Commit Graph

3677 Commits

Author SHA1 Message Date
Dirk Wetter aa702369c1
Merge pull request #1597 from dcooper16/use_has_x25519
Use $HAS_X25519 and $HAS_X448
2020-05-01 16:21:47 +02:00
Dirk Wetter ece209886c
Merge pull request #1598 from dcooper16/improve_libressl_302_compat
Improve compatibility with LibreSSL 3.0.2 and earlier
2020-05-01 16:16:28 +02:00
Dirk Wetter c52ba088cf
Merge pull request #1599 from dcooper16/improve_libressl_310_compat
Improve LibreSSL 3.1.0 compatibility
2020-05-01 16:12:28 +02:00
David Cooper a5a28d2457 Improve LibreSSL 3.1.0 compatibility
This commit addresses two compatibility issues with LibreSSL 3.1.0, which has added client support for TLS 1.3.

The first issue is that LibreSSL has named the TLS 1.3 ciphers that it supports AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, and AEAD-AES128-GCM-SHA256, rather than using the OpenSSL names, which are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256. (Draft versions of OpenSSL 1.1.1 names these ciphers TLS13-AES-256-GCM-SHA384, TLS13-CHACHA20-POLY1305-SHA256, TLS13-AES-128-GCM-SHA256.) There are several places where testssl.sh checks whether a cipher suite is a TLS 1.3 cipher by checking whether its OpenSSL name begins with "TLS_" (or "TLS13"). In order to work with LibreSSL 3.1.0, these checks also need to consider names that begin with "AEAD-" to be TLS 1.3 ciphers.

Second, in sub_session_resumption() there is code that adds "-no_ssl2" to the "$OPENSSL s_client" command line if that option is supported. If "-no_ssl2" is not supported, then other protocol information is added to the command line. I believe this code was written with the assumption that any version of OpenSSL that supports "-no_ssl2" does not support TLS 1.3. However, LibreSSL 3.1.0 supports both. So, this commit changes the code to add the "-no_ssl2" option only if TLS 1.3 is not supported.
2020-04-30 11:08:04 -04:00
David Cooper cb67d91417 Improve compatibility with LibreSSL 3.0.2 and earlier
This commit addresses two compatibility issues with LibreSSL.

First, with LibreSSL, "$OPENSSL s_client" does not support the "-curves" option, so the "-groups" option needs to be used instead. Note that with LibreSSL, the command line "$OPENSSL s_client -groups $curve -connect invalid." will not work, as it will complain "no port defined," but will not indicate whether the specified curve is supported. Adding a port number fixes that problem. (There does not seem to be a need to include a port number for other tests, such as whether the "-curves" option itself is supported.)

Second, including "-out -" in the command line for "$OPENSSL genpkey" causes LibreSSL to create a file with the name "-" if the algorithm is supported. This is not an issue at the moment, since LibreSSL's genpkey does not support X25519 or X448. However, both genpkey with both OpenSSL and LibreSSL uses stdout as the default output if no "-out" is specified, so the "-out -" is not necessary.
2020-04-30 10:37:12 -04:00
David Cooper 541d960924 Use $HAS_X25519 and $HAS_X448
generate_key_share_extension() and prepare_tls_clienthello() currently check the $OPENSSL version number to determine whether X25519 and X448 are supported. The commit changes these functions to use $HAS_X25519 and $HAS_X448.
2020-04-30 10:26:56 -04:00
Dirk Wetter a1f6fe49ba
Merge pull request #1595 from dcooper16/ticketbleed_no_tls1_3
Ticketbleed and TLS 1.3
2020-04-30 10:01:28 +02:00
David Cooper 3db9d74c21 Ticketbleed and TLS 1.3
run_ticketbleed() and sub_session_ticket_tls() each include one call to "$OPENSSL s_client". For each of these calls the expected response is a TLS 1.2 or earlier ServerHello. However, if $OPENSSL supports TLS 1.3, then a TLS 1.3 ClientHello will be sent.

