Commit Graph

1460 Commits

Author SHA1 Message Date
David Cooper c8d04d7bab Merge branch '2.9dev' into extend_logjam_phase_1
Conflicts:
	testssl.sh
2017-01-09 09:01:31 -05:00
Dirk Wetter 33ca94f6e8 Merge pull request #577 from dcooper16/run_server_defaults_bugfix
run_server_defaults() bugfix
2017-01-08 15:59:45 +01:00
Dirk Wetter b99371c069 Merge pull request #578 from dcooper16/fix_sslv2_sockets
sslv2_sockets() bug fixes
2017-01-08 15:58:01 +01:00
Dirk Wetter 0b24e80057 Merge pull request #580 from gniltaws/2.9dev
Detect $TESTSSL_INSTALL_DIR when testssl is a symlinked command
2017-01-08 15:55:21 +01:00
Todd Swatling 557c15607a detects install dir when symlinked and realpath not present
$ ls -l /usr/local/bin/testssl
lrwxrwxrwx /usr/local/bin/testssl -> /home/user/testssl.sh/testssl.sh
2017-01-05 14:45:39 -05:00
Todd Swatling 70e6e289e1 removed trailing spaces 2017-01-05 14:20:19 -05:00
David Cooper d66e5ec0d7 sslv2_sockets() bug fixes
This PR fixes a few bugs in `sslv2_sockets()`. The main issue is that a server may not send the entire ServerHello in a single packet. If it doesn't and the full response is being parsed (i.e., certificate and list of ciphers), then `parse_sslv2_serverhello()` will encounter errors, since it assumes that it has the entire ServerHello. This PR compares the length of the response to the length of the ServerHello as specified in the first two bytes of the response and requests more data from the server if the response appears incomplete.

This PR also modifies `parse_sslv2_serverhello()` to check for more errors. It compares the length of the response it has been provided to the specified length (`$v2_hello_length`) and returns an error if the response is shorter than `$v2_hello_length` and the full response is supposed to be parsed. It will also check whether there was an error in converting the certificate from DER to PEM format and will return an error if there was (and it will suppress the error message).
2017-01-04 10:47:36 -05:00
David Cooper ad5590a444 run_server_defaults() bugfix
If `determine_tls_extensions()` does not create a temporary file (`$TEMPDIR/$NODEIP.determine_tls_extensions.txt`) then `run_server_defaults()` will display error messages when an attempt is made to copy this file or to search (grep) it. This may happen if `$OPTIMAL_PROTO` is `-ssl2` or if `determine_tls_extensions()` uses sockets and `parse_tls_serverhello()` encountered an error and did not create a temporary file (`$TEMPDIR/$NODEIP.parse_tls_serverhello.txt`). This PR fixes this by only trying to copy and search `$TEMPDIR/$NODEIP.determine_tls_extensions.txt` is `$OPTIMAL_PROTO` is not `-ssl2` and `determine_tls_extensions()` was successful (return value 0).
2017-01-04 10:19:11 -05:00
David Cooper 83472301bc Don't "echo" the prime to the terminal 2016-12-30 11:33:27 -05:00
David Cooper 62aee8f846 Remove leading "00" byte from prime, if present
The primes in https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse do not include a leading "00" byte, so don't include it in `$dh_p`.
2016-12-30 11:32:41 -05:00
David Cooper b7ff8a1ee3 Add extra check 2016-12-29 16:45:46 -05:00
David Cooper e931ebf6b4 Merge branch '2.9dev' into extend_logjam_phase_1 2016-12-29 16:43:44 -05:00
Dirk Wetter e8e60e368f Merge pull request #568 from dcooper16/test_just_one_sockets
test_just_one() sockets
2016-12-29 22:38:35 +01:00
David Cooper ec3a644c4d Common primes test phase 1
In response to your request in #572, this PR provides a starting point for addressing #120. It adds code to `run_logjam()` to try connecting to the server using any cipher that uses an ephemeral DH key. If successful, it gets the server's ephemeral key (in OpenSSL's PEM format) and then extracts the prime from the key and places it in `$dh_p`. So, all that needs to be done at this point is to compare `$dh_p` against a set of "bad" primes. I'm not sure if I'll be able to work on that part soon, so if someone else has the time, that would be great.

