1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-07-18 03:31:58 +02:00
Commit Graph

1430 Commits

Author SHA1 Message Date
e67d3646e9 Merge pull request from dcooper16/drown_and_non_RSA_certs
run_drown() when server has non-RSA certificates
2016-12-02 17:10:16 +01:00
e7eac77be4 run_drown() when server has non-RSA certificates
This PR address a problem in `run_drown()` when the server does not support SSLv2, but does support multiple certificates or doesn't have an RSA certificate.

One example of the problem can be seen with www.facebook.com. If `run_server_preferences()` is run before `run_drown()`, then the results of `run_drown()` are:
```
 DROWN (2016-0800, CVE-2016-0703)          not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 SHA256 A3F474FB17509AE6C5B6BA5E46B79E0DE6AF1BF1EEAA040A6114676E714C9965 could help you to find out
```
If only `run_drown()` is performed, then the result is:
```
 DROWN (2016-0800, CVE-2016-0703)          not vulnerable on this port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 could help you to find out
```
However, A626B154CC65634181250B810B1BD4C89EC277CEA08D785EEBE7E768BDA7BB00 is the fingerprint of Facebook's ECDSA certificate, not its RSA certificate.

In addition, as noted in the "FIXME," `run_drown()` will display the warning "make sure you don't use this certificate elsewhere with SSLv2 enabled services" even if the server doesn't have an RSA certificate, even though SSLv2 can only use RSA certificates.

This PR fixes this issue by only showing the warning if the server has an RSA certificate and by ensuring that the `$cert_fingerprint_sha2` used to construct the "https://censys.io/ipv4?q=..." URL only contains a single SHA256 fingerprint and that it is the fingerprint of the server's RSA certificate.
2016-12-02 10:16:04 -05:00
9eba15834e Merge remote-tracking branch 'drwetter/2.9dev' into 2.9dev 2016-12-01 23:52:51 +01:00
33baf66703 Merge branch '2.9dev' into run_rc4_sockets 2016-12-01 13:29:13 -05:00
b79abd969a Merge branch 'run_cipher_per_proto_sockets' of https://github.com/dcooper16/testssl.sh into run_cipher_per_proto_sockets 2016-12-01 13:26:27 -05:00
f2dae8efaf Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-01 13:24:36 -05:00
b58c48fa3e Merge pull request from dcooper16/fixmeln_typo
Typo in definition of fixmeln()
2016-12-01 18:18:41 +01:00
07edcd9a6a Typo in definition of fixmeln()
The `fixmeln()` function was misnamed `fixme()`.
2016-12-01 12:04:06 -05:00
7aee9b9f0b Merge pull request from typingArtist/fix_starttls
Implement proper STARTTLS handshake for ftp, smtp, pop, imap and nntp
2016-12-01 16:29:12 +01:00
db1f4c37a2 Limit calls to tolower()
It turns out that calling `tolower()` once for each cipher to test is very expensive. So, this commit tries to call `tolower()` only when necessary.
2016-11-30 13:40:28 -05:00
3838b0f613 Merge branch '2.9dev' into run_rc4_sockets 2016-11-30 09:14:23 -05:00
2ff480a6df Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-11-30 09:11:26 -05:00
f90da83d0b Merge pull request from dcooper16/fix_run_allciphers
run_allciphers() bug fixes
2016-11-30 07:55:54 +01:00
01997b8b81 run_rc4() sockets implementation
This PR implements `run_rc4()` in a similar manner to `run_allciphers()` and `run_cipher_per_proto()` (in PR ). The change doesn't seem to have much of an impact on speed, but when sockets are used it can detect ciphers that aren't locally supported by OpenSSL.
2016-11-29 11:58:49 -05:00
af84d9b220 run_cipher_per_proto() speedup + sockets
This PR implements `run_cipher_per_proto()` in a manner similar to `run_allciphers()`.
2016-11-29 11:16:01 -05:00
49c023f27f run_allciphers() bug fixes
This PR fixes two minor bugs in run_allciphers():

* If `$SSL_NATIVE` or `$FAST` is `true`, then the cipher mapping file will not be used (unless `$OPENSSL ciphers` does not support the `-V` option), so there is no "fallback" to openssl, even if `[[ $TLS_NR_CIPHERS == 0 ]]`.

