Commit Graph

172 Commits

Author SHA1 Message Date
Dirk eb7b0c9644 add hash file 2020-07-14 22:26:23 +02:00
Christoph Settgast 82e939f2bd Add wiresharked Android 7.0 (native)
After being bitten by https://stackoverflow.com/questions/39133437/sslhandshakeexception-handshake-failed-on-android-n-7-0
I add a wiresharked Android 7.0 to reflect that bug in Android 7.0.
2020-06-23 15:26:31 +02:00
Dirk Wetter a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-23 11:20:46 +02:00
David Cooper 46c05c6732 Fix client simulation
replace ciphers with ch_ciphers and sni with ch_sni in client simulation data file.
2020-01-31 10:52:50 -05:00
Dirk Wetter eeb1acd749 Android 9 still has 2 signature hash algos: x0201 + x0203 2020-01-22 11:41:42 +01:00
Dirk Wetter 7c66ed47c0 All self retrieved Android handshakes modified to service ANY 2020-01-22 10:58:00 +01:00
Dirk Wetter a50a660d6c Add Android 10 client simulation 2020-01-22 10:54:50 +01:00
Dirk Wetter ddc7a56ab0
fix language 2020-01-17 11:59:41 +01:00
Dirk Wetter ac7a20f018
Update client-simulation.wiresharked.md 2020-01-16 22:46:43 +01:00
Dirk Wetter 86afeabf8f
Merge pull request #1438 from drwetter/update_clienthandshakes
Update clienthandshakes
2020-01-16 22:26:21 +01:00
Dirk Wetter 13aa6aa433 Readd TLS 1.0 and TLS 1.1 to openssl 1.1.1d (Debian)
... see previous commit
2020-01-14 18:17:44 +01:00
Dirk Wetter 09eda2aa97 Update openssl handshakes
to 1.1.0l and 1.1.1d. Seems that for the latter TLS 1.0 and 1.1
are disabled now, looking at the supported version extension.
However on the command line an s_client connect works. So
this commit need to be amended.
2020-01-14 18:02:43 +01:00
Dirk Wetter 56e6fa4bb7 Remove FTP as a "service" from Firefox' client simulation
... as firefox never supported FTP over TLS or SSL, see

https://bugzilla.mozilla.org/show_bug.cgi?id=85464

In general browsers tend to remove noaways cleartext FTP from
browsers.
2020-01-13 23:11:59 +01:00
Dirk Wetter 8cc3a5f514 Add firefox 71
... and
* deprecate openssl 1.0.1
* enable Chrome 74 instead of Chrome 65
2020-01-13 22:57:10 +01:00
David Cooper 420fa73f5a Fix Safari 13.0 Client Simulation
The ciphersuites string for Safari 13.0 ends with a colon (':'). which causes OpenSSL to reject the command line when client simulation testing is performed in --ssl-native mode. This PR fixes the problem by removing the trailing colon.
2020-01-13 10:31:20 -05:00
Dirk Wetter 88ec92d622 Add recent Chrome and Opera handshakes
Chrome 78 and 79, Opera 65 and 66

Remove FTP from Chrome
2020-01-13 16:02:39 +01:00
Dirk Wetter a714aec912 Clarify / correct a few bits 2020-01-13 16:01:27 +01:00
Dirk Wetter cf8cb541d5 Update Thunderbird simulation to v68.3 2020-01-13 11:35:58 +01:00
Dirk Wetter 0911d1ae31 For better recognition put readme in a separate file 2020-01-13 11:34:25 +01:00
Dirk Wetter a244ef7990 Needed update after putting all CA store here 2020-01-11 11:45:27 +01:00
Dirk Wetter 88e670ab1f Update store
According to MS this is the latest which is from July 2019.
This is the biggest CA store (probably a lot of intermediate
certificates in there).

This was pulled from MS as described in the Readme.md . It
is exactly the same whether CertUtil will be run from Windows 7
(almost: RIP) or Windows 10.
2020-01-11 11:42:30 +01:00
Dirk 40155ed222 Update Java store
Other than before teh Java store was extracted directly from a keystore
from a Java JRE from https://jdk.java.net/.

