Commit Graph

2891 Commits

Author SHA1 Message Date
Dirk 6d2b42b38d Fix regression (TLS 1.3) in server preference test
.. see #1179
2019-01-10 14:17:42 +01:00
Dirk 53bd3bf736 Server preference for TLS 1.3
This commit fixes #1163 which lead to the misleading output when
a TLS 1.3 enabled server had no preferences for the TLS 1.3 ciphers
but for anything below (like currently for testssl.NET).

The TLS 1.3 handshake in sockets plus the following openssl handshake
was moved to the top in run_server_preference() so that it can be better
determined whether TLS 1.3 is available. If this section's outcome is
TLS 1.3 is negotiated a single TLS 1.3 handshake with 5 ciphers only is
done forward and reverse. The resulting ciphers are later on compared
whether there's a cipher order for TLS 1.3.

Basically this section should be redone, so that all openssl handshakes
are replaced by sockets. As this would consume more time as it appears
reasonable at this point of time, this was not done yet. A starting point
for this would be tls13_list_fwd + reverse. After release of 3.0 90%
of the code will be replaced anyway.

DHE-RSA-SEED-SHA and SEED-SHA was added to the reverse and forward lists
as some old openssl versions + apache use it.

Also:

Googles ALPN_PROTO grpc-exp was added (to be reconsidered at some certain point)

Some redundant quotes in double square brackets were removed.

All "do_*" variables are now in quotes when tested w if or [[
2019-01-09 15:33:15 +01:00
Dirk e29b1f40e6 Improve HTML-Formatting, minor additions
The HTML manual is now post processed through tidy
which removes the problem of ">" not HTML encoded.

--color 0 is now explicitly mentioned to avoid escaped codes in the
output.

Minor changes wrt certificate stores
2019-01-08 13:56:55 +01:00
Dirk 0b98b7c735 Small clarification to --help and <fname> 2018-12-19 11:45:02 +01:00
Dirk 75a9c021e5 Add -iL as a n alternative to --file 2018-12-17 21:09:12 +01:00
Dirk d10f66a4c5 Minor additions
1) add --add-ca option and remove eother references to ADDITIONAL_CA_FILES
2) add a paragraph 'TUNING OPTIONS'
3) add -iL as a n alternative to --file
2018-12-17 21:04:47 +01:00
Dirk e739b54664 Updated to version 3.0rcX
Reflect we're at 3.0rcX, 2.9.5 is past, 2.8 not supported

Removed features from 2.9.5. Added all(?-->David?) features implemented
in 2.9dev.

Mention docker image

Clarify when testssl.sh should be mentioned (license).
2018-12-14 14:47:41 +01:00
Dirk f708e1420e Updated Trust Stores, Java added
This is an update of the root certificate stores. Date from each store
is from yesterday.

Description update.

Also the Java certificate store was added. Previously Java was omitted
as it appeared not to be complete. I tested successfully this store.
2018-12-14 10:00:23 +01:00
Dirk 1416ff620b Major update, review
Review: grammar, spelling.  Errorneous and obsolete description.
        Some items reordered.

Updated: to reflect the current capabilities.

Moreover: (Almost) complete the tuning variables section.
2018-12-13 18:07:20 +01:00
Dirk 4f920a389a Don't output warnings in JSON in parent when mass testing
This addresses #1169: When using JSON as output format when mass testing
AND we have a non-fatal condition when e.g. openssl lacks support for
something it led to an invalid JSON as the warning was put into file w/o
a trailing comma.

The commit removes the warning to be put into the output. We still have the
message on screen + in HTML which is not as optimal as it could be.

Also I did some cleanups related to redundant double quotes I stumbled over while
fixing this.
2018-12-11 10:03:58 +01:00
Dirk ab7ca281c0 Minor polishing 2018-12-07 14:35:49 +01:00
Dirk 6fe5adbbc3 Improved connection failure conditions
As a kind of a pre-warning this commit allows the n-1 connection problem to
give feedback on the screen (that wasn't working before).

Also the message on the screen is now more clear and the manpage
gives better advice.

Related to #1172
2018-12-05 16:09:36 +01:00
Dirk Wetter 11cf06d6e9
Merge pull request #1171 from dcooper16/fix1165
Fix #1165
2018-12-04 21:42:20 +01:00
Dirk Wetter 78722ef982
Merge pull request #1170 from dcooper16/fix990
Fix #990
2018-12-04 21:36:49 +01:00
David Cooper d3c29f24e4
Fix #1165
This PR fixes #1165 by changing resend_if_hello_retry_request() to modify the initial ClientHello rather than having it call prepare_tls_clienthello() to try to generate a new ClientHello that is almost the same as the first. The modification is done using a revised version of create_client_simulation_tls_clienthello(), which is now renamed as modify_clienthello().

