Commit Graph

1474 Commits

Author SHA1 Message Date
David Cooper 378f4439a3 testssl.sh hangs on local testing
In a few places testssl.sh tries to determine $OPENSSL s_client's capabilities by calling `$OPENSSL s_client` without specifying a host to which to connect. For example:
```
$OPENSSL s_client -no_ssl2 2>&1
```
This idea is that `$OPENSSL s_client` should reveal something about its capabilities without actually trying to connect to a host.

This works in most cases. However, the manual pages for s_client states:
```
-connect host:port
    This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.
```
So, the above call is actually trying to connect to the local host on port 4433. If the local host is running `$OPENSSL s_server`, then `$OPENSSL s_server` will by default be listening on port 4433, and the connection attempt will most likely succeed. Since the `OPENSSL s_client` command does not include a `< /dev/null`, the `OPENSSL s_client` will just hang waiting for additional input.

Adding `-connect x` to the `$OPENSSL s_client` prevents $OPENSSL from trying to connect to a host, but seems to still provide the necessary information about OpenSSL's capabilities.
2016-12-20 14:02:29 -05:00
David Cooper 4af01a6c1b test_just_one() sockets
This PR implements `test_just_one()` in a similar manner to `run_allciphers()`
2016-12-20 13:14:40 -05:00
David Cooper 1a7d1f73d2 Mark export ciphers in run_rc4()
This PR adds ",exp" to the bits column when `run_rc4()` is run in the "--wide" mode and the cipher is an export cipher. This makes the wide mode of `run_rc4()` align with other functions, such as `run_allciphers()`.
2016-12-20 13:11:03 -05:00
David Cooper 9f8aff5758 Merge branch '2.9dev' into run_pfs_sockets 2016-12-20 08:50:59 -05:00
Dirk ea7edaf59f - unify timeout msgs on the console 2016-12-20 14:17:14 +01:00
David Cooper 2db0894ae6 Merge branch '2.9dev' into run_pfs_sockets 2016-12-19 09:09:45 -05:00
Dirk Wetter 8e9a8faca4 Merge pull request #541 from dcooper16/run_cipher_per_proto_sockets
run_cipher_per_proto() speedup + sockets
2016-12-17 12:17:45 +01:00
Dirk Wetter 95615fd6c3 Merge pull request #564 from dcooper16/test_just_one_alignment
Fix alignment problem in test_just_one()
2016-12-17 12:11:16 +01:00
David Cooper 7fa6455b83 Fix typo 2016-12-16 11:30:34 -05:00
David Cooper 412fea2c38 Fix alignment problem in test_just_one()
When `test_just_one()` uses `neat_list()` with a cipher that is not available and that uses DH for key exchange, the columns do not line up correctly. `test_just_one()` adds "TBD" in gray to "DH", and while `neat_list()` tries to adjust for the presence of color codes, it doesn't seem to correctly handle the gray color code here.

Rather than try to fix this in `neat_list()`, I propose to just remove the "TBD". Adding it is inconsistent with other functions (like `run_allciphers()`), and it seems inappropriate, since there is nothing "to be determined," as the cipher suite isn't supported by the server.

If adding "TBD" were appropriate anywhere, it would seem to be in cases in which the server does support the cipher, but the number of bits in the ephemeral key couldn't be determined because the version of OpenSSL being used can't show DH/ECDH bits. (Not that I'm proposing this. I think the one-line warning, "(Your $OPENSSL cannot show DH/ECDH bits)", is enough.