The Debian keystore used previously used the certificates from the Debian
machine itself (installation script in ``/etc/ca-certificates/update.d/``.
Check with ``keytool -list -rfc -keystore /etc/ssl/certs/java/cacerts | grep -i 'alias'``

As a consequence this store contains less certificates:

etc/Java.pem:90
etc/Linux.pem:128

and needs some testing whether it really should be still included.
2020-01-10 09:17:57 +01:00
Dirk Wetter 7341cac3c2 -add-ca amended 2020-01-09 10:34:07 +01:00
Dirk Wetter 3ff93b4fa6 Update for 3.0 2020-01-09 10:27:09 +01:00
Christoph Settgast 23b845c11b Update Safari to 13.0 and macOS to 10.14
manually wiresharked, now with TLS1.3 for macOS as well.
2019-10-16 20:36:08 +02:00
David Cooper 80a725541b Allow TLS12_CIPHER to be changed
In some rare cases a server does not support any of the ciphers in $TLS12_CIPHER, but does support at least one cipher in $TLS12_CIPHER_2ND_TRY. In such cases, TLS12_CIPHER should be changed to $TLS12_CIPHER_2ND_TRY so that subsequent tests using $TLS12_CIPHER will succeed.
2019-09-23 15:54:44 -04:00
Dirk d5f90218d1 Deprecation of more clients
* Tor 17
* Android 4.2.2
* IE 7 Vista
2019-05-08 23:12:45 +02:00
Dirk Wetter 7238a0167a Change the platform for Java from Ubuntu to OpenJDK 2019-05-07 19:39:20 +02:00
Dirk Wetter 174f4ee527
Merge pull request #1268 from csett86/safari-macos
Add Safari 12.1 on macOS 10.13.6
2019-05-07 19:35:09 +02:00
Christoph Settgast c41b1f0055 Revert diff noise at end of file 2019-05-06 21:35:58 +02:00
Christoph Settgast fa77a9c80e Deprecate Java 9, its EOL since March 2018
No current distro (Ubuntu, Debian, Fedora) is still shipping it,
Oracle has EOLed it in March 2018 according to

https://www.oracle.com/technetwork/java/java-se-support-roadmap.html
2019-05-06 21:26:30 +02:00
Christoph Settgast a17f45b563 Add Safari 12.1 on macOS 10.13.6
manually wiresharked
2019-05-06 21:19:46 +02:00
Christoph Settgast 8c8a626b49 Remove erroneous DES-CBC-MD5 from Java 11 and 12
DES-CBC-MD5 was included by utils/hexstream2cipher.sh,
heres the relevant snippet, line 160:

148: c025 --> 0xc0,0x25 --> ECDH-ECDSA-AES128-SHA256
152: c029 --> 0xc0,0x29 --> ECDH-RSA-AES128-SHA256
156: 0067 --> 0x00,0x67 --> DHE-RSA-AES128-SHA256
160: 0040 --> 0x00,0x40 --> DHE-DSS-AES128-SHA256 DES-CBC-MD5
164: c009 --> 0xc0,0x09 --> ECDHE-ECDSA-AES128-SHA
168: c013 --> 0xc0,0x13 --> ECDHE-RSA-AES128-SHA
172: 002f --> 0x00,0x2f --> AES128-SHA
176: c004 --> 0xc0,0x04 --> ECDH-ECDSA-AES128-SHA

Unfortunately I don't know how to fix utils/hexstream2cipher.sh,
but I have manually removed the erroneous cipher and space from
the client-sim.
2019-05-06 18:07:43 +02:00
Christoph Settgast 11416790cd Add Java 12 from Ubuntu 19.04
manually wiresharked, detailed version info:

$ java -version
openjdk version "12.0.1" 2019-04-16
OpenJDK Runtime Environment (build 12.0.1+12-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 12.0.1+12-Ubuntu-1, mixed mode, sharing)
2019-05-04 22:30:46 +02:00
Christoph Settgast c4b5f33532 Add Java 11 from Ubuntu 18.04
manually wiresharked, detailed version info:

$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode)
2019-05-04 22:20:53 +02:00
Dirk Wetter bfd6caa624 Fix error + round brackets
PR #1260 missed a 'current' line which caused an output problem.

