Commit Graph

2348 Commits

Author SHA1 Message Date
Dirk 4aec5664d5 introducing sentence added 2017-12-04 13:59:12 +01:00
Dirk Wetter a9e1ca4440
Delete .issue_template 2017-12-04 13:55:52 +01:00
Dirk 3150cfed0e new issue template 2017-12-04 13:54:55 +01:00
Dirk Wetter 374fb2a85c
Create .issue_template 2017-12-04 13:48:37 +01:00
David Cooper b6a022d84f Reducing processing of alert messages
This PR reduces the amount of work parse_tls_serverhello() does when processing alert messages when not in debug mode. It delays writing anything to $TMPFILE unless $DEGUG -ge 1 until it has reason to believe that the response was successful. If $DEBUG is 0 and alert messages are sent, then no file operations are performed processing the alert messages.

In almost every case, there is no attempt to look at the contents of $TEMPDIR/$NODEIP.parse_tls_serverhello.txt unless the connection was successful. So, in most cases, it is okay to not call tmpfile_handle() in parse_tls_serverhello() unless the connection was successful. There is, however. one place in run_grease() where the code reads the contents of $TEMPDIR/$NODEIP.parse_tls_serverhello.txt even if the connection was not successful. In order to address this, the DEBUG level is temporarily set to 1 when performing this test if its value is 0. Also in order to address this, changes were made in parse_tls_serverhello() to ensure that "tmpfile_handle $FUNCNAME.txt" is always called before returning if $DEBUG -ge 1.
2017-12-01 15:45:36 -05:00
Dirk 62f925a1bc Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-12-01 21:21:22 +01:00
Dirk Wetter 137f2fa3c3
Merge pull request #920 from dcooper16/client_auth_and_assume_http
HTTP-related checks and certificate based client authentication
2017-12-01 21:19:23 +01:00
Dirk Wetter 9c8fa5419d
Merge pull request #917 from dcooper16/check_version
Compare selected version against supported_versions
2017-12-01 21:03:52 +01:00
Dirk dda07cd1d0 commenting #918 2017-12-01 21:02:03 +01:00
Dirk Wetter 4be759afea
Merge pull request #918 from sdann/mysql_read_timeout
Reduce read timeout for MySQL back to 1 second
2017-12-01 20:54:37 +01:00
Dirk 99d12434dd fix strip_*_space() 2017-12-01 20:09:16 +01:00
David Cooper 1ba4b395ff
HTTP-related checks and certificate based client authentication
If certificate-based client authentication is required by the server, then most HTTP-related checks are skipped, even if the "--assume-http" flag is used. If $CLIENT_AUTH is true, then $ASSUME_HTTP is ignored.

In some cases the checks are appropriately skipped, since the tests cannot be performed. In other places, the value of "$CLIENT_AUTH" is used as a hint as to whether HTTP is being used. For example, in run_tickbleed:

     if [[ "$SERVICE" != HTTP ]] && ! "$CLIENT_AUTH"; then
          outln "--   (applicable only for HTTPS)"
          fileout "ticketbleed" "INFO" "Ticketbleed: not applicable, not HTTP" "$cve" "$cwe"
          return 0
     fi

There are some places, however, where tests are just skipped, even if both $CLIENT_AUTH and $ASSUME_HTTP are true, even though the test could be performed. For example, run_client_simulation() only simulates generic clients in this case.

This PR attempts to address this:
* In run_client_simulation() it runs all of the tests if $ASSUME_HTTP is true.
* In certificate_transparency() it only says that the lack of CT information is "N/A" it can verify that HTTP is not being used (if $SERVICE is not HTTP and $CLIENT_AUTH is false). Otherwise it just says "no" without flagging it as an issue.
* In certificate_info() it displays additional warnings (about use of SHA-1 or subjectAltName matching) only if it can verify that HTTP is being used ($SERVICE is HTTP or $ASSUME_HTTP is true).
* In run_crime(), if compression is used, it only says " but not using HTTP" if it can verify that HTTP is not being used (if $SERVICE is not HTTP and $CLIENT_AUTH is false).
2017-12-01 10:58:06 -05:00
David Cooper 76c75ae8f9 Replace external calls with Bash functions 2017-12-01 10:31:30 -05:00
David Cooper 74c1a6bcb3 Compare selected version against supported_versions
If a supported_versions extension was included in the ClientHello, then check that the version returned by the server was included in the ClientHello's supported_versions extension.

