Commit Graph

3910 Commits

Author SHA1 Message Date
David Cooper 46bf8c90ac Improve key exchange grading
This commit makes a couple of improvements to set_key_str_score().

It rates (finite-field) DH keys the same as RSA and DSA keys.

Second, in the case of a server that has more than one certificate, the current code sets $KEY_EXCH_SCORE based on the length of the public key in the last certificate that is parsed. This commit changes set_key_str_score() so that $KEY_EXCH_SCORE is set based on the weakest public key.

Note that there is still the issue that the key exchange score does not take into account any ephemeral keys used. However, that needs to be addressed by callling set_key_str_score() from run_fs() and run_logjam(), as certificate_info() cannot provide information about ephemeral keys.
2020-05-06 14:30:44 -04:00
David Cooper a8c9133fc6 Check for RSA exponent of 1
As suggested in #1576, set the grade cap to F if the RSA key has an exponent of 1.
2020-05-06 14:25:59 -04:00
David Cooper 9dba2a8c9c Fix #1576
This commit adds additional information to the "Server key size" line for a certificate if the subject public key is RSA, ECDSA, or DH.

For RSA it show the public exponent. For ECDSA, it shows the curve. For DH, it shows the group used, if it is a common prime.
2020-05-06 12:16:15 -04:00
Dirk Wetter f492cf0336
Merge pull request #1616 from dcooper16/tls_sockets_return_value
tls_sockets() return value
2020-05-06 16:34:40 +02:00
Dirk Wetter 7c5fc48d25
Merge pull request #1618 from dcooper16/fix_1433
Fix #1433
2020-05-06 15:42:05 +02:00
David Cooper 329ba95d5b Fix #1433
This commit fixes #1433 by adding "@SECLEVEL=0" to the "$OPENSSL s_client" and "$OPENSSL ciphers" command lines if that option is supported. Adding this option configures OpenSSL to support some weak ciphers that it would not use in the default configuration.
2020-05-06 08:43:13 -04:00
David Cooper 84a82dbddc tls_sockets() return value
There is one place in parse_tls_serverhello() that returns 8 if the server's response is not well-formed TLS. However, there is no code in testssl.sh that is prepared to handle this return value. Every function except run_protocols() only distinguishes between 0, 2, and everything else. run_protocols(), however, gets confused if tls_sockets() returns a value that it is not expecting. So, this commit changes parse_tls_serverhello() to return 1 whenever the server's response can not be parsed.
2020-05-06 08:31:09 -04:00
Dirk Wetter 693cb216f7
Merge pull request #1615 from drwetter/license_patch3.1dev
Amendment to "Relax the possible GPL license contradiction"
2020-05-06 09:18:51 +02:00
Dirk 908975380d Amendment to "Relax the possible GPL license contradiction"
fix it also in the man pages. See #1590 / #1593
2020-05-06 09:17:42 +02:00
Dirk Wetter 41259d2f1b
Merge pull request #1612 from drwetter/TYPO3-Parsetime
Add X-TYPO3-Parsetime
2020-05-05 19:53:15 +02:00
Dirk Wetter 918d358e95 Add X-TYPO3-Parsetime 2020-05-05 13:37:58 +02:00
Dirk Wetter ec37a6e1bd
Merge pull request #1610 from drwetter/xmpp_improvements
Fix STARTTLS pretests, improve XMPP handshakes
2020-05-05 08:47:34 +02:00
Dirk Wetter d949b305c0 Fix STARTTLS pretests, improve XMPP handshakes
There was a empty variable in determine_optimal_proto() which prevented to save
STARTTLS_OPTIMAL_PROTO. This is fixed.

The buffers and return codes for XMPP in starttls_io() were under not every
circumstances correct. This fixes those cases and making that in general more
robust (hopefully).  (There's still code commented out which I'll leave it for
now).