Here is an example of `test_just_one()` with some ciphers not supported by the server that use DH key exchange:

```
 Testing single cipher with word pattern "CAMELLIA" (ignore case) 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits     Cipher Suite Name (RFC)
---------------------------------------------------------------------------------------------------------------------------
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH TBD   Camellia  256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384           not a/v
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH TBD   Camellia  256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384         not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH TBD   Camellia  256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH TBD   Camellia  256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 xc2     DH-RSA-CAMELLIA256-SHA256         DH/RSA     Camellia  256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256              not a/v
 xc1     DH-DSS-CAMELLIA256-SHA256         DH/DSS     Camellia  256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256              not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia  256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA                available
 x87     DHE-DSS-CAMELLIA256-SHA           DH TBD   Camellia  256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA                not a/v
 x86     DH-RSA-CAMELLIA256-SHA            DH/RSA     Camellia  256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA                 not a/v
 x85     DH-DSS-CAMELLIA256-SHA            DH/DSS     Camellia  256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA                 not a/v
 xc5     ADH-CAMELLIA256-SHA256            DH TBD   Camellia  256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 x89     ADH-CAMELLIA256-SHA               DH TBD   Camellia  256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA                not a/v
 xc079   ECDH-RSA-CAMELLIA256-SHA384       ECDH/RSA   Camellia  256      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384            not a/v
 xc075   ECDH-ECDSA-CAMELLIA256-SHA384     ECDH/ECDSA Camellia  256      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384          not a/v
 xc0     CAMELLIA256-SHA256                RSA        Camellia  256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256                 not a/v
 x84     CAMELLIA256-SHA                   RSA        Camellia  256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                    not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH TBD   Camellia  128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH TBD   Camellia  128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256         not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH TBD   Camellia  128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH TBD   Camellia  128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 xbc     DH-RSA-CAMELLIA128-SHA256         DH/RSA     Camellia  128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256              not a/v
 xbb     DH-DSS-CAMELLIA128-SHA256         DH/DSS     Camellia  128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256              not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia  128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA                available
 x44     DHE-DSS-CAMELLIA128-SHA           DH TBD   Camellia  128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA                not a/v
 x43     DH-RSA-CAMELLIA128-SHA            DH/RSA     Camellia  128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA                 not a/v
 x42     DH-DSS-CAMELLIA128-SHA            DH/DSS     Camellia  128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA                 not a/v
 xbf     ADH-CAMELLIA128-SHA256            DH TBD   Camellia  128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 x46     ADH-CAMELLIA128-SHA               DH TBD   Camellia  128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA                not a/v
 xc078   ECDH-RSA-CAMELLIA128-SHA256       ECDH/RSA   Camellia  128      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256            not a/v
 xc074   ECDH-ECDSA-CAMELLIA128-SHA256     ECDH/ECDSA Camellia  128      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256          not a/v
 xba     CAMELLIA128-SHA256                RSA        Camellia  128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256                 not a/v
 x41     CAMELLIA128-SHA                   RSA        Camellia  128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                    not a/v
```
2016-12-16 10:15:05 -05:00
David Cooper 8b6b308b30 Merge branch '2.9dev' into run_pfs_sockets 2016-12-14 16:10:27 -05:00
David Cooper 87d4063abf Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-14 16:07:42 -05:00
Dirk Wetter 576d0f7412 Merge pull request #563 from AlGreed/2.9dev
Avoidance of escape characters in JSON and CSV reports
2016-12-14 21:45:44 +01:00
AlGreed ee74fe0b25 Merge branch 'drwetter/2.9dev' into 2.9dev 2016-12-14 20:59:13 +01:00
AlGreed 8d285a8696 reverted color=0 for json and csv formats; rewrote strip_quote to cross platform variant. 2016-12-14 20:55:17 +01:00
Dirk Wetter 46e9cf7b8c Merge pull request #555 from dcooper16/ec_curve_strengths
Align elliptic curve lengths with OpenSSL
2016-12-14 20:35:38 +01:00
AlGreed 520966f776 color=0 for json and csv formats to avoid escape characters in a report 2016-12-14 12:09:23 +01:00
AlGreed 98d7d25aa1 Merge branch 'drwetter/2.9dev' into 2.9dev 2016-12-14 11:26:03 +01:00
David Cooper 276731082f Merge branch '2.9dev' into run_pfs_sockets 2016-12-13 08:44:59 -05:00
David Cooper a3158be963 Merge branch '2.9dev' into ec_curve_strengths 2016-12-13 08:44:07 -05:00
David Cooper 6b1b25a4b1 Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-13 08:40:47 -05:00
Dirk f30dab9e2f cosmetic improvement to #551 2016-12-13 12:38:20 +01:00
Dirk Wetter 7f3b1de737 Merge pull request #551 from dcooper16/parse_sslv2_fix
Don't parse SSLv2 ServerHello unless successful response
2016-12-13 12:28:26 +01:00
Dirk Wetter 156af69dc2 Merge pull request #560 from sdann/2.9dev
Add support for testing postgres protocol over TLS/SSL
2016-12-13 08:53:30 +01:00
Steven Danneman 461f956603 Add support for testing postgres protocol over TLS/SSL
The Postgres protocol uses STARTTLS with a custom start packet. This
functionality is supported by openssl s_client in the current openssl
master branch but not yet in any released version.