I'd like to add round brackets to the displayed name so that we remember
what comes from wireshark and waht from SSLlabs
2019-05-04 11:05:57 +02:00
Christoph Settgast 67c0dd106e Add Safari 12.1 from iOS 12.2
Manually Wiresharked
2019-05-04 00:58:31 +02:00
Dirk Wetter 79a0345213 Fix typo in handshake simulation with openssl 1.1x
"protos" contained "-no-ssl3" instead of "-no_ssl3"
which lead to an error message "Oops: openssl s_client connect problem"
-- which wasn't caught by the STARTTLS unit test either :-(
2019-05-02 09:53:51 +02:00
Dirk 955265afa0 Update to chrome 74 2019-04-25 09:17:23 +02:00
Dirk Wetter 64c2bcc949 Add Thunderbird 60.6.1 to client simulation 2019-04-23 13:37:50 +02:00
Dirk Wetter 3f99c2d2c8 Add Opera 60 + Chrome 73
Chrome 74 update pending
2019-04-23 11:33:47 +02:00
Dirk Wetter d2f5c2633c Add a few MS client hellos
* Edge 17 Win 10
* Firefox 66 Win 10

Disable 'Edge 13 Win Phone 10' per default and 'Firefox 62 Win 7'.
2019-04-23 10:32:17 +02:00
Dirk Wetter 950772cb23 Clarify client sim data 2019-04-23 10:26:30 +02:00
Dirk c183c213e5 Add client simulations
.. for Android 8.1 and Firefox 66.

Add ciphersuites to the existing handshakes and update
the documentation accordingly.
2019-04-20 20:21:25 +02:00
Dirk 5f047db92f Add client simlation data and provide howto
While we are thankful that Ivan Ristic permitted to use the client
data from SSLlabs, it became of bit outdated now (see #1158). Also
as sslhaf [1] was used, the data comes from HTTP traffic only.

This is a start to address it. It provides data from Android 9
(connecting to the play store, so that it is sure we don't capture
a ClientHello from an application having an own TLS stack.

Also it provides documentation how to grab data yourself, and
provide it back to testssl.sh.

Aim is at least for testssl.sh 3.0 to add Android 8 and OpenSSL 1.1.1 (@drwetter).

My hope others can assist with  Safari on OSX 11 and 12. Java 10 and 11,
and a recent Opera and Edge version. (Firefox and Chrome are out of
date too)

Mail clients to follow later.

[1] https://github.com/ssllabs/sslhaf
2019-04-18 10:06:01 +02:00
Dirk Wetter ba204047e7 Remove opera client simulation
... as it may indicate this is a recent version
but version 17 is infact 5,5 years old.

If you configure the server side this is misleading!
2019-04-12 18:15:34 +02:00
Dirk 6bd489331d Updated store because of Mozilla update
Following certificate were added:
- Certigna Root CA
- UCA Extended Validation Root
- UCA Global G2 Root
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
2019-02-21 09:21:19 +01:00
Dirk f708e1420e Updated Trust Stores, Java added
This is an update of the root certificate stores. Date from each store
is from yesterday.

Description update.

Also the Java certificate store was added. Previously Java was omitted
as it appeared not to be complete. I tested successfully this store.
2018-12-14 10:00:23 +01:00
Dirk ca34e3fc12 Updated client simulation
SSLabs API only added one newer version of Chrome (70) and one newer version
of Firefox (62).

Thus the wishlist gets longer (c15e0425dc).
Missing is Android 8 and 9, OpenSSL 1.1.1, Safari on OSX 11 and 12. Java 10
and 11.