OpenSSL will respond to a TLSv1.3 ClientHello that only specifies 0304 in its supported_versions extension with a ServerHello that specifies whatever draft of TLSv1.3 it currently supports (e.g., 7F16). The result is that run_protocols() incorrectly reports that OpenSSL supports TLSv1.3 "final" in addition to whatever draft version it supports.

This PR fixes that problem by treating it as a failed connection when the ClientHello offers only 0304 and the ServerHello specifies something else (e.g., 7F16).

Performing this check is actually a requirement for clients in Section 4.2.1 of draft-ietf-tls-tls13-22. So, including this check will also help make client simulations more accurate when clients that support TLSv1.3 are added to client-simulation.txt.
2017-12-01 10:31:29 -05:00
Dirk 851030ea8f Fixes in headers
- double word match: Content-Security-Policy matched also X-Content-Security-Policy
- X-UA-Compatible always appeared twice
2017-12-01 13:31:43 +01:00
Steven Danneman 2fb7e45799 Reduce read timeout for MySQL back to 1 second
The default STARTTLS_SLEEP timeout was increased to 10 seconds in
d1e7498. This caused MySQL connections to timeout. Quick fix is to
parameterize the timeout and pass in 1 again.

Better future fix is to read MySQL as binary packets, parsing the fixed
sized header, to then read the variable sized payload. Doing this will
also greatly speed up testing.

This fixes issue #914.
2017-11-30 15:10:47 -08:00
Dirk 1b7e6630d7 Extending OPTIMAL_PROTO tests with TLS 1.3
It partly addresses #915, supposedly the openssl binary used supports
TLS 1.3 (and the correct draft/final).

It also reduces handshakes by not trying protocols which aren't supported
on the client side.
2017-11-30 16:07:51 +01:00
Dirk Wetter f9d8d4df7b
Merge pull request #912 from dcooper16/draft22
Support TLSv1.3 draft 22
2017-11-30 09:55:16 +01:00
David Cooper fee2f68a64
Support TLSv1.3 draft 22
This PR adds support for TLSv1.3 draft 22. This PR has testssl.sh operate in "middlebox compatibility mode" as described in Appendix D.4 of draft-ietf-tls-tls13-22 to maximize the chances of being able to perform a successful test even if there is a misbehaving middlebox between testssl.sh and the server being tested. Support for drafts 18 through 21 is still maintained.

This PR has been tested against a few different implementations of draft 22 that were made available shortly before draft 22 was posted.
2017-11-29 14:47:22 -05:00
Dirk Wetter affc9d6bb6
Merge pull request #909 from dcooper16/remove_extra_spaces
Remove extra spaces
2017-11-29 19:39:54 +01:00
Dirk Wetter 34f4a8cb4f
Merge pull request #910 from dcooper16/hrr_socket
Don't open new socket for second ClientHello
2017-11-29 19:39:15 +01:00
David Cooper 77b5a58b2d Remove extra spaces
This PR just removes some extra spaces in the printing of TLS extensions in parse_tls_serverhello().
2017-11-29 09:15:01 -05:00
David Cooper 0a6e88041c Don't open new socket for second ClientHello
In TLSv1.3, when responding to a HelloRetryRequest, the second ClientHello should be sent through the same socket as the first ClientHello.

This PR adds an option to socksend_tls_clienthello() to not open a socket and then uses that option in resend_if_hello_retry_request() when sending the second ClientHello.
2017-11-29 09:14:16 -05:00
Dirk f61b701f5a recognise TLS alert as a sign that SSLv2 is not supported
Revert the exception from previous commit 20b38d5aa6
that TLS alerts on SSLv2 client hello won't be a proper reply -- due to a reality check,
see #908.