This patch detects whether the given openssl binary supports postgres
and runs the default tests against a postgres server.

Example of no openssl support:

    ~/bin/testssl$ ./testssl.sh --quiet
    --openssl=/opt/openssl/openssl-1.1.0c/bin/openssl --starttls=postgres
    test.postgres.server.com:5432

     Start 2016-12-07 18:03:24    -->> ip.add.re.ss:5432
    (test.postgres.server.com:5432) <<--

    Fatal error: Your /opt/openssl/openssl-1.1.0c/bin/openssl does not
    support the "-starttls postgres" option

Example of openssl support:

    ~/bin/testssl$ ./testssl.sh --quiet
    --openssl=/opt/openssl/openssl-2016-12-07/bin/openssl --startt ls=postgres
    test.postgres.server.com:5432

     Start 2016-12-07 18:06:03    -->> ip.add.re.ss:5432
    (test.postgres.server.com:5432) <<--

     Service set:            STARTTLS via POSTGRES

     Testing protocols (via openssl, SSLv2 via sockets)

     SSLv2               not offered (OK)
     SSLv3               offered (NOT ok)
     TLS 1               offered
     TLS 1.1             offered
     TLS 1.2             offered (OK)
     SPDY/NPN            (SPDY is an HTTP protocol and thus not tested here)
     HTTP2/ALPN          (HTTP/2 is a HTTP protocol and thus not tested
    here)
    ...
2016-12-12 12:05:11 -08:00
David Cooper 953d02b61c Merge branch '2.9dev' into run_pfs_sockets 2016-12-12 09:49:05 -05:00
David Cooper 78813ee707 Merge branch '2.9dev' into ec_curve_strengths 2016-12-12 09:47:58 -05:00
David Cooper 2a9668c000 Updated based on @typingArtist's suggesting 2016-12-12 09:38:20 -05:00
David Cooper 55436eec68 Merge branch '2.9dev' into parse_sslv2_fix 2016-12-12 09:25:45 -05:00
David Cooper 3deaa0b167 Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-12 09:22:48 -05:00
Dirk d14b24e832 regression fix #290, see #549 2016-12-11 18:15:36 +01:00
Dirk Wetter 6380121acc Merge pull request #542 from dcooper16/run_rc4_sockets
run_rc4() sockets implementation
2016-12-10 23:49:08 +01:00
Dirk Wetter da5afd2e0a Merge pull request #553 from dcooper16/fix_read_cipher_mapping
Fix bug in reading of cipher mapping file
2016-12-10 13:01:07 +01:00
David Cooper 97652e64e0 run_pfs() speedup + sockets
This PR implements `run_pfs()` in a manner similar to `run_allciphers()`. It uses OpenSSL followed by `tls_sockets()` to test for both supported PFS cipher suites as well as elliptic curves offered.

I made an attempt at addressing #548 by using different colors to print the different curve names, depending on strength. The colors chosen are exactly the same as those that would be chosen by `read_dhbits_from_file()`:
```
     # bits <= 163:       pr_svrty_medium
     163 < # bits <= 193: pr_svrty_minor
     193 < # bits <= 224: out
     # bits > 224:        pr_done_good
```

I also added code for #464 to create a list of the DH groups from RFC 7919 that a server supports. However, since no servers seem to support this at the moment (except with TLS 1.3), I marked this code to only run if the $EXPERIMENTAL flag is set.
2016-12-08 12:36:45 -05:00
David Cooper 6d93bff835 Align elliptic curve lengths with OpenSSL
For several elliptic curves the number of bits, as indicated by OpenSSL, is slightly different than the name implies. For example, for sect239k1 OpenSSL outputs: `Server Temp Key: ECDH, sect239k1, 238 bits`.

