1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-07-16 02:31:57 +02:00
Commit Graph

3399 Commits

Author SHA1 Message Date
c52ba088cf Merge pull request from dcooper16/improve_libressl_310_compat
Improve LibreSSL 3.1.0 compatibility
2020-05-01 16:12:28 +02:00
a5a28d2457 Improve LibreSSL 3.1.0 compatibility
This commit addresses two compatibility issues with LibreSSL 3.1.0, which has added client support for TLS 1.3.

The first issue is that LibreSSL has named the TLS 1.3 ciphers that it supports AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, and AEAD-AES128-GCM-SHA256, rather than using the OpenSSL names, which are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256. (Draft versions of OpenSSL 1.1.1 names these ciphers TLS13-AES-256-GCM-SHA384, TLS13-CHACHA20-POLY1305-SHA256, TLS13-AES-128-GCM-SHA256.) There are several places where testssl.sh checks whether a cipher suite is a TLS 1.3 cipher by checking whether its OpenSSL name begins with "TLS_" (or "TLS13"). In order to work with LibreSSL 3.1.0, these checks also need to consider names that begin with "AEAD-" to be TLS 1.3 ciphers.

Second, in sub_session_resumption() there is code that adds "-no_ssl2" to the "$OPENSSL s_client" command line if that option is supported. If "-no_ssl2" is not supported, then other protocol information is added to the command line. I believe this code was written with the assumption that any version of OpenSSL that supports "-no_ssl2" does not support TLS 1.3. However, LibreSSL 3.1.0 supports both. So, this commit changes the code to add the "-no_ssl2" option only if TLS 1.3 is not supported.
2020-04-30 11:08:04 -04:00
a1f6fe49ba Merge pull request from dcooper16/ticketbleed_no_tls1_3
Ticketbleed and TLS 1.3
2020-04-30 10:01:28 +02:00
3db9d74c21 Ticketbleed and TLS 1.3
run_ticketbleed() and sub_session_ticket_tls() each include one call to "$OPENSSL s_client". For each of these calls the expected response is a TLS 1.2 or earlier ServerHello. However, if $OPENSSL supports TLS 1.3, then a TLS 1.3 ClientHello will be sent.

This commit fixes this problem in two ways. For the call in run_ticketbleed(), "-no_tls1_3" is added to the command line if "$OPENSSL" supports TLS 1.3. For the call in sub_session_ticket_tls(), this commit changes the function so that the same ClientHello version is sent as will sent by run_ticketbleed() via sockets.
2020-04-29 10:13:22 -04:00
67780b1c3c Merge pull request from drwetter/1590_readme_dev
Relax the possible GPL license contradiction
2020-04-28 10:08:19 +02:00
88c04f5345 Relax the possible GPL license contradiction
... see also 
2020-04-28 10:06:29 +02:00
a3b84ce0c3 Merge pull request from drwetter/1583_changelog
Add latest changes
2020-04-27 19:20:14 +02:00
50d10d00f7 Add latest changes
including the one since 3.0
2020-04-27 19:19:19 +02:00
2854aafca6 Merge pull request from drwetter/dcooper16-extend_run_server_preference
WIP: Extended run_server_preference()
2020-04-27 18:52:51 +02:00
680aff48e4 Update documentation related to extended run_server_preference() 2020-04-27 17:19:30 +02:00
1e0ef23c81 Rename add_tls_offered --> add_proto_offered
... last but not least SSLv2 and SSLv3 are no TLS protocols
2020-04-27 17:12:25 +02:00
8938c21703 Renaming proto variables in cipher_pref_check()
... to be consistent with ciphers_by_strength:

- proto --> proto_text
- proto_ossl --> proto
2020-04-27 17:08:43 +02:00
3b92b0cf85 Remember better protocol settings in ciphers_by_strength() / cipher_pref_check()
... in cases where the protcol section has not been run before.

Also add " -\n" on the screen/html if protocol is not supported. Also for
SSLv2 which can be supported but at the same time not offer any ciphers
mention there will be an output on the screen.
2020-04-27 16:51:45 +02:00
0a859d7b98 rename $p --> $proto_ossl in cipher_pref_check()
plus remove redundant quotes for that
2020-04-27 15:32:43 +02:00
59b790ab3a Merge pull request from drwetter/np_fix31
Negotiated protocol showed no warning for TLS 1.1/1.0
2020-04-25 11:13:43 +02:00
4defa95d0b Negotiated protocol showed no warning for TLS 1.1/1.0
.. whereas the protocol section did that.

This fixes the inconsistency.
2020-04-25 11:12:36 +02:00
3e54f4e4cd Further changes to run_server_preference()
In order not to provide redundant information run_allciphers() is
now not being run via default (1). Therefore run_server_preference()
runs always in wide mode.