When openssl did not support -starttls xmpp-server there was a copy
and paste error saying that -xmpphost option was not supported.
2020-05-04 22:38:02 +02:00
Dirk Wetter 1a0ade585e
Merge pull request #1609 from dcooper16/check_server_response
Check server's response
2020-05-04 21:35:50 +02:00
Dirk Wetter 308582bd0e
Merge pull request #1608 from drwetter/1590_2_3.1dev
Address further potential license restriction
2020-05-04 20:35:37 +02:00
Dirk cdc1a08819 Address further potential license restriction
.. see https://github.com/drwetter/testssl.sh/issues/1590#issuecomment-623526604

Added some formatting and verbal improvements in the intruductory comment section.
2020-05-04 20:34:32 +02:00
David Cooper ae8a056afe Check server's response
There is code at the beginning of parse_tls_serverhello() that checks whether the server's response appears to consist of a sequence of messages of the form <protocol><content type><content>. However, at the moment the check is only performed if "$do_starttls" is false. This commit changes parse_tls_serverhello() so that the check is always performed.
2020-05-04 14:29:13 -04:00
Dirk Wetter 934c5fc60c
Merge pull request #1603 from drwetter/aes_cgm_doc
Fix typo in docs: Strong grade Ciphers / AEAD
2020-05-02 19:54:54 +02:00
Dirk 381fdfa985 Fix typo in docs: Strong grade Ciphers / AEAD 2020-05-02 19:49:01 +02:00
Dirk Wetter 8e6c80ffba
Merge pull request #1601 from drwetter/xmpp_server_polish
STARTTLS xmpp-server polish
2020-05-02 19:41:24 +02:00
Dirk 7981a238a5 Comment out S2S XMPP server test for now 2020-05-02 19:40:45 +02:00
Dirk 05c90d4c3a remove add_tls_offered 2020-05-02 18:37:02 +02:00
Dirk 485bcc1888 Change Travis/CI environment to bionic
... as it comes with openssl 1.1.1 and we can check also XMPP S2S
protocol
2020-05-02 18:34:10 +02:00
Dirk 5da54b9ce8 fix var declaration 2020-05-01 21:42:41 +02:00
Dirk 9e61d6605e Perl needs a semicolon ;-/ 2020-05-01 19:17:58 +02:00
Dirk 191c69fbdd Minor probe for STARTTLS xmpp-server
... don't know whether this gets through -- depends on the
version openssl used (1.0.2 doesn't have that)
2020-05-01 18:39:36 +02:00
Dirk 1d7adebb4e Add HAS_XMPP_SERVER
... see also #1575
2020-05-01 18:32:22 +02:00
Dirk 0e6fb44bd3 add xmpp-server 2020-05-01 18:31:35 +02:00
Dirk 53ee37b046 XMPP server 2020-05-01 18:03:19 +02:00
Dirk Wetter 2b174821e4
Merge pull request #1575 from horazont/feature/xmpp-server
STARTTLS: add support for xmpp-server
2020-05-01 17:53:34 +02:00
Jonas Schäfer 4daf20585d STARTTLS: add support for xmpp-server
XMPP client-to-server and server-to-server links historically use
different XML namespaces. Some server implementations are strict
about this and will not proceed with the connection attempt when
the client namespace (`jabber:client`) is used on a
server-to-server link.

openssl s_client also supports `xmpp-server`.
2020-05-01 17:44:30 +02:00
Dirk f5a1884439 Merge branch 'magnuslarsen-grading_dev' into 3.1dev 2020-05-01 17:37:13 +02:00
Dirk ebe75252fa Merge branch '3.1dev' into magnuslarsen-grading_dev 2020-05-01 17:36:29 +02:00
Dirk Wetter aa702369c1
Merge pull request #1597 from dcooper16/use_has_x25519
Use $HAS_X25519 and $HAS_X448
2020-05-01 16:21:47 +02:00
Dirk Wetter ece209886c
Merge pull request #1598 from dcooper16/improve_libressl_302_compat
Improve compatibility with LibreSSL 3.0.2 and earlier
2020-05-01 16:16:28 +02:00
Dirk Wetter c52ba088cf
Merge pull request #1599 from dcooper16/improve_libressl_310_compat
Improve LibreSSL 3.1.0 compatibility
2020-05-01 16:12:28 +02:00
David Cooper a5a28d2457 Improve LibreSSL 3.1.0 compatibility
This commit addresses two compatibility issues with LibreSSL 3.1.0, which has added client support for TLS 1.3.