I actually found the `-msg` option easy to use. I moved the code in `parse_tls_serverhello()` that extracts the DH ephemeral public key from the ServerKeyExchange message into a separate function. Then, if using OpenSSL with the `-msg` option, I extract the ServerKeyExchange message from `$TMPFILE` and call this new function to extract the key and convert it to PEM format. That way the new code in `run_logjam()` can use either `$OPENSSL` or `tls_sockets()`.
2016-12-29 16:31:42 -05:00
Dirk Wetter 5627211add Merge pull request #556 from dcooper16/run_pfs_sockets
run_pfs() speedup + sockets
2016-12-29 22:18:28 +01:00
Dirk c3b300c5fb - cleanup ignore_no_or_lame()
- reorder get_install_dir in main() so that warnings are not displayed before --help
- tweak missing ~/etc msg
2016-12-29 22:02:07 +01:00
David Cooper 9513ed4d99 Merge branch '2.9dev' into test_just_one_sockets 2016-12-29 11:55:52 -05:00
David Cooper e18b5a4709 Merge branch '2.9dev' into run_pfs_sockets 2016-12-29 11:52:29 -05:00
Dirk Wetter b8e1ede08c Merge pull request #572 from dcooper16/run_logjam_sockets
Use sockets for run_logjam()
2016-12-29 15:38:54 +01:00
Dirk c3671928ae fix for 83d2a63 2016-12-29 00:09:44 +01:00
Dirk 83d2a63e0f - Stronger warning if ~/etc is missing, also requires more explicit consent to continue
- fix lfs for -e -E if openssl has not DH/ECDH
- further minor output corrections
2016-12-28 23:47:35 +01:00
David Cooper 324a78a47d Merge branch '2.9dev' into run_logjam_sockets 2016-12-28 11:26:20 -05:00
David Cooper 44c766b993 Merge branch '2.9dev' into test_just_one_sockets 2016-12-28 11:23:54 -05:00
David Cooper da217f2136 Merge branch '2.9dev' into run_pfs_sockets 2016-12-28 11:21:30 -05:00
Dirk Wetter 5e43739224 Merge pull request #575 from dcooper16/fix_run_protocols
Minor bug fixes in run_protocols()
2016-12-27 23:08:38 +01:00
David Cooper fd2e52c396 Minor bug fixes in run_protocols()
In a few places `run_protocols()` specifies the wrong TLS version as the "ID" when calling `fileout()`.
2016-12-27 14:14:20 -05:00
David Cooper b88cc4af71 Merge branch '2.9dev' into run_logjam_sockets 2016-12-23 14:31:13 -05:00
David Cooper 3050a4c1fc Merge branch '2.9dev' into test_just_one_sockets 2016-12-23 14:25:23 -05:00
David Cooper 48f33fff5a Merge branch '2.9dev' into run_pfs_sockets 2016-12-23 14:21:23 -05:00
Dirk Wetter 725488449c Merge pull request #574 from dcooper16/run_http2_sockets
Use sockets for run_http2()
2016-12-23 18:31:03 +01:00
David Cooper dc98371ed0 Use sockets for run_http2()
This PR changes `run_http2()` so that it uses `tls_sockets()` rather than failing, if `$OPENSSL` does not support the `-alpn` option. If `$OPENSSL` supports the `-alpn` option (or if `$SSL_NATIVE` is true), then this PR has no effect.
2016-12-23 11:02:31 -05:00
David Cooper 0d75bae195 Use sockets for run_logjam()
This PR changes `run_logjam()` to use sockets.
2016-12-21 14:55:01 -05:00
David Cooper b04bb8d82a Merge branch '2.9dev' into test_just_one_sockets 2016-12-21 09:07:13 -05:00
David Cooper eaf5671b17 Merge branch '2.9dev' into run_pfs_sockets
Conflicts:
	testssl.sh
2016-12-21 09:04:11 -05:00
Dirk Wetter 7a4c6294ac Merge pull request #567 from dcooper16/run_rc4_e
Mark export ciphers in run_rc4()
2016-12-21 12:56:26 +01:00
Dirk Wetter 298ed4e67e Merge pull request #569 from dcooper16/fix_hang
testssl.sh hangs on local testing
2016-12-21 12:54:27 +01:00
David Cooper 378f4439a3 testssl.sh hangs on local testing
In a few places testssl.sh tries to determine $OPENSSL s_client's capabilities by calling `$OPENSSL s_client` without specifying a host to which to connect. For example:
```
$OPENSSL s_client -no_ssl2 2>&1
```
This idea is that `$OPENSSL s_client` should reveal something about its capabilities without actually trying to connect to a host.

