Commit Graph

2900 Commits

Author SHA1 Message Date
Dirk 36247fecf2 fix no-DNS related error in documentation 2018-04-12 01:19:02 +02:00
Dirk 4370cb9aa1 no-DNS fixes
Add equal sign parser for command line fix. Readjust help to not-square
brackets as values are not optional (anymore)
2018-04-12 01:11:23 +02:00
Dirk 2a4de68c59 Merge branch 'nodns-935' into 2.9dev 2018-04-12 01:06:33 +02:00
Dirk 9f0e442b9f remove some no-DNS related logic
... from "Further IP addresses" and before calling ``get_aaaa_record``
in ``determine_ip_addresses()``. Logic appeared needlessly to difficult
and was as far as the "Further IP addresses" line was concerned incomplete.
2018-04-12 00:53:26 +02:00
Dirk 557942cb0a Change logic and add conservative value for -n/--nodns (#935)
This PR changes the logic the no-DNS switch works. The switch
now expects a value. "min" does minimum lookups, "none" does
no lookups at all (details see testssl.sh(1) ). "none" is
equivalent to the paranoid (boolean) value "true" before.
2018-04-12 00:19:52 +02:00
David Cooper cd8ceae80e Add curve information to SSL native client simulations
When performing client simulations in "--ssl-native" mode, provide the client's list of supported curves to "$OPENSSL s_client" in order to make the results even more accurate.
2018-04-11 13:48:40 -04:00
David Cooper 39db50eea2 Improve SSL native client simulation
This PR improves client simulation in "--ssl-native" mode:

* It changes ${protos[i]} to list the protocols that should be disabled rather than those that should be enabled, except in the case that the client only supports one protocol.

* It sets the values for ${tlsvers[i]}, which is used in run_client_simulation(), but was not defined.

* It adds a new variable, ${ciphersuites[i]}, that lists the TLSv1.3 cipher suites supported by a client.

Client simulation still produces false results in "--ssl-native" mode, but the results are better than before.
2018-04-10 16:57:24 -04:00
Dirk Wetter c357ea7356
Merge pull request #1030 from dcooper16/fix_dh_groups_output
Fix RFC 7919 DH groups
2018-04-10 18:47:23 +02:00
David Cooper 2c792fdc00
Fix RFC 7919 DH groups
This PR fixes three issues related to the testing for RFC 7919 DH groups in run_pfs():

* If the RFC 7919 DH groups are supported for both TLSv1.3 cipher suites and non-TLSv1.3 cipher suites, then the list of supported groups is printed twice.

* The finding that is used for CSV/JSON files includes the word "offered" after the list of groups, which is inconsistent with other findings.

* Since the $ffdhe_offered is only used to determine whether to test for use of RFC 7919 DH groups with non-TLSv1.3 ciphers, this flag should only be set if a non-TLSv1.3 ciphers that uses ephemeral DH is found.
2018-04-10 12:40:49 -04:00
Dirk Wetter a0c17fda9f
Merge pull request #1029 from knweiss/typos
Fix typos found by codespell
2018-04-10 17:45:17 +02:00
Karsten Weiss eead9f62d9 Fix typos found by codespell 2018-04-10 17:37:04 +02:00
Dirk Wetter 7ac63ec84b
Merge pull request #1028 from dcooper16/fix_false_connectivity_problems
Fix false connectivity problem error
2018-04-10 17:18:12 +02:00
David Cooper d1782284f8
Fix false connectivity problem error
If OpenSSL reports an error, sclient_connect_successful() may incorrectly interpret it as a connectivity problem, leading testssl.sh to stop testing before it has completed.

When not using "--ssl-native" mode, this happens if $OPENSSL does not support SSLv3, as both get_server_certificate() and run_beast() will attempt to connect using SSLv3 even if $OPENSSL does not support it.

When using "--ssl-native" mode, this happens in multiple places if $OPENSSL does not support the protocol being used or if $OPENSSL does not support any of the ciphers that are specified in the command line.

This PR fixes the above problems by adding checks for protocol support or for support for at least one cipher before calling $OPENSSL.

run_client_simulation() also has a problem in "--ssl-native" mode of calling $OPENSSL with parameters that cause $OPENSSL to report an error, but this is already addressed by temporarily setting MAX_OSSL_FAIL to 100 during client simulation tests and then, after client simulation testing is complete, returning $MAX_OSSL_FAIL and $NR_OSSL_FAIL to the values they had before client simulation testing began.
2018-04-09 15:43:26 -04:00
Dirk eb3b3a1988 be more verbose what --warnings=batch means (see #1027) 2018-04-05 22:02:35 +02:00
Dirk 6b8f6f82c3 Fix comments in run_logjam, replace awk by bash internal match expr
``run_logjam()`` contained in certain cases additional quotes
and a typo where only the word comment ended up in JSON/CSV.