Fix #1104
2018-11-05 22:47:28 +01:00
Dirk c0b43b3fd8 Correct new openssl cipher name
... from 7d36ba9a2e
2018-11-02 14:04:12 +01:00
Dirk 7d36ba9a2e Add more ciphers
There are a couple of old SSLv2 ciphers which haben't been included in
etc/cipher-mapping.txt . This PR updates the file. Names were derived
from the (old) OpenSSL / SSLeay source code.

In addition TLS_NULL_WITH_NULL_NULL (>=SSLv3 cipher) was added.

ToDo: Review functions to be updated to use those ciphers.
2018-11-02 10:35:38 +01:00
David Cooper 2b46664a83
Remove '0a' character from public keys
This commit removes the '0a' character from public keys used in the key_share extension. New key pairs were created by repeatedly generating new keys until one was found that had no '0a' characters in the public key.
2018-09-21 17:07:46 -04:00
David Cooper 0f9e6b9883
Remove duplicate common primes
Remove three additional common primes that appeared in both https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse and https://github.com/cryptosense/diffie-hellman-groups/blob/master/gen/common.json. Note that run_logjam() will not work properly if the server's prime appears twice in etc/common-primes.txt.
2018-07-23 13:48:18 -04:00
David Cooper 81981b7c27
Update etc/common-primes.txt
The primes in etc/common-primes.txt that were taken from https://github.com/cryptosense/diffie-hellman-groups/blob/master/gen/common.json were encoded in decimal rather than hexadecimal, preventing them from being matched against the primes offered by servers. This PR converts the primes from https://github.com/cryptosense/diffie-hellman-groups/blob/master/gen/common.json to hexadecimal, removing those that were duplicates from https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse.
2018-07-23 13:30:04 -04:00
David Cooper 99c5f42b3f
Add RFC 7919 primes to etc/common-primes.txt
This PR adds the 6 primes from RFC 7919 to etc/common-primes.txt so that they can be detected by run_logjam().
2018-07-20 09:20:44 -04:00
Dirk e8d7ba547a remove old client_simulation.txt 2018-04-18 21:09:31 +02:00
Dirk c15e0425dc Update client simulation
This is a fix for #722. It updates the client simulation data from
the SSLlabs API. As usual data was pulled, resorted and clients
to display were hand-selected.

Wishlist: Missing is Oreo, OpenSSL 1.1.1, Safari on OX 11, Firefox
52.x (ESR)

With the recent PR #1033 from @dcooper it can also show TLS 1.3
handshakes.
2018-04-16 11:13:44 +02:00
David Cooper cd8ceae80e Add curve information to SSL native client simulations
When performing client simulations in "--ssl-native" mode, provide the client's list of supported curves to "$OPENSSL s_client" in order to make the results even more accurate.
2018-04-11 13:48:40 -04:00
David Cooper 39db50eea2 Improve SSL native client simulation
This PR improves client simulation in "--ssl-native" mode:

* It changes ${protos[i]} to list the protocols that should be disabled rather than those that should be enabled, except in the case that the client only supports one protocol.

* It sets the values for ${tlsvers[i]}, which is used in run_client_simulation(), but was not defined.

* It adds a new variable, ${ciphersuites[i]}, that lists the TLSv1.3 cipher suites supported by a client.

Client simulation still produces false results in "--ssl-native" mode, but the results are better than before.
2018-04-10 16:57:24 -04:00
David Cooper 0f7a49e2a3 Fix #1013
This PR fixes the issue raised in #1013. It primarily does this in two ways:

* In calls to `$OPENSSL s_client` that specify ciphers, the TLSv1.3 ciphers are provided separately using the `-ciphersuites` option. Then, the `s_client_options()` function manipulates the command-line options as necessary based on the version of OpenSSL being used.