In order to archieve that cipher_pref_check() was modified to
accept a fifth argument whether it'll run in wide mode. As
of now cipher_pref_check() is only called by run_server_preference(),
so the code referring to non-wide mode in cipher_pref_check() may also
be deleted in the future.

To provide a better view the run_fs() section is now being run after
run_server_preference().

(1) saves also 5-6 seconds
2020-04-24 13:32:26 +02:00
1a6abb6ab8 Merge pull request from dcooper16/fix_logjam_ssl_native
Fix run_logjam() in --ssl-native mode
2020-04-24 09:41:59 +02:00
b5840153d3 Merge pull request from dcooper16/improve_ossl30_support
Improve compatibility with OpenSSL 3.0
2020-04-24 09:38:03 +02:00
7f0c2e9137 Improve compatibility with OpenSSL 3.0
This commit fixes a couple of issues related to the use of testssl.sh with OpenSSL 3.0.0-alpha1.

First, when the command line includes an unknown option (e.g., -ssl2), OpenSSL 3.0.0-alpha responds with "Unknown option: -ssl2" rather than "Option unknown option -ssl2". This commit addresses this by making the check for "unknown option" case insensitve.

Second, the printing a DH key, OpenSSL 3.0.0-alpha1 labels the prime and the generator using "prime P:" and "generator G:" rather than just "prime:" and "generator:". This commit by changing testssl.sh to match on either string.
2020-04-23 15:20:50 -04:00
bb1c649513 Fix run_logjam() in --ssl-native mode
This commit fixes a problem with run_logjam() when run in --ssl-native mode. If $OPENSSL does not support any DH export ciphers, then no test for such cipher is performed. However, the results of "test" is still checked, leading to testssl.sh incorrectly reporting that the server supports DH EXPORT ciphers.
2020-04-23 14:52:14 -04:00
a86ccb6968 First round of polish of David's PR to extend run_server_preference()
See .

This commit brings:

* If there's no cipher for a protocol it adds a "\n - \n" (also for run_cipher_per_proto() )
* further output improvements
* Cipher order --> Cipher listing per protocol
* make some conditional statement easier to read (at least for me)

New open points:
- cipher_pref_check() doesn't save to PROTOS_OFFERED (was there before)
  (just stumbled over this but how about we also use get_protocol() / parse_tls_serverhello()
- do we want run_allciphers() to be started by default?
- $WIDE per default for run_cipher_per_proto() ?
- probably better not to display text in round square brackets when there's no cipher:

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2 (listed by strength)
SSLv3 (server order)
TLSv1 (server order)
TLSv1.1 (server order)
TLSv1.2 (server order)
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[..]

- when a server has no preference at all it shows in wide mode:

Has server cipher order?     no (NOT ok) -- only for TLS 1.3
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher listing per protocol

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
 -
SSLv3
 -
TLSv1 (no server order, thus listed by strength)
 xc014   ECDHE-RSA-AES256-SHA              ECDH 521   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[..]

e.g. dev.testssl.sh
2020-04-23 14:11:33 +02:00
c6dfe05874 Merge branch 'extend_run_server_preference' of git://github.com/dcooper16/testssl.sh into dcooper16-extend_run_server_preference 2020-04-23 12:01:03 +02:00
a45e9f52d5 Merge pull request from drwetter/fix_1581
Update documentation (ADDITIONAL_CA_FILES ->  ADDTL_CA_FILES)
2020-04-23 11:25:03 +02:00
a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also 
2020-04-23 11:20:46 +02:00
f5aa20ceb1 Extended run_server_preference()
This commit extends run_server_preference() to list every cipher supported by each protocol even in cases in which the server does not enforce a preference order.

For protocols where the server enforces a cipher order the list of supported ciphers is ordered by server preference (as now). For protocols where the server does not enforce a cipher order, the ciphers are listed by encryption strength (as run_cipher_per_proto() does).

In order to implement this, ciphers_by_strength() was extended to offer a non-wide mode.
2020-04-22 12:31:45 -04:00
591edb9300 Merge pull request from drwetter/1571_31dev
Fix misleading phrasing in run of standard ciphers
2020-04-21 20:30:31 +02:00
8c7dcbbc3b Fix misleading phrasing in run of standard ciphers
see . Bit size doesn't matter. It only matters to the
user which ciphers they are.

Additionally phrased the output better (FS + strong enc) and
do less indentation.