This PR aligns the output created by `parse_tls_serverhello()` with OpenSSL.
2016-12-08 10:19:57 -05:00
David Cooper bceca2a89e Fix bug in reading of cipher mapping file
When the cipher-mapping.txt file is read, the contents of the "Mac=..." column is placed in `TLS_CIPHER_EXPORT` rather than the contents of the "export" column. This PR fixes that.
2016-12-06 17:18:18 -05:00
David Cooper 8b9bc3ca2c Don't parse SSLv2 ServerHello unless successful response
This PR is a proposed alternative to #537. It only attempts to extract the certificate and list of ciphers from the SSLv2 ServerHello is `ret=3`.
2016-12-06 11:23:01 -05:00
David Cooper 48e1e5e1a5 Merge branch '2.9dev' into run_rc4_sockets
Conflicts:
	testssl.sh
2016-12-05 09:10:51 -05:00
David Cooper d27d48491f Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-05 08:57:16 -05:00
AlGreed 742ad1920f Merge branch 'drwetter/2.9dev' into 2.9dev 2016-12-03 19:43:21 +01:00
Dirk 72a96f64e4 Merge branch 'AlGreed-2.9dev' into 2.9dev 2016-12-03 13:40:08 +01:00
Dirk 62a40f747e Merge branch '2.9dev' of https://github.com/AlGreed/testssl.sh into AlGreed-2.9dev
Conflicts:
	testssl.sh
2016-12-03 13:39:50 +01:00
David Cooper e2613303ea Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-02 13:35:21 -05:00
David Cooper 93b5a5c595 Merge branch '2.9dev' into run_rc4_sockets 2016-12-02 13:32:43 -05:00
Dirk Wetter e67d3646e9 Merge pull request #546 from dcooper16/drown_and_non_RSA_certs
run_drown() when server has non-RSA certificates
2016-12-02 17:10:16 +01:00
David Cooper e7eac77be4 run_drown() when server has non-RSA certificates
This PR address a problem in `run_drown()` when the server does not support SSLv2, but does support multiple certificates or doesn't have an RSA certificate.

One example of the problem can be seen with www.facebook.com. If `run_server_preferences()` is run before `run_drown()`, then the results of `run_drown()` are:
```
 DROWN (2016-0800, CVE-2016-0703)          not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 SHA256 A3F474FB17509AE6C5B6BA5E46B79E0DE6AF1BF1EEAA040A6114676E714C9965 could help you to find out
```
If only `run_drown()` is performed, then the result is:
```
 DROWN (2016-0800, CVE-2016-0703)          not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 could help you to find out
```
However, A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 is the fingerprint of Facebook's ECDSA certificate, not its RSA certificate.

In addition, as noted in the "FIXME," `run_drown()` will display the warning "make sure you don't use this certificate elsewhere with SSLv2 enabled services" even if the server doesn't have an RSA certificate, even though SSLv2 can only use RSA certificates.

This PR fixes this issue by only showing the warning if the server has an RSA certificate and by ensuring that the `$cert_fingerprint_sha2` used to construct the "https://censys.io/ipv4?q=..." URL only contains a single SHA256 fingerprint and that it is the fingerprint of the server's RSA certificate.
2016-12-02 10:16:04 -05:00
AlGreed 9eba15834e Merge remote-tracking branch 'drwetter/2.9dev' into 2.9dev 2016-12-01 23:52:51 +01:00
David Cooper 33baf66703 Merge branch '2.9dev' into run_rc4_sockets 2016-12-01 13:29:13 -05:00
David Cooper b79abd969a Merge branch 'run_cipher_per_proto_sockets' of https://github.com/dcooper16/testssl.sh into run_cipher_per_proto_sockets 2016-12-01 13:26:27 -05:00
David Cooper f2dae8efaf Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-01 13:24:36 -05:00