* Calls to `$OPENSSL ciphers` were replaced with calls to `actually_supported_ciphers()`, which calls `$OPENSSL ciphers`. `actually_supported_ciphers()` modifies the parameters for the call to `$OPENSSL ciphers` as necessary, based on the version of OpenSSL being used.
2018-03-19 11:26:31 -04:00
David Cooper 714933d607 Add X448 support in TLS 1.3
Support for X448 was recently added to the development branch of OpenSSL 1.1.1. This PR adds an X448 key pair to etc/tls_data.txt (that was generated using OpenSSL 1.1.1) and adds X448 to the supported_groups extension for TLS 1.3 ClientHello messages.
2018-03-12 13:40:22 -04:00
Daniel Chodusov 6497157957
Using generic HAProxy name
This prime appears to be not only in HAProxy 1.5 but as well in the newer versions. The test result will return incorrect response message, when testing on the newer HAProxy versions (ie. 1.5 is detected but 1.8 is installed).
2018-02-22 13:57:02 +01:00
David Cooper dd58fbb9aa
Add public keys
Add the public keys corresponding to the key pairs in TLS13_KEY_SHARES.
2017-11-02 11:44:29 -04:00
David Cooper cd6c84bfd3
Add a secp224r1 key pair 2017-11-02 11:30:24 -04:00
David Cooper ca7c8200eb Add TLSv1.3 support for run_server_preference()
This PR adds support for TLSv1.3 to run_server_preference(). It only provides partial support, as it only works if the support supports and earlier TLS protocol (in order to determine whether the server has a cipher order). It also will only show TLSv1.3 as the "Negotiated protocol" if $OPENSSL supports TLSv1.3.

This PR also fixes a bug in which the variable "proto" was defined as used as both a regular variable and as an array.
2017-10-20 11:40:19 -04:00
David Cooper fd1f4b3b43 Add TLSv1.3 ciphers
This commit adds the 5 TLSv1.3 ciphers to the list.
2017-10-06 10:05:18 -04:00
David Cooper 555ce31ab8 Fix incorrect client simulation data
In the data provided by https://api.dev.ssllabs.com/api/v3/getClients, Chrome 57 Win 7 and Firefox 53 Win 7 send ClientHellos that indicate support for TLSv1.3 draft 18, but the highest_protocol for each of these is specified as 0x0303. The result is that if the server being tested supports TLSV1.3 draft 18, `run_client_simulation()` will incorrectly report "No connection" for these servers since the DETECTED_TLS_VERSION (0x0304) will be higher than the specified highest_protocol.

This PR fixes the problem by changing the highest_protocol to 0x0304. Note that another solution to this problem would be to change the ClientHello messages for these two browsers. It is my understanding that TLSv1.3 is disabled by default for these browsers, so presumably the ClientHello messages would not specify TLSv1.3 support if they were configured with TLSv1.3 support disabled.
2017-10-03 16:34:56 -04:00
Dirk b9b09f586e added MS CA store, see #825
Finally complete, thx @naumanshah03
2017-09-19 15:15:54 +02:00
Dirk Wetter f48deaaa9d Update README.md 2017-09-19 14:50:08 +02:00
Dirk Wetter 95af735862 Update README.md 2017-09-18 23:33:25 +02:00
Dirk Wetter 3caa73c1b8 Update README.md 2017-09-18 23:32:35 +02:00
Dirk f014a1853b missing update from 985c845486 2017-09-18 23:01:37 +02:00
Dirk 8b076e9841 relect what to do for updtaing ca_hashes.txt 2017-09-18 14:20:56 +02:00
Dirk 985c845486 update of certificate stores, except MS 2017-09-18 14:18:00 +02:00
Dirk Wetter 54539e9da3 rename client simulation file (das is more consistent)
update client simulation: now has every client from SSLlabs and
it is properly ordered
2017-08-30 23:00:32 +02:00
Dirk Wetter 8be7dcbf09 Reorder client simulation data (see #776) and update README 2017-08-30 20:35:15 +02:00
David Cooper 6460de39a2 Add OpenSSL names for ARIA ciphers
A PR was just accepted into the master branch of https://github.com/openssl/openssl that specifies OpenSSL names for the ARIA GCM cipher suites: bc32673869. This PR adds these OpenSSL names to the cipher-mapping.txt file. It also changes the description of the encryption algorithm for these ciphers from "ARIA" to "ARIAGCM" to be consistent with OpenSSL and with the other GCM ciphers in the cipher-mapping.txt file.