In order to have better debugging info the TLS alert message is printed
in clear. Messages code and text assignements was moveed to a separate
function.
2017-11-29 11:43:35 +01:00
Dirk ece1d868c4 change wording and color for not valid SSLv2 server hello 2017-11-28 10:03:49 +01:00
Dirk 20b38d5aa6 Make SSLv2 parsing more robust 2017-11-27 21:55:17 +01:00
Dirk Wetter 0633ca595d
Merge pull request #904 from dcooper16/negotiated_proto_and_cipher
Add TLSv1.3 support for negotiated protocol and cipher
2017-11-27 12:42:29 +01:00
Dirk d840209b2b don't run as root 2017-11-25 18:19:52 +01:00
Dirk 0896c901db fix problem with servers which return gzip encoded body
Some servers like the one from the satire magazine "focus.de"
choose to return gzip encoded body during run_http_haders().
This has led sometimes to misintepretation that an IPv4 address
is present in the header.

This commit fixes that by telling the server not to want a gzipped
response and if still returned grep properly the return.
2017-11-25 17:55:55 +01:00
Dirk 47409a32d6 delayed commit for file prefix
Also added David
2017-11-24 23:13:38 +01:00
Dirk d1e7498458 Increase STARTTLS_SLEEP for lame servers
.. as otherwise the connection will be tore down too early.
It doens't cost anything for faster servers as it is the max
time to wait.
2017-11-24 22:55:13 +01:00
Dirk f2b37c767d Remove output of ticketbleed for STARTTLS 2017-11-24 22:43:35 +01:00
Dirk e9aaae0d46 remove any spdy + alpn output for STARTTLS
... as it's being done all other places
2017-11-24 22:39:18 +01:00
Dirk 9fe02e45fa Add robustness to STARTTLS+sockets
When testing servers which fall back after succeeding the STARTTLS handshake
to the underlying protocol (smtp, ftp etc.) there was often misleading output
=not available instead of notifying the user that there's a problem.

Now it is being tested in parse*serverhello() functions whether the first
by resembles a 5XX code and STARTTLS is supposed to be tested and then
passes an error code back to the caller , i.e. tls_sockets() and then
run_protocols(). Also other error code after the handshake are passed
better.

This is only an addition to the top level function run_protocols().
We might want to look into other top level functions too
2017-11-24 19:28:55 +01:00
Dirk ad97b6fc4e Polish screen output "protos" not offered
In scenarios where --ssl-native was chosen AND the
openssl binary wasn't supporting the protocol
there were two warnings. This has been addressed.

Also tls_sockets() can return different values -- for now: 6 -- as
tested by the caller in run_protocols. In order to make
it more robust a fixme statement was added so that the
user becomes iat least aware of it.
2017-11-24 16:21:06 +01:00
Dirk 778a7cc12d Fix change of warning logic (no protos offered)
After changing the logic from $PROTOS_OFFERED
contaning each protocol detected to $PROTOS_OFFERED
contaning each protocol + colon yes or no there
wasn't a change for the sanity check that no protocols
are offered. This fixes it.
2017-11-24 15:15:50 +01:00
David Cooper 5c54f976e8
Add TLSv1.3 support for negotiated protocol and cipher
This PR adds TLSv1.3 support for the negotiated protocol and cipher in run_server_preference(). This mostly addresses #893, however, run_server_preference() will not work with a TLSv1.3-only server as it will fail when trying to determine whether the server has a cipher order.