Instead of ``$(awk '/Master-Key: / { print $2 }' "$2")`` the
admittedly performance sensitive function ``sclient_connect_successful()``
contains now a bash internal match according to #997 . First
tests didn't show much benefit (only default run with mostly
sockets was tested).

Unit tests showed no problems so far, but coverage is low.
2018-03-28 19:46:55 +02:00
Dirk 1924c9a0a6 Connectivity problems, man page update
See previous commit

This commit finally fixes #1005 so that either a --ssl-native scan
terminates on the next (defined) occasion if there are network connectivity
problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL).
As "openssl s_client connect" is sometimes still being used without --ssl-native
it also shortens the wait for regular scans if an outage is encountered.
To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent.

For the seldom case that somebody uses --ssl-native with client checks an exception
had to be made as otherwise only MAX_OSSL_FAIL client check would be performed.
This hasn't been understood yet...

As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty
reply is returned, the same strategy of detecting problems is applied here,
using MAX_HEADER_FAIL and NR_HEADER_FAIL.

All three detection mechanisims share a new function connectivity_problem().
2018-03-28 17:48:04 +02:00
Dirk baabf2a61e Connectivity problems, readd some CVEs+CWEs
This commit finally fixes #1005 so that either a --ssl-native scan
terminates on the next (defined) occasion if there are network connectivity
problems. It introduces another set of variables (MAX_OSSL_FAIL vs. NR_OSSL_FAIL).
As "openssl s_client connect" is sometimes still being used without --ssl-native
it also shortens the wait for regular scans if an outage is encountered.
To make things easier bot sets (incl. *_SOCKET_FAIL) of variables are independent.

For the seldom case that somebody uses --ssl-native with client checks an exception
had to be made as otherwise only MAX_OSSL_FAIL client check would be performed.
This hasn't been understood yet...

As sometimes HTTP header requests (over OpenSSL) fail repeatedly in a way that an empty
reply is returned, the same strategy of detecting problems is applied here,
using MAX_HEADER_FAIL and NR_HEADER_FAIL.

All three detection mechanisims share the new function connectivity_problem().

In addition unit tests showed that some vulnerability checks lost their
CVEs+CWEs whcich have been readded. For ROBOT a CVE was added (F5)
2018-03-28 17:28:55 +02:00
Dirk 991521957d housekeeping and FIX #406 2018-03-28 11:46:53 +02:00
Dirk Wetter 653827cfe1
Merge pull request #1024 from dcooper16/fix_client_simulation
Fix client simulations
2018-03-27 09:10:55 +02:00
David Cooper 72e7259ab2
Fix client simulations
parse_tls_serverhello() checks $TLS_CLIENT_HELLO for a supported_versions extension, and if it contains one, checks that the negotiated version is listed in that extension. However, while $TLS_CLIENT_HELLO is always set in socksend_tls_clienthello() it is not set by client_simulation_sockets() (or any of the functions that client_simulation_sockets() calls). As a result, when the server's response to a client simulation is parsed, parse_tls_serverhello() may compare the negotiated version against the supported_versions extension from a ClientHello message from a previous test.

This PR fixes the problem by having client_simulation_sockets() set $TLS_CLIENT_HELLO.
2018-03-26 09:43:51 -04:00
Dirk 224d851f7b workaround for missing date format conversion (OpenBSD) in http date 2018-03-24 19:37:05 +01:00
Dirk 7c015c5a13 Dealing with OpenSSL connect problems (part1, framework)
In addition to 080840f655 and to
address #1005 eventually this is the first part of dealing
with connectivity problems. As opposed to the commit mentioned
above this is the counterpart for openssl which is useful for
just normal usage and for using --ssl-native.

It adds another global MAX_OSSL_FAIL (preset to 2) representing
a threshold how many unsucessful openssl connections are needed to
quit the whole scan. It should again reduce scan time in those
cases.

This is the framework part in sclient_connect_successful() which
is mainly commented out. The hooks will follow soon.
2018-03-22 16:59:57 +01:00
Dirk 4a24454880 FIX #1021 and make testssl.sh work again ;-( 2018-03-21 15:00:16 +01:00
Dirk ffd89f8dea Address 4xx after STARTTLS handshake seems to have succeeded
In certain cases (see e.g. #939) the server side "kind of" falls back
from a TLS channel to the underlying plaintext STARTTLS with a 5xx
or 4xx.

This PR adds the detection of 4xx for all protocols (if STARTTLS has been
used) and labels the detection as "likely not av" (and keeps the warning). This
leads to two JSON/CSV objects in those cases.

The detection isn't quite perfect as the issue #939 shows the first
TLS message fragment resembles a TLS alert.