* If `$using_sockets` is `false` and `$SHOW_EACH_C` is `true`, then `ossl_supported` should be checked to see if the cipher was tested, not `TLS_CIPHER_OSSL_SUPPORTED`.
2016-11-28 10:45:44 -05:00
490818e931 Merge remote-tracking branch 'drwetter/2.9dev' into 2.9dev 2016-11-23 09:51:27 +01:00
4847fbc49a removed filling for hints 2016-11-23 09:46:11 +01:00
4d8c258b0b : fixed STARTTLS depending on 0 returned from debugme 2016-11-23 09:17:39 +01:00
b7294c60c4 Implemented proper STARTTLS handshake for ftp, smtp, pop, imap and nntp 2016-11-22 18:57:21 +01:00
071edc794c Merge pull request from dcooper16/reorganize_run_server_defaults
Reorganize run_server_defaults()
2016-11-22 10:38:48 +01:00
c7b3e32701 Merge branch '2.9dev' into reorganize_run_server_defaults 2016-11-21 16:49:04 -05:00
4f460f8dcd Merge pull request from dcooper16/more_fixes_for_no_cipher_mapping
More fixes for missing cipher mapping file
2016-11-21 22:17:36 +01:00
ed3ecdd524 Reorganize run_server_defaults()
This function reorganizes `run_server_defaults()` based on the suggestion in .

The current `determine_tls_extensions()` is renamed to `get_server_certificate()`, and two changes are made to it:
*it no longer includes an extra call to `$OPENSSL s_client` to check for the ALPN extension; and
* rather than setting `$TLS_EXTENSIONS` to be the extensions found during this call to the function, it adds any newly found extensions to those already in `$TLS_EXTENSIONS`.

The PR then adds a new function, `determine_tls_extensions()`, which borrows some logic from the old `determine_tls_extensions()`, but this new `determine_tls_extensions()` only looks for additional TLS extensions, including ALPN.

`run_server_defaults()` makes multiple calls to `get_server_certificate()` (as it previously did to `determine_tls_extensions()`) in order to collect all of the server's certificates, and then it makes one call to `determine_tls_extensions()`, which checks for support for extensions that were not checked for by `get_server_certificate()` (e.g., ALPN, extended master secret, signed certificate timestamps).

The new `determine_tls_extensions()` will check for most of the extensions that are checked for by 
`run_server_defaults()`, including the heartbeat extension, so the call to `determine_tls_extensions()` from `run_heartbleed()` will still work.
2016-11-21 14:26:19 -05:00
f4529df263 More fixes for missing cipher mapping file
> The dh_bits are still not shown, maybe because of .

