... which may led to false positives
Also in a number of tests the timeout was re-adjusted so that the robot check
performs ~25% faster -- on MacOS. On Linux it's about the same.
The commit 51a35b0344 changed variable names but there were leftovers. Also
before the tiemout values were reduced, so that the check may run faster. What was left were that some
timeout values were still too long. Thus MAX_WAITSOCK is now completely changed to ROBOT_TIMEOUT .
Also when the ROBOT check identified something as potentially vulnerable, the timeout value ist increased to
8 seconds which is less than in 3.2 . Tests however showed so far that there were no false positives or
negatives.
Moreover it changes the local variable robottimeout to robot_timeout.
This PR fixes#2983 for 3.3dev .
This PR fixes#2806 and implements a feature request. TLS >=1.2 MUST support
support the extended_master_secret extension to address an attack resulting
from TLS session parameters not being properly authenticated in a Triple
Handshake scanario (https://ieeexplore.ieee.org/document/6956559).
Only if the extension is missing there will be a medium severity level
finding. JSON output will be generated in any case.
Also in determine_tls_extensions() some documenation about tls extensions
to be send were added.
This fixes#2973.
There was a while back an extra headline when one or a defined other
number of vulnerabilities were checked. The extra headline was removed
n #2967 but some leftover code needed to be removed as well.
In the aforementioned previous PR it seems run_starttls_injection()
and run_rc4() were forgotten. This PR removes extra headlines in
those functions as well.
.. as an UI improvement for the user.
Implemented for Ticketbleed and during startup in determine_optimal_proto() .
For the latter it could be considered later to automagically pick $OPENSSL2 .
As reported a longer while back in #2083 there were trailing bytes
when receiving a TLS alert by the ROBOT check.
This PR corrects and thus normalizes the length of the TLS alert message to the
correct value, supposed the length in the TLS alart is two bytes and it is an
TLS alert.
Also this PR now uses a separate variable for the timeout. In 2ce0110e the timeout
was changed by mistake as MAX_WAITSOCK was reduced from 10 to 5. For this check it
is still 5 which seemed fine (TBC). Using a separate global variable however may offer
some possibility for tuning the check when the latency to the target is high.
This commit fixes#2959 by modifying TLS12_CIPHER, TLS12_CIPHER_2ND_TRY, and TLS12_CIPHER_3RD_TRY so that they each have 118 ciphers (including "00,ff"). It also modifies run_cipherlists(), run_server_defaults(), and run_beast() so that, when $SERVER_SIZE_LIMIT_BUG is true, no more than 125 ciphers are sent.
This PR fixes an error when early data was empty
which caused testssl.sh to exit instead of marking
that there was no file returned.
Also it changes HEAD to GET as the latter is probably
more often supported.
There needs to be a unit test for 0-RTT / early data!
Under some circumstances the opossum vulnerability check got stuck
because the cat commdn was waiting for reading from the descriptor.
In some case like #2950 this happened when the HTTP head command
was incorrectly send in the first place.
This PR makes sure that the HTTP head is correct and it replaces
cat by read in a loop so that the HTTP response is read without
being blocked.
Also for http_head_printf() the argumensats passed were cleaned up.
`grep -w` matches also `string1-whatsoever` so that entries like
```
192.168.0.10 anystring anystring-apache
192.168.0.11 anystring-tomcat
```
matched 3 entries over 2 lines.
This PR fixes#2937 by improving the match pattern, so that
`string1` needs a trailing whitespace or a EOL -- besides a
leaing whitespace.
The new block making sure that rust coreutils work properly (PR #2913)
introduced a new check in order to determine which date functions
to use.
The function however parsed only for English error messages ("No such file").
This PR fixes that by setting LC_ALL to C.
Fixes#2929 .
and some warnings.
Five errors of type [SC2145](https://www.shellcheck.net/wiki/SC2145) are left as I am not sure whether
it'll be safe to follow the recommendation
This PR implements a check for TLS early data. It needs a compatible OpenSSL or
LibreSSL version. For modern OS versionis it should automagically pick the right,
modern binary for the check.
Mitigations like Defer processing or HTTP 425 are not yet tested.
To clarify is
* whether to penalize SSLlabs rating (@magnuslarsen). testssl.net has it
enabled but the Web UI claims it's not a/v, see
https://www.ssllabs.com/ssltest/analyze.html?d=testssl.net&s=172.67.205.231&hideResults=on&latest
* Man pages
To be in line with other HAS2_* global vars (HAS2_QUIC, HAS2_UDS), the following
vars were renamed from their OPENSSL2_HAS_* counter parts:
- HAS2_TLS13
- HAS2_CHACHA20=false
- HAS2_AES128_GCM=false
- HAS2_AES256_GCM=false
It seems needed to introduce two variables for upcoming early data tests,
see #1186. This is not needed for OpenSSL as it introduced that
together with TLS 1.3. For LibreSSL it is though.
* keys now always with v, like supportedciphers_TLSv1_2 and also
ciphers (e.g. TLSv1.2 x35 AES256-SHA)
* add word "server" to file output so that it reads "NOT a server cipher order configured"
Fixes#2884
This commit fixes#2896. This commit avoids modifying the ADDTL_CA_FILES environment variable, and instead substitutes spaces for commas whenever the variable is used.
