Commit Graph

2503 Commits

Author SHA1 Message Date
Dirk Wetter
3ac6bd9335
Merge pull request #2210 from dcooper16/fix_cipher_grading
Fix cipher grading
2022-08-22 12:09:20 +02:00
David Cooper
c0aafabfef Fix cipher grading
This commit fixes the way that ciphers are graded by only calling set_ciph_str_score() from neat_list() if the cipher suite is supported (i.e., if how2show is true).
2022-08-04 12:29:23 -07:00
David Cooper
4dae3895e4 Fix #2198
This commit fixes #2198 by ensuring that a comma is added before "service" finding if $FIRST_FINDING is false.
2022-08-02 17:18:52 -04:00
Dirk Wetter
4f38646523 Address grading bug when --show-each is used
This fixes #2203. When used -E with -9 and --show-each the grading wasn't
correct as all ciphers printed were included in the grading verdict instead
of just the ones available.
2022-08-02 10:44:41 +02:00
David Cooper
564dd63efc Reorganize ciphers_by_strength()
This commit modifies ciphers_by_strength() and run_server_preference() so that the message indicating that ciphers are listed by strength is not printed until the list of supported ciphers has been determined. This is in support of #1311, as it will allow the message to be modified based on the set of supported ciphers.

This commit also modifies both ciphers_by_strength() and cipher_pref_check() so that the order in which ciphers are listed (by strength or server preference) is not printed if the server does not support the protocol.
2022-06-06 15:48:34 -04:00
Dirk Wetter
acc063e078
Merge pull request #2181 from dcooper16/continue_server_pref_on_error
Continue run_server_preference() on error
2022-05-31 11:37:08 +02:00
Tomasz Kramkowski
fc0cc67d47 Make run_crime use $jsonID instead of repeating
This also seems more consistent across the code.
2022-05-23 13:57:31 +01:00
Tomasz Kramkowski
326a65e7ad Fix CRIME test on servers only supporting TLS 1.3
As jsonID is not set by run_crime, make the fileout invocation for
servers supporting only TLS 1.3 use the literal "CRIME_TLS" instead.

Previously running testssl with CSV or JSON output would produce an item
with the wrong ID.
2022-05-23 13:53:38 +01:00
David Cooper
706262095b Continue run_server_preference() on error
Currently run_server_preference() will stop if it cannot determine whether the server enforces a cipher preference order.

This commit changes run_server_preference() so it will continue running even if this case, so that the list of ciphers supported with each TLS protocol is provided. Since it is not known whether the server enforces a cipher order, the list of supported ciphers is ordered by strength.
2022-05-16 09:28:02 -04:00
Dirk
04463784a8 Fix censys link in DROWN section
See #2127. the line seems very long though.

Note: this was previously commited as #2184 but as there were two mistakes
and one other thing which could be improved I decided to make a hard reset.

Apologize if it caused inconvenience.
2022-05-14 12:06:09 +02:00
David Cooper
66c3e35dba Check for OpenSSL support for ffdhe groups
OpenSSL 3.0.0 and later supports specifying the FFDHE groups from RFC 7919 in the "-groups" (or "-curves") option of s_client.

This commit modifies find_openssl_binary() to check whether $OPENSSL supports this. This information is then used by run_client_simulation(), if client simulation testing is being performed using $OPENSSL. If the "curves" for a client include FFDHE groups, then they will be included in the simulated ClientHello.
2022-05-09 09:46:40 -04:00
Dirk Wetter
34cc20b0df Minor changes to banner
On macOS indark mode the git tag in grey wasn't visible. It was
changed now to light grey but it has to be tested how it looks
on a white terminal background.

Also CVS variables were removed which had no meaning.
2022-05-03 21:02:56 +02:00
Dirk
6c69fdbf4b Relax STARTTLS FTP requirement
In rare? occassions where the STARTTLS FEAT request only displays AUTH instead
of AUTH TLS, testssl.sh fails as it cannot upgrade to TLS.

