Commit Graph

2972 Commits

Author SHA1 Message Date
Dirk Wetter 0633ca595d
Merge pull request #904 from dcooper16/negotiated_proto_and_cipher
Add TLSv1.3 support for negotiated protocol and cipher
2017-11-27 12:42:29 +01:00
Dirk d840209b2b don't run as root 2017-11-25 18:19:52 +01:00
Dirk 0896c901db fix problem with servers which return gzip encoded body
Some servers like the one from the satire magazine "focus.de"
choose to return gzip encoded body during run_http_haders().
This has led sometimes to misintepretation that an IPv4 address
is present in the header.

This commit fixes that by telling the server not to want a gzipped
response and if still returned grep properly the return.
2017-11-25 17:55:55 +01:00
Dirk 47409a32d6 delayed commit for file prefix
Also added David
2017-11-24 23:13:38 +01:00
Dirk d1e7498458 Increase STARTTLS_SLEEP for lame servers
.. as otherwise the connection will be tore down too early.
It doens't cost anything for faster servers as it is the max
time to wait.
2017-11-24 22:55:13 +01:00
Dirk f2b37c767d Remove output of ticketbleed for STARTTLS 2017-11-24 22:43:35 +01:00
Dirk e9aaae0d46 remove any spdy + alpn output for STARTTLS
... as it's being done all other places
2017-11-24 22:39:18 +01:00
Dirk 9fe02e45fa Add robustness to STARTTLS+sockets
When testing servers which fall back after succeeding the STARTTLS handshake
to the underlying protocol (smtp, ftp etc.) there was often misleading output
=not available instead of notifying the user that there's a problem.

Now it is being tested in parse*serverhello() functions whether the first
by resembles a 5XX code and STARTTLS is supposed to be tested and then
passes an error code back to the caller , i.e. tls_sockets() and then
run_protocols(). Also other error code after the handshake are passed
better.

This is only an addition to the top level function run_protocols().
We might want to look into other top level functions too
2017-11-24 19:28:55 +01:00
Dirk ad97b6fc4e Polish screen output "protos" not offered
In scenarios where --ssl-native was chosen AND the
openssl binary wasn't supporting the protocol
there were two warnings. This has been addressed.

Also tls_sockets() can return different values -- for now: 6 -- as
tested by the caller in run_protocols. In order to make
it more robust a fixme statement was added so that the
user becomes iat least aware of it.
2017-11-24 16:21:06 +01:00
Dirk 778a7cc12d Fix change of warning logic (no protos offered)
After changing the logic from $PROTOS_OFFERED
contaning each protocol detected to $PROTOS_OFFERED
contaning each protocol + colon yes or no there
wasn't a change for the sanity check that no protocols
are offered. This fixes it.
2017-11-24 15:15:50 +01:00
David Cooper 5c54f976e8
Add TLSv1.3 support for negotiated protocol and cipher
This PR adds TLSv1.3 support for the negotiated protocol and cipher in run_server_preference(). This mostly addresses #893, however, run_server_preference() will not work with a TLSv1.3-only server as it will fail when trying to determine whether the server has a cipher order.

Note that with this PR run_server_preference() will not always provide consistent results when testing a server that does not support TLSv1.3 using a version of OpenSSL prior to 1.1.1. If it is determined before running run_server_preference() (using run_protocols()) that the server does not support TLSv1.3, then run_server_preference() will using OpenSSL to determine the negotiated protocol and cipher. However, if it has not yet been determined that the server does not support TLSv1.3, then run_server_preference() will use tls_sockets(), which tries to simulate OpenSSL 1.1.1. Since the list of cipher lists sent will differ the negotiated cipher will sometimes differ. In addition, when a cipher suite that uses an ephemeral ECDH key is selected, the negotiated curve is sometimes different.
2017-11-21 16:14:04 -05:00
Dirk Wetter e0a5050553
Merge pull request #903 from dcooper16/fix_901
Fix #901
2017-11-21 15:36:18 +01:00
David Cooper c65a352dcf Fix #901
This PR fixes #901. When $OPENSSL_TIMEOUT is set and mass testing is being performed, this PR changes find_openssl_binary() so that only child instances modify $OPENSSL to add the call to timeout.

This PR also changes the warning in case $OPENSSL_TIMEOUT is set and the timeout binary cannot be found so that the warning message is printed even if $WARNINGS is "off" or "batch".
2017-11-20 13:38:12 -05:00
Dirk 77fc111b13 put new socksend() into production
FIX #902.