The first issue is that LibreSSL has named the TLS 1.3 ciphers that it supports AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, and AEAD-AES128-GCM-SHA256, rather than using the OpenSSL names, which are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256. (Draft versions of OpenSSL 1.1.1 names these ciphers TLS13-AES-256-GCM-SHA384, TLS13-CHACHA20-POLY1305-SHA256, TLS13-AES-128-GCM-SHA256.) There are several places where testssl.sh checks whether a cipher suite is a TLS 1.3 cipher by checking whether its OpenSSL name begins with "TLS_" (or "TLS13"). In order to work with LibreSSL 3.1.0, these checks also need to consider names that begin with "AEAD-" to be TLS 1.3 ciphers.

Second, in sub_session_resumption() there is code that adds "-no_ssl2" to the "$OPENSSL s_client" command line if that option is supported. If "-no_ssl2" is not supported, then other protocol information is added to the command line. I believe this code was written with the assumption that any version of OpenSSL that supports "-no_ssl2" does not support TLS 1.3. However, LibreSSL 3.1.0 supports both. So, this commit changes the code to add the "-no_ssl2" option only if TLS 1.3 is not supported.
2020-04-30 11:08:04 -04:00
David Cooper cb67d91417 Improve compatibility with LibreSSL 3.0.2 and earlier
This commit addresses two compatibility issues with LibreSSL.

First, with LibreSSL, "$OPENSSL s_client" does not support the "-curves" option, so the "-groups" option needs to be used instead. Note that with LibreSSL, the command line "$OPENSSL s_client -groups $curve -connect invalid." will not work, as it will complain "no port defined," but will not indicate whether the specified curve is supported. Adding a port number fixes that problem. (There does not seem to be a need to include a port number for other tests, such as whether the "-curves" option itself is supported.)

Second, including "-out -" in the command line for "$OPENSSL genpkey" causes LibreSSL to create a file with the name "-" if the algorithm is supported. This is not an issue at the moment, since LibreSSL's genpkey does not support X25519 or X448. However, both genpkey with both OpenSSL and LibreSSL uses stdout as the default output if no "-out" is specified, so the "-out -" is not necessary.
2020-04-30 10:37:12 -04:00
David Cooper 541d960924 Use $HAS_X25519 and $HAS_X448
generate_key_share_extension() and prepare_tls_clienthello() currently check the $OPENSSL version number to determine whether X25519 and X448 are supported. The commit changes these functions to use $HAS_X25519 and $HAS_X448.
2020-04-30 10:26:56 -04:00
Dirk Wetter a1f6fe49ba
Merge pull request #1595 from dcooper16/ticketbleed_no_tls1_3
Ticketbleed and TLS 1.3
2020-04-30 10:01:28 +02:00
David Cooper 3db9d74c21 Ticketbleed and TLS 1.3
run_ticketbleed() and sub_session_ticket_tls() each include one call to "$OPENSSL s_client". For each of these calls the expected response is a TLS 1.2 or earlier ServerHello. However, if $OPENSSL supports TLS 1.3, then a TLS 1.3 ClientHello will be sent.

This commit fixes this problem in two ways. For the call in run_ticketbleed(), "-no_tls1_3" is added to the command line if "$OPENSSL" supports TLS 1.3. For the call in sub_session_ticket_tls(), this commit changes the function so that the same ClientHello version is sent as will sent by run_ticketbleed() via sockets.
2020-04-29 10:13:22 -04:00
Dirk a9d28949fe Clarify responsilility for rating 2020-04-28 21:13:36 +02:00
Dirk Wetter 97ac4c452e Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-28 15:07:33 +02:00
Dirk Wetter 3745e12673 Add latest changes (cherry picked from 3.1dev)
including the one since 3.0
2020-04-28 14:59:35 +02:00
Dirk db84e5c87c Add grade cap reasons and warnings to JSON/CSV 2020-04-28 13:38:23 +02:00
Dirk 13a76bc719 (try to) resolve merge conflict 2020-04-28 13:35:24 +02:00
Dirk Wetter 67780b1c3c
Merge pull request #1593 from drwetter/1590_readme_dev
Relax the possible GPL license contradiction
2020-04-28 10:08:19 +02:00
Dirk 88c04f5345 Relax the possible GPL license contradiction
... see also #1590
2020-04-28 10:06:29 +02:00
Dirk Wetter a3b84ce0c3
Merge pull request #1591 from drwetter/1583_changelog
Add latest changes
2020-04-27 19:20:14 +02:00
Dirk Wetter 50d10d00f7 Add latest changes
including the one since 3.0
2020-04-27 19:19:19 +02:00