As noticed it also removes the recommendation to increase the
debug level if the level is already sufficient.
2018-03-21 12:36:25 +01:00
Dirk 50f7c93046 missing HSTS in JSON had wrong severity
FIX #1010 where a missing HSTS header lead to HIGH severity
whereas screen output was on info level.

In order to emphasize the importance of HSTS a missing header
flag will now be slighly penalized. To be in line with HSTS=0
the latter needed to be readjusted to medium as well.

As suggested by krissi for better readability a missing HSTS
header will now be 'not offered' instead of '--' on screen.
2018-03-21 10:08:38 +01:00
Dirk Wetter 83b09067a4
Merge pull request #1017 from dcooper16/fix1013
Fix #1013
2018-03-21 09:35:35 +01:00
Dirk Wetter 27b217b301
Merge pull request #1020 from dcooper16/ossl_ver_appendix
Fix OSSL_VER_APPENDIX
2018-03-19 16:52:20 +01:00
David Cooper abff65bf99
Fix OSSL_VER_APPENDIX
This PR changes find_openssl_binary() so that $OSSL_VER_APPENDIX contains everything from $OSSL_VER that appears after $OSSL_VER_MAJOR.$OSSL_VER_MINOR.
2018-03-19 11:35:53 -04:00
David Cooper 0f7a49e2a3 Fix #1013
This PR fixes the issue raised in #1013. It primarily does this in two ways:

* In calls to `$OPENSSL s_client` that specify ciphers, the TLSv1.3 ciphers are provided separately using the `-ciphersuites` option. Then, the `s_client_options()` function manipulates the command-line options as necessary based on the version of OpenSSL being used.

* Calls to `$OPENSSL ciphers` were replaced with calls to `actually_supported_ciphers()`, which calls `$OPENSSL ciphers`. `actually_supported_ciphers()` modifies the parameters for the call to `$OPENSSL ciphers` as necessary, based on the version of OpenSSL being used.
2018-03-19 11:26:31 -04:00
Dirk Wetter a7d195fb89
Merge pull request #1018 from dcooper16/fix1015
Fix #1015
2018-03-19 16:15:49 +01:00
Dirk Wetter 2c8bdcd205
Merge pull request #1019 from dcooper16/ossl_ver
Extracting OpenSSL version information
2018-03-19 16:13:47 +01:00
David Cooper aa72fa839c
Extracting OpenSSL version information
When using testssl.sh with the current development branch of OpenSSL 1.1.1, determine_trust() incorrectly reports that "/openssl <= 1.0.2 might be too unreliable to determine trust." The problem is that find_openssl_binary() is not correctly extracting the version information. The version is "1.1.1-pre3-dev," but find_openssl_binary() extracts:

   OSSL_VER_MAJOR: 1
   OSSL_VER_MINOR: 1.13
   OSSL_VER_APPENDIX: -pre-dev

This PR fixes the problem and also eliminates the use of external functions in extracting version information for $OSSL_VER.

Note that this code makes a change from the current code. Currently, $OSSL_VER_APPENDIX is intended to contain anything from $OSSL_VER that comes after $OSSL_VER_MAJOR.$OSSL_VER_MINOR. For example, if $OSSL_VER is 1.1.0-dev, then  $OSSL_VER_APPENDIX is "-dev". In this PR, the "-dev" is dropped and so does not appear in $OSSL_VER_MAJOR, $OSSL_VER_MINOR, or $OSSL_VER_APPENDIX. The reason for this is that testssl.sh is only using $OSSL_VER_APPENDIX in cases in which $OSSL_VER_MAJOR.$OSSL_VER_MINOR is 0.9.8 to determine whether 0.9.8a - 0.9.8l or 0.9.8m - 0.9.8z. So, it seems that testssl.sh isn't interested in things such as "-dev" or "-pre3-dev".

If desired, this PR could be changed to that $OSSL_VER_APPENDIX contains everything in $OSSL_VER that appears after $OSSL_VER_MAJOR.$OSSL_VER_MINOR.
2018-03-19 10:59:26 -04:00
David Cooper 4c946bfd49
Fix #1015
This PR fixes #1015 by adding underscore ('_') to the list of characters that may appear in a domain name label. a178f3e183 already addressed this for the check of whether the Common Name field in a certificate is a DNS name. This PR fixes it for checks of whether a domain name is a wildcard name and whether the server's host name is a wildcard match against a name in a certificate.
2018-03-19 09:40:15 -04:00
Dirk a178f3e183 relax host+domain names to contain underscore, see #1015 2018-03-18 23:38:23 +01:00
Dirk c91a771465 FIX #1009 and leftover fix for #988
In cases where HTTP/2 was the only ALPN protocol, the
JSON output was missing the finding as the additional
protocol was empty.