Required by RFC 4217 is only AUTH ("MUST"), AUTH TLS is optional ("should"), see section 6.
This commit relaxes the presence of TLS after AUTH and it fixes #2132.
2022-04-27 13:34:03 +02:00
Dirk Wetter
db80ef14f0
Merge pull request #2156 from dcooper16/fix_run_server_defaults
Fix run_server_defaults()
2022-04-25 08:54:52 +02:00
Dirk Wetter
5053105d3f
Merge pull request #2154 from dcooper16/server_pref_no_default_cipher
Fix run_server_preference() with no default protocol
2022-04-24 19:30:18 +02:00
Dirk Wetter
cc8c02d653
Merge pull request #2139 from dcooper16/fix2131
Fix #2131
2022-04-24 18:17:17 +02:00
Dirk Wetter
61eb164875
Merge pull request #2157 from dcooper16/update_protos_offered
Update PROTOS_OFFERED
2022-04-22 15:45:49 +02:00
Dirk Wetter
ca71b2e374
Merge pull request #2162 from dcooper16/ossl_ciphers
Fix calls to $OPENSSL ciphers
2022-04-22 15:38:30 +02:00
David Cooper
1e0c1a8134 Fix calls to $OPENSSL ciphers
This commit fixes testssl.sh's calls to the "$OPENSSL ciphers" command.

The main issue it fixes is when actually_supported_osslciphers() is called to get a list of non-SSLv2 ciphers supported by $OPENSSL. With OpenSSL 1.0.2, the "-tls1" option needs to be used to exclude SSLv2 ciphers. With LibreSSL, the "-tls1" option may be provided, but it has no effect. With OpenSSL 1.1.1 and newer, the "-tls1" option causes TLSv1.2-only ciphers (e.g., AES256-SHA256) to be excluded (when the "-s" option is also used).

This commit fixes the problem by allowing "-no_ssl2" to be provided as an option to actually_supported_osslciphers(). For versions of $OPENSSL that support SSLv2, "-no_ssl2" is replaced by "-tls1". For versions of $OPENSSL that do not support SSLv2, "-no_ssl2" is simply removed.

This commit also changes openssl2hexcode() to include the "-tls1" option when $OPENSSL supports SSLv2, since openssl2hexcode() should only return a non-SSLv2 cipher.
2022-04-19 14:35:02 -04:00
David Cooper
50b09267d0 Try more ciphers
determine_optimal_sockets_params() makes two attempts to send a TLS 1.2 ClientHello, with each attempt trying 127 ciphers. However, this leaves 97 ciphers from etc/cipher-mapping.txt that are not tried, most of which use ARIA or CAMELLIA. This commit adds a third attempt a send a ClientHello that offers these 97 remaining ciphers. This helps to ensure that support for TLS 1.2 is detected and that later calls to tls_sockets() work, even if the server only supports the ARIA/CAMELLIA ciphers that are not included in TLS12_CIPHER or TLS12_CIPHER_2ND_TRY.
2022-04-18 11:53:28 -04:00
David Cooper
b90db257a1 Update PROTOS_OFFERED
In some rare cases, a connection to the server will fail with tls_sockets() but not with $OPENSSL. This can cause determine_optimal_sockets_params() to call add_proto_offered() to indicate that the protocol is not supported, and then determine_optimal_proto() to later call add_proto_offered() to indicate that it is supported. However, PROTOS_OFFERED does not get changed, since add_proto_offered() only modifies PROTOS_OFFERED if the protocol is not already listed.

This commit fixes the problem by allowing add_proto_offered() to change an entry for a protocol from "no" to "yes".