This commit fixes this problem in two ways. For the call in run_ticketbleed(), "-no_tls1_3" is added to the command line if "$OPENSSL" supports TLS 1.3. For the call in sub_session_ticket_tls(), this commit changes the function so that the same ClientHello version is sent as will sent by run_ticketbleed() via sockets.
2020-04-29 10:13:22 -04:00
Dirk a9d28949fe Clarify responsilility for rating 2020-04-28 21:13:36 +02:00
Dirk Wetter 97ac4c452e Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-28 15:07:33 +02:00
Dirk Wetter 3745e12673 Add latest changes (cherry picked from 3.1dev)
including the one since 3.0
2020-04-28 14:59:35 +02:00
Dirk db84e5c87c Add grade cap reasons and warnings to JSON/CSV 2020-04-28 13:38:23 +02:00
Dirk 13a76bc719 (try to) resolve merge conflict 2020-04-28 13:35:24 +02:00
Dirk Wetter 67780b1c3c
Merge pull request #1593 from drwetter/1590_readme_dev
Relax the possible GPL license contradiction
2020-04-28 10:08:19 +02:00
Dirk 88c04f5345 Relax the possible GPL license contradiction
... see also #1590
2020-04-28 10:06:29 +02:00
Dirk Wetter a3b84ce0c3
Merge pull request #1591 from drwetter/1583_changelog
Add latest changes
2020-04-27 19:20:14 +02:00
Dirk Wetter 50d10d00f7 Add latest changes
including the one since 3.0
2020-04-27 19:19:19 +02:00
Dirk Wetter 2854aafca6
Merge pull request #1583 from drwetter/dcooper16-extend_run_server_preference
WIP: Extended run_server_preference()
2020-04-27 18:52:51 +02:00
Dirk Wetter 680aff48e4 Update documentation related to extended run_server_preference() 2020-04-27 17:19:30 +02:00
Dirk Wetter 1e0ef23c81 Rename add_tls_offered --> add_proto_offered
... last but not least SSLv2 and SSLv3 are no TLS protocols
2020-04-27 17:12:25 +02:00
Dirk Wetter 8938c21703 Renaming proto variables in cipher_pref_check()
... to be consistent with ciphers_by_strength:

- proto --> proto_text
- proto_ossl --> proto
2020-04-27 17:08:43 +02:00
Dirk Wetter 3b92b0cf85 Remember better protocol settings in ciphers_by_strength() / cipher_pref_check()
... in cases where the protcol section has not been run before.

Also add " -\n" on the screen/html if protocol is not supported. Also for
SSLv2 which can be supported but at the same time not offer any ciphers
mention there will be an output on the screen.
2020-04-27 16:51:45 +02:00
Dirk Wetter 0a859d7b98 rename $p --> $proto_ossl in cipher_pref_check()
plus remove redundant quotes for that
2020-04-27 15:32:43 +02:00
Dirk Wetter 59b790ab3a
Merge pull request #1588 from drwetter/np_fix31
Negotiated protocol showed no warning for TLS 1.1/1.0
2020-04-25 11:13:43 +02:00
Dirk Wetter 4defa95d0b Negotiated protocol showed no warning for TLS 1.1/1.0
.. whereas the protocol section did that.

This fixes the inconsistency.
2020-04-25 11:12:36 +02:00
Dirk Wetter 3e54f4e4cd Further changes to run_server_preference()
In order not to provide redundant information run_allciphers() is
now not being run via default (1). Therefore run_server_preference()
runs always in wide mode.

In order to archieve that cipher_pref_check() was modified to
accept a fifth argument whether it'll run in wide mode. As
of now cipher_pref_check() is only called by run_server_preference(),
so the code referring to non-wide mode in cipher_pref_check() may also
be deleted in the future.

To provide a better view the run_fs() section is now being run after
run_server_preference().

(1) saves also 5-6 seconds
2020-04-24 13:32:26 +02:00
Dirk Wetter 1a6abb6ab8
Merge pull request #1584 from dcooper16/fix_logjam_ssl_native
Fix run_logjam() in --ssl-native mode
2020-04-24 09:41:59 +02:00
Dirk Wetter b5840153d3
Merge pull request #1586 from dcooper16/improve_ossl30_support
Improve compatibility with OpenSSL 3.0
2020-04-24 09:38:03 +02:00
David Cooper 7f0c2e9137 Improve compatibility with OpenSSL 3.0
This commit fixes a couple of issues related to the use of testssl.sh with OpenSSL 3.0.0-alpha1.

First, when the command line includes an unknown option (e.g., -ssl2), OpenSSL 3.0.0-alpha responds with "Unknown option: -ssl2" rather than "Option unknown option -ssl2". This commit addresses this by making the check for "unknown option" case insensitve.

Second, the printing a DH key, OpenSSL 3.0.0-alpha1 labels the prime and the generator using "prime P:" and "generator G:" rather than just "prime:" and "generator:". This commit by changing testssl.sh to match on either string.
2020-04-23 15:20:50 -04:00
David Cooper bb1c649513 Fix run_logjam() in --ssl-native mode
This commit fixes a problem with run_logjam() when run in --ssl-native mode. If $OPENSSL does not support any DH export ciphers, then no test for such cipher is performed. However, the results of "test" is still checked, leading to testssl.sh incorrectly reporting that the server supports DH EXPORT ciphers.
2020-04-23 14:52:14 -04:00
Dirk Wetter a86ccb6968 First round of polish of David's PR to extend run_server_preference()
See #1580.

This commit brings:

* If there's no cipher for a protocol it adds a "\n - \n" (also for run_cipher_per_proto() )
* further output improvements
* Cipher order --> Cipher listing per protocol
* make some conditional statement easier to read (at least for me)

New open points:
- cipher_pref_check() doesn't save to PROTOS_OFFERED (was there before)
  (just stumbled over this but how about we also use get_protocol() / parse_tls_serverhello()
- do we want run_allciphers() to be started by default?
- $WIDE per default for run_cipher_per_proto() ?
- probably better not to display text in round square brackets when there's no cipher:

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2 (listed by strength)
SSLv3 (server order)
TLSv1 (server order)
TLSv1.1 (server order)
TLSv1.2 (server order)
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[..]