This PR fixes the issue of dh_bits not being shown if the cipher-mapping.txt file is missing. The problem is that the code in `parse_tls_serverhello()` that parses the ServerKeyExchange message assumes that `$rfc_cipher_suite` has the RFC version of the name the cipher suite. However, if the cipher-mapping.txt file is missing, `$rfc_cipher_suite` will have the OpenSSL name of the cipher suite. This PR changes the code to recognize either the RFC or OpenSSL names for ciphers with ephemeral DH or ECDH keys.
2016-11-21 11:30:01 -05:00
7a418ed9c8 Update CREDITS.md 2016-11-21 09:06:21 +01:00
822c3c6cd0 Update CREDITS.md 2016-11-21 09:05:56 +01:00
2c10c622a0 Update Readme.md 2016-11-21 08:57:50 +01:00
e60180d0ea Merge pull request from dcooper16/faster_run_allciphers
Faster version of run_allciphers()
2016-11-20 10:41:26 +01:00
b22bde8ce0 Merge pull request from dcooper16/no_pkey
OpenSSL 0.9.8 does not support the pkey command
2016-11-20 09:45:32 +01:00
a9f8411160 Merge pull request from dcooper16/missing_mapping_file
Additional fixes for no cipher mapping file
2016-11-19 22:39:10 +01:00
e0f7bc4062 Merge pull request from dcooper16/parse_tls_serverhello6
Extend TLS ServerHello parsing (part 6)
2016-11-19 22:26:56 +01:00
0d74b798fb Merge pull request from dcooper16/parse_tls_serverhello5
Extend TLS ServerHello parsing (part 5)
2016-11-19 22:25:26 +01:00
cb7163e186 Merge pull request from dcooper16/neat_list_Camellia_GCM
Fix neat_list() for Camellia GCM
2016-11-19 20:18:31 +01:00
d02a0af8af Extend TLS ServerHello parsing (part 6)
This PR extends `tls_sockets()` by parsing the contents of the ALPN and NPN extensions, if the "full" response is being processed.
2016-11-18 12:09:07 -05:00
403a5c5b1e Extend TLS ServerHello parsing (part 5)
When `tls_sockets()` is used with the "full" option and the chosen cipher suite involves an ephemeral finite-field DH key (DH), this PR extracts the public key from the ServerKeyExchange message and adds it to `$TMPFILE`. In addition (and the primary reason for this PR), it compares the ephemeral public key's parameters to those specified in RFC 7919, and indicates whether one the groups from that RFC was used. This will allow `run_pfs()` to be extended to indicate which, if any, RFC 7919 DH groups a server supports.
2016-11-18 10:19:44 -05:00
d1ff5449b9 spelling fixed 2016-11-18 00:44:24 +01:00
eb86467b50 Merge branch 'drwetter/2.9dev' into 2.9dev 2016-11-17 23:27:50 +01:00
f7cf3552f0 Fixed some bugs; added CVE, CWE and hint fields. 2016-11-17 23:27:27 +01:00
64f56e899b Merge branch '2.9dev' into no_pkey 2016-11-17 13:52:44 -05:00
05b8010526 Merge branch '2.9dev' into faster_run_allciphers 2016-11-17 13:51:16 -05:00
ae3d5cfad9 Merge branch '2.9dev' into missing_mapping_file 2016-11-17 13:49:56 -05:00
cdd127fe44 Merge branch '2.9dev' into neat_list_Camellia_GCM 2016-11-17 13:48:41 -05:00
127bc243f9 Merge pull request from dcooper16/parse_tls_serverhello4
Extend TLS ServerHello parsing (part 4)
2016-11-17 19:30:01 +01:00
a18dd45f1f Extend TLS ServerHello parsing (part 4)
This PR adds parsing of the CertificateStatus message to `parse_tls_serverhello()`. If the caller requests that the "full" response be parsed, then the CertificateStatus message is parsed, and the OCSP response is added to $TMPFILE, in a manner similar to the output of `$OPENSSL s_client` when the `-status` option is used.
2016-11-17 12:04:24 -05:00
496957720e Fix neat_list() for Camellia GCM
The string "CamelliaGCM" is too long for the "Encryption" column printed by `neat_list()`. So, either "CamelliaGCM" needs to be shortened to "Camellia" (as this PR does), or the "Encryption" column needs to be made wider.
2016-11-16 09:07:52 -05:00
3c107b543e Additional fixes for no cipher mapping file
Client simulations can still use sockets even if the cipher mapping file is missing. If the cipher file is present, then `parse_tls_serverhello()` write the RFC name for the cipher and then `run_client_simulation()` converts that to the OpenSSL name (so that the output is the same as if OpenSSL were used).  This PR changes `parse_tls_serverhello()` so that it writes the OpenSSL name for the cipher if the mapping file is missing, which `run_client_simulation()` can then just display.

This PR also unsets `ADD_RFC_STR` if the mapping file is missing, so that `neat_list()` won't try to display the RFC names for the ciphers.
2016-11-15 15:55:54 -05:00
b0ac21fe31 Add two missing OpenSSL cipher names 2016-11-15 15:13:09 -05:00
46e9e99437 Merge branch '2.9dev' into faster_run_allciphers
Conflicts:
	testssl.sh
2016-11-15 15:06:24 -05:00
96caa6c302 Merge branch 'no_pkey' of https://github.com/dcooper16/testssl.sh into no_pkey 2016-11-15 14:53:33 -05:00