Performance improvements LAN (just one shot):

```
	58 / 50
	52 / 44
	53 / 47
	143 / 137
	63 / 53
	48 / 43
```

WAN:

```
	89 / 77
	88/ 67
	234 / 231
	67 / 63
	84 / 81

```
2017-11-20 16:33:40 +01:00
Dirk 209b21c817 fix travis in cce48a34d0 2017-11-19 23:13:33 +01:00
Dirk cce48a34d0 New socksend(), json flat: scan time
There's a new socksend() function which gives up to 8% performance
benefit (LAN) as is saves 3 sed and 1 tr command in every socksend call.
It has not been put in production yet as it shows a problem in ticketbleed
check and it is late and I call it a day ;-) and resolve that later (see #902).

For performance tests it's quite handy to also have in the flat json format
a footer with time consumed for each run. fileout_json_footer() was
patched accordingly.
2017-11-19 20:44:06 +01:00
Dirk Wetter 9949be750d
Merge pull request #900 from dcooper16/fix_heartbleed
Fix run_heartbleed()
2017-11-19 18:27:03 +01:00
Dirk fd4e5469fe changed output in CAA and OCSP stapling
... from "--" to "not offered". Reason: e.g. on a white
terminal background it is hard to detect that there's
an output. Also "not offered" is more consistent with
the value of protocol checks.
2017-11-19 17:11:22 +01:00
Dirk f20ce1a0f8 replace old school grep/sed/sort in certificate_info() 2017-11-19 17:02:24 +01:00
Dirk 5854607d60 label:experimental 2017-11-19 16:48:05 +01:00
David Cooper 9db0a8f78c
Fix run_heartbleed()
When the server's response to the ClientHello message (i.e., the ServerHello, Certificate, ServerHelloDone) is split across more than one packet, the current call to tls_sockets() in run_heartbleed() only retrieves the first packet. As a result, sometimes when run_heartbleed() believes that it is reading the response to the Heartbleed payload it is actually reading the continuation of the response to the ClientHello message.

This PR fixes the problem by indicating in the call to tls_sockets() that the ephemeral key is needed. This causes tls_sockets() to continue requesting additional packets until it receives the ServerHelloDone.
2017-11-17 16:15:37 -05:00
Dirk fb3aa6ad7f fix for filename output beginnng with .
There was an error in e450eb34e4
which addressed #846 which lead to the problem that an output filename
could start with a "." if no FNAME_PREFiX and if just --html, --csv
or --log or --json* was supplied.

This commit fixes the problem.
2017-11-17 22:09:56 +01:00
Dirk 98f4f28017 FIX #898
fix escaping of debugging output.  credits to @dcooper16
2017-11-17 20:56:18 +01:00
Dirk Wetter 52809d0800
Merge pull request #899 from dcooper16/yet_another_ossl111_fix
Yet another fix for OpenSSL 1.1.1
2017-11-17 20:21:28 +01:00
Dirk c7a0de1280 fixed missing ps
and removed additional packages for dns clients
2017-11-16 21:16:06 +01:00
David Cooper 7219f16c2a
Yet another fix for OpenSSL 1.1.1
When the certificate signature algorithm is RSA-PSS and OpenSSL 1.1.1 is used $cert_sign_algo contains some trailing space characters, which causes the algorithm not to be recognized in the case statement. This PR fixes the problem by removing any trailing space characters from $cert_sign_algo.
2017-11-16 14:22:56 -05:00
Dirk 54b9119162 FIX #897 2017-11-16 01:07:26 +01:00
Dirk 7ec0d7ffb7 Polish #846, correct level for OCSP and GOST 2017-11-14 20:50:14 +01:00
Dirk e450eb34e4 FIX #846 -- add output filename prefix
This commit adds the possibility to supply a output
file name prefix via --outprefix or FNAME_PREFIX
2017-11-14 19:41:25 +01:00
Dirk Wetter 1a7b761f5b
Merge pull request #688 from dr4y/2.9dev
Dockerfile for testssl.sh
2017-11-14 17:39:43 +01:00
Dirk 6ce2a98637 updated
with TLS 1.3 and forgotten improvements so far.
Add interesting projekt privacyscore.
2017-11-14 13:52:13 +01:00
Dirk 2379af5a5f Rearranged credits
David needs really really to come first.
The remaining contributors now in alphabtical order
2017-11-14 13:49:27 +01:00
Dirk Wetter ea86884e05
Merge pull request #895 from dcooper16/heartbleed_tls_sockets
Use tls_sockets() for run_heartbleed()
2017-11-13 16:20:47 +01:00
David Cooper 07d6aa8e60 Use tls_sockets() for run_heartbleed()
This PR changes run_heartbleed() to use tls_sockets() to send the ClientHello and to read the ServerHello.
2017-11-08 08:51:20 -05:00
Dirk Wetter db9000a955
Merge pull request #894 from dcooper16/fix_std_cipherlists_false_positives
Fix false positive in std_cipherlists()
2017-11-08 08:46:30 +01:00
David Cooper fdfaa01946
Fix false positive in std_cipherlists()
This PR fixes a false positive in std_cipherlists(). Currently, sclient_success is not initialized (so it initially set to 0). If a server is being tested that only supports TLSv1.3, the --ssl-native option is not used, and run_protocols() is run before run_std_cipherlists(), then for many of the calls to std_cipherlists() no tests are run and so sclient_success remains at its initial value (0), which is treated as success (i.e., the server supports at least one of the ciphers in the list).