Since prepare_tls_clienthello() is no longer used to create a second ClientHello message, argument 7 to that function is no longer needed.
2018-12-04 14:07:39 -05:00
David Cooper 93da0919a9
Fix #990
There is at least one extension that will fail on a TLSv1.3 ClientHello if the psk_key_exchange_modes extension is not present (see #990). The PR adds the extension to TLSv1.3 ClientHello messages. OpenSSL, Firefox, and Chrome all include this extension in their ClientHello messages, so including it is unlikely to cause problems for any servers.
2018-12-04 12:51:46 -05:00
Dirk e9c5435c0a Banners for NNTP added
... found during research for STARTTLS NNTP last week
2018-12-04 11:30:01 +01:00
Dirk c78c293bf8 Fix vim, err... typo ;-) 2018-12-01 21:18:17 +01:00
Dirk Wetter ab55c26424
Merge pull request #1168 from dcooper16/fix_typos
Fix typos
2018-11-30 18:38:31 +01:00
David Cooper 42687658ea
Fix typos
The primary purpose of this PR is to fix the typo on line 14157, but it also corrects a number of typos that appear in comments.
2018-11-30 10:54:30 -05:00
Dirk 22a11b1e75 Bump version # 2018-11-30 10:02:39 +01:00
Dirk 7d40041652 Re-add RFC 7919 primes into run_logjam()
.. after some discussion. As TLS 1.3 is not tested here
any RFC 7919 primes using this protocol will not show
up (they in in run_pfs() though). To avoid misunderstandings
" DH key detected with <= TLS 1.2" is now being printed.
2018-11-30 08:59:55 +01:00
Dirk Wetter 4e2bd0ef2f
Merge pull request #1166 from dcooper16/dont_test_unsupported_tls11
Don't run TLSv1.1 tests if server doesn't support TLSv1.1
2018-11-29 10:12:08 +01:00
Dirk Wetter 7a6ec6b8a2
Merge pull request #1164 from dcooper16/fix1159
Fix #1159
2018-11-29 10:02:26 +01:00
Dirk Wetter 51df09bbcf
Merge pull request #1167 from dcooper16/fix1159_part2
Fix #1159 part 2
2018-11-29 10:01:47 +01:00
David Cooper f723ec97a7
Fix #1159 part 2
This PR provides an additional fix for the issue raised by #1159. It defines a third option for the degree of processing that should be performed by tls_sockets(): "all+". When "all+" is provided, the processing is exactly the same as for "all" with the exception of the creation of the supported_groups extension. For a TLSv1.3 ClientHello, curves that are not supported by $OPENSSL are omitted from the supported_groups extension rather than offering these curves as the least preferred option.

The "all+" option is used in run_server_defaults() where, unlike with almost every other call to tls_sockets(), a successful connection is of no use unless the response can be decrypted. This is also the case for run_alpn(), and so the call to tls_sockets() was also changed to "all+" there. But, the change has no effect at the moment, since run_alpn() sends a TLSv1.2 ClientHello.
2018-11-28 14:58:17 -05:00
David Cooper 9a47b379d6
Don't run TLSv1.1 tests if server doesn't support TLSv1.1
As a result of #276, `run_server_defaults()` makes several attempts to find certificates that a server offers if the ClientHello is for TLSv1.2 and no SNI is offered. However, these tests are unnecessary if it is already known that the server does not support TLSv1.1.

This PR modifies `run_server_defaults()` so that the the TLSv1.1-only tests are skipped if the server is known to not support TLSv1.1.
2018-11-28 12:52:15 -05:00
David Cooper a3f5dac46c
Fix #1159
This PR fixes #1159. If tls_sockets() connects to a server using TLSv1.3, it cannot be assumed that the server's certificate is available, as testssl.sh may not have been able to decrypt the server's response. This can happen, for example, if X25519 was used for the key exchange and `$OPENSSL` does not support X25519.

If the connection was successful, but the certificate could not be obtained, then this PR tries again using `$OPENSSL`. However, since `$OPENSSL` does not support TLSv1.3, this will only work if the server supports TLSv1.2 or earlier.
2018-11-28 12:10:30 -05:00
Dirk d2fe7567d3 Make STARTTLS NNTP work
This commit addresses #179 and implements NNTP via STARTTLS. I did
a few tests and it did work so far.

However the binary support needs to be done. I backported in my
fork of @PeterMosmans tree the section from OpenSSL 1.1.1 -- but
it didn't work, see https://github.com/openssl/openssl/issues/7722.

