggresive TLS_FALLBACK_SCVS checks
2020-04-20 11:45:56 +02:00
Dirk 4960829433 Fix JSON for grading / rating 2020-04-19 23:54:42 +02:00
Magnus Larsen b4ad0d2425 Less aggresive TLS_FALLBACK_SCVS checks 2020-04-17 15:31:29 +02:00
Dirk Wetter d9f2ca80d6 fix conditional statement (regression) 2020-04-17 14:54:11 +02:00
Dirk Wetter 2c10676e03 Output polish, minor code polish to grading
... and squash the TLS 1.2 grading cap for TLS 1.3 only server
2020-04-17 14:49:35 +02:00
Dirk Wetter 359965dc17 First round of polishing @magnuslarsen's contribution
* instead of DISABLE_GRADING we use do_grading as for run_* functions we currently don't
  support global variables
* Add AEAD cipher set_grade_cap (needs to be tested though)

* remove redundant quotes
* be to be safe add double quotes at other places
* Fix typos
* Polishing output

Tasks (not complete):

* Review whether it is rated as intended
* Do we want to mofify SSL Lab's rating? (SSLv3 e.g., T for SHA1 certificate?)
* Does JSON output work?
* TLS 1.3 only server are not rated properly --> wait for SSLlabs?
* SWEET32: rating refers to TLS 1.1 atm. SSLlabs docu doesn't give a hint
  (is their docu incomplete?)
* Rating for STARTTLS at all?
2020-04-17 13:24:32 +02:00
Dirk Wetter 64735d0241 Remove env variable DISABLE_GRADING
as for run_* functions we currntly don't have that.

Also AEAD as WIP we can remove that from the doc
2020-04-17 13:22:30 +02:00
Dirk Wetter 9de5421e5c Merge branch 'grading_dev' of git://github.com/magnuslarsen/testssl.sh into magnuslarsen-grading_dev 2020-04-17 10:52:44 +02:00
Dirk Wetter e0d7945c8a
Merge pull request #1570 from petecooper/3.1dev
README version bump for .zip download
2020-04-15 17:16:06 +02:00
Pete Cooper 0a1b632ddc
Update Readme.md
Bump version for zip download
2020-04-15 16:10:11 +01:00
Magnus Larsen e4cef5438d Added grading based on ssllabs 2020-04-15 15:06:08 +02:00
Dirk Wetter 8ce781c71d
Merge pull request #1567 from drwetter/renamed_to_fs
Rename PFS/perfect forward secrecy - ->  FS/forward secrecy
2020-04-14 20:21:52 +02:00
Dirk Wetter 150fd156bb
Merge pull request #1565 from drwetter/cvs_remove
Polishing
2020-04-14 16:41:50 +02:00
Dirk Wetter 8c466bf2ee Rename PFS/perfect forward secrecy to FS/forward secrecy
In all instances:

* command line (will break things)
* JSON IDs (will break things)
* in the documentation
* in the travis checks where used
* everywhere in the code: variables, functions, comments
2020-04-14 15:53:05 +02:00
Dirk 67cfe013b1 Polishing
* remove CVS variables
* add 2x https links instead of http in code doc
2020-04-14 13:35:26 +02:00
Dirk Wetter 663d592466
Merge pull request #1526 from dcooper16/fix1514
Fix #1514
2020-04-14 12:52:38 +02:00
Dirk e345abb023 Merge branch 'multiflexi-3.1dev' into 3.1dev 2020-04-13 23:01:15 +02:00
Dirk ae7b74cf73 Tuning multiflexi's fixes 2020-04-13 22:59:13 +02:00
Dirk Wetter 9d2901edd0
Merge pull request #1471 from drwetter/docu_update
Documention update
2020-04-09 19:57:10 +02:00
Jaroslav Svoboda 7eba0fbb41 FIxed links
Links in comments with http:// changed to https://. Some non working links fixed.
2020-04-09 16:18:33 +02:00
David Cooper 04e51db402 Fix #1514
This commit is an attempt to fix #1514. The commit is mostly based on a suggestion at https://unix.stackexchange.com/questions/57940/trap-int-term-exit-really-necessary. Even with that change, it seemed that if testssl.sh were in the middle of executing run_cipher_per_proto() when it received a signal, it would not stop until that function had completed. This seems to have something to do with subshells. Changing the while loop in run_cipher_per_proto() seems to have fixed that issue. So, I also made similar changes to the while loops in prettyprint_local().
2020-04-02 08:03:45 -04:00
Dirk Wetter dbff4a3706
Merge pull request #1554 from dcooper16/align_run_cipherlists
Align run_cipherlists() with pr_cipher_quality()
2020-04-02 13:53:54 +02:00
Dirk Wetter f16c7af687
Merge pull request #1553 from dcooper16/pr_cipher_quality_gost
Handle GOST ciphers in pr_cipher_quality()
2020-04-02 13:53:28 +02:00
Dirk Wetter d5d702104f
Merge pull request #1556 from dcooper16/fix1551
Fix #1551
2020-04-01 22:28:25 +02:00
David Cooper b6050e68de Fix #1551
This commit fixes #1551 by changing get_cipher() to recognize RFC names that begin with SSL_*. It also modifies run_beast() so that it does not get stuck in an infinite loop if get_cipher() doesn't return a valid cipher name.
2020-04-01 13:34:29 -04:00
David Cooper 08d5146223 Align run_cipherlists() with pr_cipher_quality()
This commit modifies run_cipherlists() to align with pr_cipher_quality().

The biggest change made by this commit is that it breaks the current list of STRONG ciphers into two lists: one for AEAD ciphers that offer forward secrecy (STRONG) and one for AEAD ciphers that do not offer forward secrecy (GOOD).

The remaining changes are just minor tweaks:

* A few ciphers that use MD5 are moved from AVERAGE and 3DES to LOW.

* '!AECDH' was added to the OpenSSL description for LOW to catch one cipher in OpenSSL 1.0.2-chacha that offers no authentication that was being included in the LOW list.

This commit also changes sub_cipherlists() to change the output when a cipherlist with a rating of 6 is not present. There was a "FIXME" associated with this output, but it didn't matter before since there were no cipherlists with a rating of 6.
2020-04-01 11:27:24 -04:00
David Cooper 40dfd8b53b Handle GOST ciphers in pr_cipher_quality()
This PR modifes pr_cipher_quality() as proposed in #1548 so that GOST ciphers are handled correctly. It changes pr_cipher_quality() so that the OpenSSL name is used in cases in which no RFC name is defined. It also adds a case statement for GOST so that GOST ciphers (that do not use MD5 or Null encryption) are marked as pr_svrty_low (as they are in run_cipherlists) rather than just being assigned the default rating (5).
2020-04-01 11:18:50 -04:00