The reason this happens is that in the testing loop, the TLSv1.3 test is skipped if the list of ciphers doesn't include any TLSv1.3 ciphers (and only the "Strong encryption" test includes TLSv1.3 ciphers) and the tests for each of lower versions of SSL/TLS is skipped since it was already determined in run_protocols() that those versions weren't supported.
2017-11-07 11:53:49 -05:00
Dirk Wetter 3c427c31a0
Remove Matt's pointer to the image
... until it is more up to date
2017-11-06 21:56:06 +01:00
Dirk 5bd8cb08ba fix #892 (trailing dot in supplied hostname)
... and do minor updates to do bash internal functions in ``parse_hn_port()``
2017-11-05 22:41:11 +01:00
Dirk 000f957646 minor changes on TLS 1.3 protocol tests (see #890) 2017-11-05 20:30:18 +01:00
Dirk Wetter b613f3fcf0
Merge pull request #889 from dcooper16/run_pfs_tls13
Add TLSv1.3 support for run_pfs()
2017-11-05 14:40:06 +01:00
Dirk Wetter a9c0804749
Merge pull request #890 from dcooper16/run_protocols_tls13
Add TLSv1.3 support for run_protocols()
2017-11-05 14:39:40 +01:00
David Cooper a75617cfdb Add TLSv1.3 support for run_protocols()
This PR adds a check for TLSv1.3 support to run_protocols(), checking for support for the final version of TLSv1.3 (0x0304) as well as drafts 18, 19, 20, and 21 (0x7F12, 0x7F13, 0x7F14, and 0x7F15).
2017-11-02 17:22:04 -04:00
David Cooper dd58fbb9aa
Add public keys
Add the public keys corresponding to the key pairs in TLS13_KEY_SHARES.
2017-11-02 11:44:29 -04:00
David Cooper cd6c84bfd3
Add a secp224r1 key pair 2017-11-02 11:30:24 -04:00
David Cooper a102ee8fb6
Add TLSv1.3 support for run_pfs()
This PR adds TLSv1.3 support for run_pfs().
2017-11-02 11:28:09 -04:00
Dirk 9daec2a515 Add "auto" keyword to -oA/-oa (FIX #887)
File names are now auto-generated by using "-oA auto" / -oa "auto"
--similar to --csv and friends.

Also the formerly hidden switches --outFile and --outfile were added in the
help and in the manual.
2017-11-01 09:58:52 +01:00
Dirk 9b7000e87e Final check to make sure fileout and pr*warning correlates
Made sure that if fileout has a WARN or DEBUG flag it is
consistent with pr*warning. FIX #518
2017-10-31 12:23:16 +01:00
Dirk 2aeabd19b2 Better clarification on bit size and encryption strength
Fix #770
2017-10-31 12:00:09 +01:00
Dirk 278202ace9 FIX #848 -- determine tls date only when instructed
Former code implied a determination of the TLS time in
every call of tls_sockets() despite the fact that the
value is only needed at one point in the run.

This removes this behaviour by introducing another global
boolean switch TLS_DIFFTIME_SET which determines whether
the additional cost will be paid or not.

The gain in execution time is a bit meager though. At
most it seems it's 1-3 seconds.
2017-10-31 11:27:19 +01:00
Dirk dca4da4736 FIX #884, FIX #885
For servers with client authentication one would need to supply a x509
certificate to check session resumption by ID or ticket. This is not (yet?)
supported in testssl.sh.

This commit fixes the misleading error message so that it is clear what the
problem is.
2017-10-30 18:41:19 +01:00