Note that with this PR run_server_preference() will not always provide consistent results when testing a server that does not support TLSv1.3 using a version of OpenSSL prior to 1.1.1. If it is determined before running run_server_preference() (using run_protocols()) that the server does not support TLSv1.3, then run_server_preference() will using OpenSSL to determine the negotiated protocol and cipher. However, if it has not yet been determined that the server does not support TLSv1.3, then run_server_preference() will use tls_sockets(), which tries to simulate OpenSSL 1.1.1. Since the list of cipher lists sent will differ the negotiated cipher will sometimes differ. In addition, when a cipher suite that uses an ephemeral ECDH key is selected, the negotiated curve is sometimes different.
2017-11-21 16:14:04 -05:00
Dirk Wetter e0a5050553
Merge pull request #903 from dcooper16/fix_901
Fix #901
2017-11-21 15:36:18 +01:00
David Cooper c65a352dcf Fix #901
This PR fixes #901. When $OPENSSL_TIMEOUT is set and mass testing is being performed, this PR changes find_openssl_binary() so that only child instances modify $OPENSSL to add the call to timeout.

This PR also changes the warning in case $OPENSSL_TIMEOUT is set and the timeout binary cannot be found so that the warning message is printed even if $WARNINGS is "off" or "batch".
2017-11-20 13:38:12 -05:00
Dirk 77fc111b13 put new socksend() into production
FIX #902.

Performance improvements LAN (just one shot):

```
	58 / 50
	52 / 44
	53 / 47
	143 / 137
	63 / 53
	48 / 43
```

WAN:

```
	89 / 77
	88/ 67
	234 / 231
	67 / 63
	84 / 81

```
2017-11-20 16:33:40 +01:00
Dirk 209b21c817 fix travis in cce48a34d0 2017-11-19 23:13:33 +01:00
Dirk cce48a34d0 New socksend(), json flat: scan time
There's a new socksend() function which gives up to 8% performance
benefit (LAN) as is saves 3 sed and 1 tr command in every socksend call.
It has not been put in production yet as it shows a problem in ticketbleed
check and it is late and I call it a day ;-) and resolve that later (see #902).

For performance tests it's quite handy to also have in the flat json format
a footer with time consumed for each run. fileout_json_footer() was
patched accordingly.
2017-11-19 20:44:06 +01:00
Dirk Wetter 9949be750d
Merge pull request #900 from dcooper16/fix_heartbleed
Fix run_heartbleed()
2017-11-19 18:27:03 +01:00
Dirk fd4e5469fe changed output in CAA and OCSP stapling
... from "--" to "not offered". Reason: e.g. on a white
terminal background it is hard to detect that there's
an output. Also "not offered" is more consistent with
the value of protocol checks.
2017-11-19 17:11:22 +01:00
Dirk f20ce1a0f8 replace old school grep/sed/sort in certificate_info() 2017-11-19 17:02:24 +01:00
Dirk 5854607d60 label:experimental 2017-11-19 16:48:05 +01:00
David Cooper 9db0a8f78c
Fix run_heartbleed()
When the server's response to the ClientHello message (i.e., the ServerHello, Certificate, ServerHelloDone) is split across more than one packet, the current call to tls_sockets() in run_heartbleed() only retrieves the first packet. As a result, sometimes when run_heartbleed() believes that it is reading the response to the Heartbleed payload it is actually reading the continuation of the response to the ClientHello message.

This PR fixes the problem by indicating in the call to tls_sockets() that the ephemeral key is needed. This causes tls_sockets() to continue requesting additional packets until it receives the ServerHelloDone.
2017-11-17 16:15:37 -05:00
Dirk fb3aa6ad7f fix for filename output beginnng with .
There was an error in e450eb34e4
which addressed #846 which lead to the problem that an output filename
could start with a "." if no FNAME_PREFiX and if just --html, --csv
or --log or --json* was supplied.

This commit fixes the problem.
2017-11-17 22:09:56 +01:00
Dirk 98f4f28017 FIX #898
fix escaping of debugging output.  credits to @dcooper16
2017-11-17 20:56:18 +01:00
Dirk Wetter 52809d0800
Merge pull request #899 from dcooper16/yet_another_ossl111_fix
Yet another fix for OpenSSL 1.1.1
2017-11-17 20:21:28 +01:00