If determine_optimal_proto() happens to connect to the server using TLS 1.2, then this commit will set TLS12_CIPHER_OFFERED to the cipher from that connection, if TLS12_CIPHER_OFFERED was not set in determine_optimal_sockets_params(). This will allow run_protocols()'s test of a TLS 1.3 ClientHello to work better, if the problem is that no cipher supported by the server is included in TLS12_CIPHER or TLS12_CIPHER_2ND_TRY.
2022-04-15 09:40:02 -04:00
David Cooper
15f8fc5a3f Fix run_server_defaults()
PR #1960 created a bug by placing code between the call to determine_tls_extensions() and a check of its return code. This commit fixes the problem.
2022-04-14 11:01:26 -04:00
David Cooper
a2252168f1 Fix run_server_preference() with no default protocol
run_server_preference() calls "default_proto=$(get_protocol $TMPFILE)" even if all attempts to connect to the server failed. This will result in default_proto incorrectly being set to TLS 1.2. This commit fixes the issue by only calling get_protocol() if an attempt to connect to the server was successful.
2022-04-14 10:50:13 -04:00
David Cooper
0be5ca5309 Support DHE/ECDHE servers with uncommon curves
When running in --ssl-native mode, run_fs() will not detect ECDHE ciphers if the server supports both DHE and ECDHE ciphers and the ECDHE ciphers are only supported with curves that are not offered by $OPENSSL by default. This commit fixes this by adding extra connection attempts with the -curves parameter explicitly provided.
2022-04-14 08:51:25 -04:00
David Cooper
ac662f8699 Improve compatibility with LibreSSL
Older versions of LibreSSL that do not support TLS 1.3 only include a small list of curves in the supported_groups extension by default, so need to retry with curves explicitly defined even with versions of $OPENSSL that do not support TLS 1.3.
2022-04-14 08:51:25 -04:00
David Cooper
dd35be2e4b Fix #2131
This commit fixes #2131 by having run_fs() attempt a TLS 1.2 ClientHello if the initial TLS 1.3 ClientHello fails. The TLS 1.2 ClientHello will offer many more curves than the TLS 1.3 ClientHello offers, and so it may succeed if the server supports ECDHE ciphers, but only with curves that were removed by RFC 8446.
2022-04-14 08:51:25 -04:00
Dirk Wetter
54e5469411
Merge pull request #2150 from dcooper16/no_session_id
Fix setting NO_SESSION_ID
2022-04-14 13:19:24 +02:00
David Cooper
cc74256091 Fix setting NO_SESSION_ID
With a TLS 1.3 connection using $OPENSSL, a session ID will only appears as part of a post-handshake session ticket. However, when $OPENSSL s_client is called as in determine_optimal_proto() (i.e., with "< /dev/null"), a post-handshake session ticket will not always be received, even if the server supports it. This can result in NO_SESSION_ID incorrectly being set to true. This commit fixes the issue by setting NO_SESSION_ID to true by default, and then setting it to false if a session ID is returned by any connection to the server.
2022-04-13 09:26:36 -04:00
David Cooper
70b1ee643f Fix #2147
This commit fixes #2147 by having awk search for additional possible strings to start the CRL Distribution Points output. Unless the CRLDP extension is malformed, it will begin with "Full Name", "Relative Name", "Reasons", or "CRL Issuer".
2022-04-12 14:01:02 -04:00
David Cooper
618de1c24e More OpenSSL compatibility fixes
This commit fixes two more issues with using OpenSSL 3.X. When $OPENSSL is used to obtain a fingerprint, OpenSSL 3.X prepends the fingerprint with "sha1" or "sha256" rather than "SHA1" or "SHA256". In addition, the way that OpenSSL 3.X writes distinguished names causes a space character to appear at the beginning of "$cn" and "$issuer_CN" in certificate_info().
2022-04-11 11:23:09 -04:00
Dirk Wetter
e82178719d
Merge pull request #2141 from dcooper16/ossl3_compat
OpenSSL compatibility fix
2022-04-07 21:29:20 +02:00
David Cooper
09973c8c44 Fix flat JSON file
PR #2140 contains a bug when handling flat JSON files. FIRST_FINDING should only be set to true in the case of structured JSON output, since it is only in that case that fileout_insert_warning() appends a comma to the JSON file. This commit fixes the problem.
2022-04-07 13:57:49 -04:00
David Cooper
6f55a4d08b OpenSSL compatibility fix
OpenSSL 3.0.X uses different names for some elliptic cures in the "Server Temp Key" line than previous previous versions. This commit addresses this issue by checking for both names.
2022-04-07 13:44:42 -04:00
David Cooper
3d0dab4da3 Fix #2138
This commit fixes #2138 by having testssl.sh not wrap early JSON findings in a clientProblem object if the finding is created by a mass testing child and all findings are being placed in a common file. It also sets FIRST_FINDING to true in case another finding is written before the "service" information is written.