Renamed average_ciphers -> obsoleted_ciphers to refect what's
on the output.
2020-04-21 19:22:16 +02:00
e0d7945c8a Merge pull request from petecooper/3.1dev
README version bump for .zip download
2020-04-15 17:16:06 +02:00
0a1b632ddc Update Readme.md
Bump version for zip download
2020-04-15 16:10:11 +01:00
8ce781c71d Merge pull request from drwetter/renamed_to_fs
Rename PFS/perfect forward secrecy - ->  FS/forward secrecy
2020-04-14 20:21:52 +02:00
150fd156bb Merge pull request from drwetter/cvs_remove
Polishing
2020-04-14 16:41:50 +02:00
8c466bf2ee Rename PFS/perfect forward secrecy to FS/forward secrecy
In all instances:

* command line (will break things)
* JSON IDs (will break things)
* in the documentation
* in the travis checks where used
* everywhere in the code: variables, functions, comments
2020-04-14 15:53:05 +02:00
67cfe013b1 Polishing
* remove CVS variables
* add 2x https links instead of http in code doc
2020-04-14 13:35:26 +02:00
663d592466 Merge pull request from dcooper16/fix1514
Fix 
2020-04-14 12:52:38 +02:00
e345abb023 Merge branch 'multiflexi-3.1dev' into 3.1dev 2020-04-13 23:01:15 +02:00
ae7b74cf73 Tuning multiflexi's fixes 2020-04-13 22:59:13 +02:00
9d2901edd0 Merge pull request from drwetter/docu_update
Documention update
2020-04-09 19:57:10 +02:00
7eba0fbb41 FIxed links
Links in comments with http:// changed to https://. Some non working links fixed.
2020-04-09 16:18:33 +02:00
04e51db402 Fix
This commit is an attempt to fix . The commit is mostly based on a suggestion at https://unix.stackexchange.com/questions/57940/trap-int-term-exit-really-necessary. Even with that change, it seemed that if testssl.sh were in the middle of executing run_cipher_per_proto() when it received a signal, it would not stop until that function had completed. This seems to have something to do with subshells. Changing the while loop in run_cipher_per_proto() seems to have fixed that issue. So, I also made similar changes to the while loops in prettyprint_local().
2020-04-02 08:03:45 -04:00
dbff4a3706 Merge pull request from dcooper16/align_run_cipherlists
Align run_cipherlists() with pr_cipher_quality()
2020-04-02 13:53:54 +02:00
f16c7af687 Merge pull request from dcooper16/pr_cipher_quality_gost
Handle GOST ciphers in pr_cipher_quality()
2020-04-02 13:53:28 +02:00
d5d702104f Merge pull request from dcooper16/fix1551
Fix 
2020-04-01 22:28:25 +02:00
b6050e68de Fix
This commit fixes  by changing get_cipher() to recognize RFC names that begin with SSL_*. It also modifies run_beast() so that it does not get stuck in an infinite loop if get_cipher() doesn't return a valid cipher name.
2020-04-01 13:34:29 -04:00
08d5146223 Align run_cipherlists() with pr_cipher_quality()
This commit modifies run_cipherlists() to align with pr_cipher_quality().

The biggest change made by this commit is that it breaks the current list of STRONG ciphers into two lists: one for AEAD ciphers that offer forward secrecy (STRONG) and one for AEAD ciphers that do not offer forward secrecy (GOOD).

The remaining changes are just minor tweaks:

* A few ciphers that use MD5 are moved from AVERAGE and 3DES to LOW.

* '!AECDH' was added to the OpenSSL description for LOW to catch one cipher in OpenSSL 1.0.2-chacha that offers no authentication that was being included in the LOW list.

This commit also changes sub_cipherlists() to change the output when a cipherlist with a rating of 6 is not present. There was a "FIXME" associated with this output, but it didn't matter before since there were no cipherlists with a rating of 6.
2020-04-01 11:27:24 -04:00
40dfd8b53b Handle GOST ciphers in pr_cipher_quality()
This PR modifes pr_cipher_quality() as proposed in  so that GOST ciphers are handled correctly. It changes pr_cipher_quality() so that the OpenSSL name is used in cases in which no RFC name is defined. It also adds a case statement for GOST so that GOST ciphers (that do not use MD5 or Null encryption) are marked as pr_svrty_low (as they are in run_cipherlists) rather than just being assigned the default rating (5).
2020-04-01 11:18:50 -04:00
061732a5fb Merge pull request from drwetter/drwetter-patch-1
Badges from shields.io / Monitoring Links
2020-04-01 12:41:16 +02:00
333ccdfb41 Badges from shields.io / Monitoring Links 2020-04-01 12:40:56 +02:00
d32743b2eb Merge pull request from dcooper16/adjust_pr_cipher_quality
Adjust pr_cipher_quality ratings
2020-03-31 14:09:47 +02:00
72dae035b5 Remove redundant entries
This commit removes two entries from a "case" test that were already covered by a previous entry.
2020-03-25 16:07:22 -04:00