In addition, OpenSSL names for some of the ARIA CBC ciphers are provided in https://github.com/openssl/openssl/blob/master/doc/man1/ciphers.pod, and this PR adds those OpenSSL names to the cipher-mapping.txt file as well.
2017-08-30 11:12:11 -04:00
Dirk Wetter 5ea2b7c612 typo 2017-08-13 11:32:24 +02:00
David Cooper 966f9c499a Update README.md for etc directory 2017-08-04 09:10:41 -04:00
Dirk 9540224722 adding comments for David's PR #807 and pointing to the cipher list in #806 2017-07-31 12:59:36 +02:00
David Cooper ee40625d40 Fix typo in comment
$TLS12_CIPHER only includes 123 standard ciphers; 0x00,0xFF doesn't count as a "standard cipher."
2017-07-28 12:23:21 -04:00
David Cooper 7ccb611d13 Update TLS12_CIPHER
Update `$TLS12_CIPHER` to contain only 128 ciphers (so that it will work with servers that can't handle larger ClientHello messages), and also add some newer ciphers to `$TLS12_CIPHER`. Also define  a `$TLS12_CIPHER_2ND_TRY` containing a list of 127 ciphers that do not appear in `$TLS12_CIPHER`. `$TLS12_CIPHER_2ND_TRY` is used in `run_protocols()` in order to perform a second test against servers that do not establish a TLSv1.2 connection when offered `$TLS12_CIPHER`.
2017-07-28 12:14:44 -04:00
Dirk Wetter 26bf3300e8 Delete mapping.txt
has been replaced in 2.9dev by cipher-mapping.txt
2017-05-22 11:38:23 +02:00
David Cooper 005fe3f27e Remove unnecessary spaces 2017-03-23 14:15:26 -04:00
Dirk 8c0b0083d0 further separation of data / code 2017-03-21 09:15:30 +01:00
Dirk Wetter ca18433959 Update README.md 2017-02-24 17:55:20 +01:00
Dirk Wetter 3f0a98b635 Generated from utils/update_client_sim_data.pl and manually massaged ;-)
Note that the internal data from testssl.sh will disappear
2017-02-24 17:45:23 +01:00
Dirk f3666a13c5 - add crypotsense prefined DH groups
- final FIX #589
2017-01-20 18:14:48 +01:00
Dirk 05d27ff1be - FIX for the last mess submitted ;-) 2017-01-18 18:09:39 +01:00
Dirk b1c80512e6 first bunch of common primes, see #589 + #576 + #120. License of nmap is also GPLv2: no conflicts 2017-01-18 12:44:15 +01:00
David Cooper b0ac21fe31 Add two missing OpenSSL cipher names 2016-11-15 15:13:09 -05:00
Dirk 08384920a9 Cipher mapping externalized by using David's extended mapping. Also implemented warnings
and fallback to openssl if this file cannot be found and thus sockets can't be used
2016-11-15 15:20:48 +01:00
Dirk 1613bb214e Merge branch 'master' into CA_pinning
Conflicts:
	testssl.sh
2016-10-27 21:59:10 +02:00
Dirk d32dbdaff3 Updating MS store, sill small, still not automated/cumbersome not sure if ok 2016-10-12 21:15:37 +02:00
Dirk eb1f6e05bb update, thanks to Niko78, see #371 2016-10-02 10:04:25 +02:00
Dirk fd83509ae5 update 2016-09-29 23:23:44 +02:00
Frank Breedijk 5d7367a68d Shell script to generate ca_hashes.txt (OSX only) 2016-07-25 09:47:24 +02:00
Dirk Wetter 12c7af11c6 fixed hashes 2016-07-20 19:11:38 +02:00
Dirk Wetter 9b8fc2c6f0 rename old alg chacha/poly ciphers according to SSLlabs (#379 / https://github.com/PeterMosmans/openssl/issues/43) 2016-06-15 20:14:08 +02:00
Dirk 1fae394b04 2013 --> OLD for CHACHA/POLY ciphers 2016-06-13 21:38:02 +02:00