- when a server has no preference at all it shows in wide mode:

Has server cipher order?     no (NOT ok) -- only for TLS 1.3
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher listing per protocol

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
 -
SSLv3
 -
TLSv1 (no server order, thus listed by strength)
 xc014   ECDHE-RSA-AES256-SHA              ECDH 521   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[..]

e.g. dev.testssl.sh
2020-04-23 14:11:33 +02:00
Dirk Wetter c6dfe05874 Merge branch 'extend_run_server_preference' of git://github.com/dcooper16/testssl.sh into dcooper16-extend_run_server_preference 2020-04-23 12:01:03 +02:00
Dirk Wetter a45e9f52d5
Merge pull request #1582 from drwetter/fix_1581
Update documentation (ADDITIONAL_CA_FILES ->  ADDTL_CA_FILES)
2020-04-23 11:25:03 +02:00
Dirk Wetter a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-23 11:20:46 +02:00
Dirk 8566ca80bc Enable rating again
was per default disabled by accident previously
2020-04-23 09:23:21 +02:00
David Cooper f5aa20ceb1 Extended run_server_preference()
This commit extends run_server_preference() to list every cipher supported by each protocol even in cases in which the server does not enforce a preference order.

For protocols where the server enforces a cipher order the list of supported ciphers is ordered by server preference (as now). For protocols where the server does not enforce a cipher order, the ciphers are listed by encryption strength (as run_cipher_per_proto() does).

In order to implement this, ciphers_by_strength() was extended to offer a non-wide mode.
2020-04-22 12:31:45 -04:00
Dirk Wetter 07c06e0f94 declare t variable in set_skip_tests() 2020-04-22 17:19:36 +02:00
Dirk Wetter 32eab3ead9 Fix problem with --disable-rating
by introducing framework for tests to be skipped, see also #1502.
As a first example for the development branch should serve
--disable-rating / --no-rating. The latter is for now undocumented.
Also the big case statement in parse_cmd_line()  may use a general
--disable-* or --no-* clause where all --disable-* / --no-* are
being parsed/

A new function set_skip_tests() is being introduced which
sets do_<variables> according to the new array SKIP_TESTS .
Any new test do be skipped needs to be added to that array.

The changes in the --devel part come from the tries to fix
the syntax highlight in vim -- which in the end difn't work
2020-04-22 17:14:05 +02:00
Dirk Wetter d6a9360f2c Fix known DH but not weak keys to be capped @ A not B 2020-04-22 14:08:58 +02:00
Dirk Wetter 591edb9300
Merge pull request #1579 from drwetter/1571_31dev
Fix misleading phrasing in run of standard ciphers
2020-04-21 20:30:31 +02:00
Dirk Wetter 8c7dcbbc3b Fix misleading phrasing in run of standard ciphers
see #1571. Bit size doesn't matter. It only matters to the
user which ciphers they are.

Additionally phrased the output better (FS + strong enc) and
do less indentation.

Renamed average_ciphers -> obsoleted_ciphers to refect what's
on the output.
2020-04-21 19:22:16 +02:00
Dirk Wetter 7da2e90083 Honor Magnus 2020-04-20 22:49:48 +02:00
Dirk Wetter 577370a272 Add rating 2020-04-20 22:49:31 +02:00
Dirk Wetter b1ef3a020f add single blank for pretty JSON 2020-04-20 22:48:31 +02:00
Dirk Wetter e9e11e213a * Grading --> Rating. But we still hand out grades 2020-04-20 22:45:58 +02:00
Dirk Wetter c3f09f56f7 Grading --> Rating
but we still hand out grades
2020-04-20 22:41:14 +02:00
Dirk Wetter 127cf95e22 Address rating for STARTTLS tests
STARTTLS tests should always give a bad rating because of the missing
trust 1) . That's why we don't provide more details as "T". Maybe we
decide later to provide an environment variable which still
shows this warning but divulges more details. TBC.

Documentation is missing for STARTTLS + grades.

1) There might be cases also for STARTTLS where encryption is enforced
   and e.g. the certificate fingerprint is validated. As this is highly
   protcol specific we won't test that.
2020-04-20 12:26:33 +02:00
Dirk Wetter fe5e10ff9d
Merge pull request #1574 from magnuslarsen/grading_dev
Less aggresive TLS_FALLBACK_SCVS checks
2020-04-20 11:45:56 +02:00
Dirk 4960829433 Fix JSON for grading / rating 2020-04-19 23:54:42 +02:00
Magnus Larsen b4ad0d2425 Less aggresive TLS_FALLBACK_SCVS checks 2020-04-17 15:31:29 +02:00