Since fileout_insert_warning() adds a comma after the finding is written, the JSON can become corrupted in mass testing if a clientProblem finding is written and then no additional findings are written for that test. In order to try to prevent this, the commit adds several fileout() calls to determine_optimal_proto() in cases in which testssl.sh might exit before testing begins.
2022-04-06 15:41:52 -04:00
Dirk
b6c18f5e4e Remove trailing spaces to get rid of failing status of CI 2022-04-01 18:05:27 +02:00
Dirk Wetter
e240b9db91
Merge pull request #2129 from dcooper16/reorder_server_preference
Reorder output of run_server_preference()
2022-04-01 12:38:39 +02:00
David Cooper
fa5d13eb06 Reorder output of run_server_preference()
This commit reorders the output of run_server_preference() as discussed in #1311.
2022-03-22 15:40:49 -04:00
David Cooper
7e9d724d68 Use tls_sockets() in run_tls_fallback_scsv()
This commit adds the use of tls_sockets() to run_tls_fallback_scsv() to perform testing when the --ssl-native flag is not used. With this commit, run_tls_fallback_scsv() only uses tls_sockets() instead of $OPENSSL if the ClientHello needs to include the TLS_FALLBACK_SCSV flag, but it is not supported by $OPENSSL, or if the protocol that would be negotiated is SSLv3 and $OPENSSL does not support SSLv3.
2022-03-22 15:10:28 -04:00
enxio
70c069381a Declare missing variable, style. 2022-03-14 15:27:55 +01:00
enxio
48ed6d483f Conform to style with local variables: declare "ret" properly. 2022-03-14 15:24:55 +01:00
David Cooper
3cd8e810ac Add DH groups to supported_groups
There is at least one server that will not negotiate TLS_DHE_* cipher suites with TLS 1.2 and below if the supported_groups extension is present but does not include any DH groups. This commit adds the DH groups that are currently in the TLS 1.3 ClientHello to the TLS 1.2 and earlier ClientHello.
2022-03-09 10:33:51 -05:00
David Cooper
909513773d Fix sclient_auth
If $connect_success is false, then sclient_auth() does not "return" any value, and the calling function treats this as if sclient_auth() had returned 0.

This commit fixes sclient_auth() so that 1 is returned if $client_success is false.
2022-03-08 14:57:47 -05:00
David Cooper
c713866bc1 Include RSA-PSS in ClientHello
This commit changes prepare_tls_clienthello() so that the RSA-PSS algorithms are offered in the signature algorithms extension of TLS 1.2 and below ClientHello messages.
2022-03-08 11:45:55 -05:00
enxio
8715a1a216 Conform to style. Add some more info on the TN3270 STARTTLS negotiation. 2022-03-02 14:02:14 +01:00
enxio
82367ab96e Add support for TN3270/telnet STARTTLS (similar to OpenSSL's approach). 2022-03-02 10:04:57 +01:00
Dirk Wetter
e1711a7ccb Fix "ID resumption test failed" under Darwin
Under Darwin using LibreSSL it was not possible to test for session
resumption by session ID.

This fixes #2096 by checking not only the return value of the s_client
hello but also whether a probable certificate is being returned.
2022-02-16 23:09:11 +01:00
Dirk Wetter
27dc0589ae Fix JSON output bc of missing locale in alpine (3.1dev)
It is now being tested whether the binary locale exists and
there's a global introduced for that.

Also there's no fileout warning at this early stage anymore
as it leads to non-valid JSON.

This fixes #2103 in 3.1dev.
2022-02-16 12:16:11 +01:00
Dirk Wetter
bfb78628da Fix locale error message when en_US.UTF-8 isn't available
Therefore a new global function was declared checking whether any of
the known locales work on the client without seeting them.
C / POSIX should work as well for LC_COLLATE.

This fixes #2100 for 3.1dev.
2022-02-14 18:07:57 +01:00
Dirk Wetter
9b98c9e73e correct English in comment 2022-02-02 12:28:09 +01:00
Dirk Wetter
8cc3130e0d Fix Darwin / LibreSSL startup problem
This PR addresses a bug where a user encountered the question "The results
might look ok but they could be nonsense. Really proceed".

That happened under Darwin and probably some LibreSSL versions when
checking some hosts. sclient_auth() returned 1 indicating no SSL/TLS
handshake could be established.

This PR modifies sclient_auth() so that in those cases 0 is returned by
skipping the check for the session ID. As NO_SSL_SESSIONID needs to
be set when there's no session ID, this is done separately.
2022-02-02 11:38:33 +01:00