This fix tests whether there's an additional protcol
and only calls fileout() if there's one.
2018-03-17 20:37:00 +01:00
Dirk 4eb6ab5976 better naming of variables from previous commit 2018-03-17 19:44:40 +01:00
Dirk 377bde14cc Fixes ssl-native and LOGJAM: no common primes
When testssl.sh was using -ssl-native and the local openssl version
didn't support any DH ciphers the deliberately lazy approach was to
not complete the second part of the test: check for common primes.
This is a FIX for issue #1016.
2018-03-17 15:40:28 +01:00
Dirk Wetter f6dc501aed
Merge pull request #1014 from dcooper16/tls13_cipher_pre_check
Check for TLSv1.3 in OpenSSL
2018-03-15 21:51:44 +01:00
Dirk Wetter 15ca770980
Merge pull request #1012 from dcooper16/tls13_draft26
TLS 1.3 drafts 25 and 26
2018-03-15 21:51:02 +01:00
David Cooper 2c1c9f33aa
Check for TLSv1.3 in OpenSSL
This PR adds a missing check for local TLSv1.3 support in cipher_pref_check(). If the "--ssl-native" mode is being used and $OPENSSL does not support TLSv1.3, then a warning should be displayed indicating that TLSv1.3 cannot be checked rather than displaying the same results as if the server did not support TLSv1.3.
2018-03-15 11:58:11 -04:00
David Cooper f7ab400167
TLS 1.3 drafts 25 and 26
Drafts 25 and 26 of TLS 1.3 were issued in early March. Neither made any change that is relevant to testssl.sh.

This PR adds checks for these two drafts.
2018-03-14 09:55:18 -04:00
Dirk Wetter 107d2dd12e
Merge pull request #1007 from dcooper16/revert_read_sigalg_from_file
Revert change to read_sigalg_from_file()
2018-03-12 21:38:44 +01:00
David Cooper 819e4505f1 Revert change to read_sigalg_from_file()
The implementation of read_sigalg_from_file() was changed on January 29 in 88cd5528e7. The new implementation does not work correctly in cases in which read_sigalg_from_file() is called with $TMPFILE as as parameter.

The current implementation of the function is:
```
read_sigalg_from_file() {
     local hostcert_txt="${1//pem/txt}"

     [[ -r "$hostcert_txt" ]] || $OPENSSL x509 -noout -text -in "$1" 2>/dev/null >$hostcert_txt
     awk -F':' '/Signature Algorithm/ { print $2; exit; }' $hostcert_txt
}
```

When called using $TMPFILE (/tmp/testssl.XXXXXX/tempfile.txt), hostcert_txt is set to $TMPFILE, and since this file exists and is readable, the next line does nothing and the final line tries to read the signature algorithm from $TMPFILE rather than from a parsed version of the certificate.

This PR reverts read_sigalg_from_file() to its previous implementation, at least as a temporary solution.
2018-03-12 15:29:10 -04:00
Dirk Wetter f718592960
Merge pull request #1006 from dcooper16/X448
Add X448 support in TLS 1.3
2018-03-12 19:43:35 +01:00
David Cooper 714933d607 Add X448 support in TLS 1.3
Support for X448 was recently added to the development branch of OpenSSL 1.1.1. This PR adds an X448 key pair to etc/tls_data.txt (that was generated using OpenSSL 1.1.1) and adds X448 to the supported_groups extension for TLS 1.3 ClientHello messages.
2018-03-12 13:40:22 -04:00
Dirk 9618ed993d Better parsing of HPKP
Previously testssl.sh ran into problems when both Public-Key-Pins
and Public-Key-Pins-Report-Only were present in the header.

Now if both are present only Public-Key-Pins is evalutated and a
hint is given. If Public-Key-Pins-Report-Only is only present
a hint is given and those are evaluated.

If more than 1 from either Public-Key-Pins-Report-Only or
Public-Key-Pins is detected only the first one will be processed
and a warning will be displayed.
2018-03-03 21:40:46 +01:00
Dirk 1011ef1399 polish 2018-03-02 21:07:33 +01:00
Dirk 2e5dd0439a document variable for previous commit 080840f 2018-03-02 20:57:06 +01:00
Dirk 080840f655 fix uninitialized variables, proper exit if fail2van and friends
This commit improves assessments of server which decides after
a few connects either to drop all tcp packets or send a tcp
reset, see #1005 . It adds another global MAX_SOCKET_FAIL
(preset to 2) representing a threshold how many bash socket
connections are needed to quite the whole scan. It dramatically
reduces scan time and makes sure that the user is clear that
the scan had a problem and the results at maximum partly useful
(CSV, HTML, JSON). It also writes a valid JSON file.
See also #769.

It also fixes non-initialized variables in ``fileout_json_finding()``
and ``fileout()``
2018-03-02 20:39:07 +01:00
Dirk b1b30b3fb8 better matching of empty server banners
.. which could have led to borken JSON too
2018-03-01 16:01:05 +01:00