I just tried to patch it as I suggested and it worked then. My
patch is pushed soon after to https://github.com/drwetter/openssl-1.0.2.bad,
however I'll better wait for the official OPenSSL 1.1.1 patch.
2018-11-28 16:54:09 +01:00
Dirk e23afb900b Catch better a user cmdline problem
.. when specifying --ip=one AND and an URI
2018-11-28 12:24:45 +01:00
Dirk 696c4d0b93 Improved debug code for cipher order 2018-11-28 10:39:14 +01:00
Dirk b425767427 Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2018-11-27 20:10:23 +01:00
Dirk 8383a7372d Merge branch 'dh_param' into 2.9dev 2018-11-27 20:09:51 +01:00
Dirk 688d049167 Last polishing to include DH groups in logjam and pfs
This commit finalizes #1139. It displays the DH groups
in both run_logjam() and run_pfs() in a simlilar manner
(except the FFDHE groups).

A common small function pr_dh() was introduced which prints
out the dh group and in round brackets colored DH bits.
2018-11-27 20:03:25 +01:00
Dirk 6ce0ad80e6 fit HTML man page to page width 2018-11-23 23:47:21 +01:00
Dirk Wetter 5b3e610e53
Merge pull request #1153 from bitsofinfo/2.9dev
new links to external/related projects
2018-11-19 10:57:29 +01:00
bitsofinfo 13cd12f57b external projects, testssl.sh-processor and testssl.sh-alerts 2018-11-13 14:41:05 -07:00
bitsofinfo 789b405f83 external projects, testssl.sh-processor and testssl.sh-alerts 2018-11-13 14:40:32 -07:00
bitsofinfo 87e52daf95 external projects, testssl.sh-processor and testssl.sh-alerts 2018-11-13 14:39:55 -07:00
Dirk 981432c19a Finalize redoing XMPP handshake
This commit finally fixes #547 and makes XMPP handshakes at least
as fast as the other STARTTLS handshakes.

It utilizes dd to read from the file descriptor. In all tests
I ran so far it didn't cause any problems. There's a potential
problem though that dd might block.
2018-11-13 21:10:41 +01:00
Dirk f591126a1b Minor updates
added: client simulation, requirements.

Updated number of ciphers.
2018-11-12 21:36:43 +01:00
Dirk eb8ba74460 Redid + bugfix for STARTTLS XMPP
This PR fixes #924 and does some foundation for #547. It's a
somewhat preliminary push of code and further work for #547 is required.

XMPP is now similar programmed as other STARTTLS handshakes with the exception
that it is not line based but stream based.  That is still the catch here and
needs to be addressed: STARTTLS protocols like IMAP + SMTP use
starttls_full_read() which reads lines until the line is completely received or
the timeout was encountered.

The new function ``starttls_io()`` however does a wait (fixed value: 1 second)
as there's no lf or terminator.

The XMPP STARTTLS handshakes are now the same as in OpenSSL.

There are redundant functions in this code which will be removed later.

Also at some places a hint for lmtp was missing which was added.
2018-11-12 21:27:30 +01:00
Dirk 0431b7166a Check for OpenSSL + use unames 2018-11-12 20:52:36 +01:00
Dirk de7f7b6cab Check for OpenSSL + use unames 2018-11-12 20:46:35 +01:00
Dirk f4ab795221 Add "No FS" in non-wide mode in client simulation
... and redo there for the output of curves / no FS

fix #98
2018-11-10 00:04:51 +01:00
Dirk a792a25f4d Attention: Replacing JSON ID "target host" by "targetHost"
see #1150.
2018-11-08 22:09:53 +01:00
Dirk 42c47d4f58 RFC --> IANA 2018-11-08 20:38:28 +01:00
Dirk da233c939e RFC --> IANA
The cipher suites names in the RFCs stem (mostly) from IANA, see
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

This PR corrects that in places visible to the user. For backwards
compatibility the cmd line switches still work as before, but there's
a preference to IANA. The RFC naming is labeled as to be retired
in the future.
2018-11-08 20:26:52 +01:00
Dirk 32923bbdb1 TLS 1.3 ciphers forgotten :-(, added 2018-11-08 13:10:56 +01:00
Dirk ca34e3fc12 Updated client simulation
SSLabs API only added one newer version of Chrome (70) and one newer version
of Firefox (62).

Thus the wishlist gets longer (c15e0425dc).
Missing is Android 8 and 9, OpenSSL 1.1.1, Safari on OSX 11 and 12. Java 10
and 11.

Fix #1104
2018-11-05 22:47:28 +01:00