This works in most cases. However, the manual pages for s_client states:
```
-connect host:port
    This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.
```
So, the above call is actually trying to connect to the local host on port 4433. If the local host is running `$OPENSSL s_server`, then `$OPENSSL s_server` will by default be listening on port 4433, and the connection attempt will most likely succeed. Since the `OPENSSL s_client` command does not include a `< /dev/null`, the `OPENSSL s_client` will just hang waiting for additional input.

Adding `-connect x` to the `$OPENSSL s_client` prevents $OPENSSL from trying to connect to a host, but seems to still provide the necessary information about OpenSSL's capabilities.
2016-12-20 14:02:29 -05:00
David Cooper 4af01a6c1b test_just_one() sockets
This PR implements `test_just_one()` in a similar manner to `run_allciphers()`
2016-12-20 13:14:40 -05:00
David Cooper 1a7d1f73d2 Mark export ciphers in run_rc4()
This PR adds ",exp" to the bits column when `run_rc4()` is run in the "--wide" mode and the cipher is an export cipher. This makes the wide mode of `run_rc4()` align with other functions, such as `run_allciphers()`.
2016-12-20 13:11:03 -05:00
David Cooper 9f8aff5758 Merge branch '2.9dev' into run_pfs_sockets 2016-12-20 08:50:59 -05:00
Dirk ea7edaf59f - unify timeout msgs on the console 2016-12-20 14:17:14 +01:00
David Cooper 2db0894ae6 Merge branch '2.9dev' into run_pfs_sockets 2016-12-19 09:09:45 -05:00
Dirk Wetter 8e9a8faca4 Merge pull request #541 from dcooper16/run_cipher_per_proto_sockets
run_cipher_per_proto() speedup + sockets
2016-12-17 12:17:45 +01:00
Dirk Wetter 95615fd6c3 Merge pull request #564 from dcooper16/test_just_one_alignment
Fix alignment problem in test_just_one()
2016-12-17 12:11:16 +01:00
David Cooper 7fa6455b83 Fix typo 2016-12-16 11:30:34 -05:00
David Cooper 412fea2c38 Fix alignment problem in test_just_one()
When `test_just_one()` uses `neat_list()` with a cipher that is not available and that uses DH for key exchange, the columns do not line up correctly. `test_just_one()` adds "TBD" in gray to "DH", and while `neat_list()` tries to adjust for the presence of color codes, it doesn't seem to correctly handle the gray color code here.

Rather than try to fix this in `neat_list()`, I propose to just remove the "TBD". Adding it is inconsistent with other functions (like `run_allciphers()`), and it seems inappropriate, since there is nothing "to be determined," as the cipher suite isn't supported by the server.

If adding "TBD" were appropriate anywhere, it would seem to be in cases in which the server does support the cipher, but the number of bits in the ephemeral key couldn't be determined because the version of OpenSSL being used can't show DH/ECDH bits. (Not that I'm proposing this. I think the one-line warning, "(Your $OPENSSL cannot show DH/ECDH bits)", is enough.

Here is an example of `test_just_one()` with some ciphers not supported by the server that use DH key exchange:

```
 Testing single cipher with word pattern "CAMELLIA" (ignore case) 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits     Cipher Suite Name (RFC)
---------------------------------------------------------------------------------------------------------------------------
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH TBD   Camellia  256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384           not a/v
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH TBD   Camellia  256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384         not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH TBD   Camellia  256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH TBD   Camellia  256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 xc2     DH-RSA-CAMELLIA256-SHA256         DH/RSA     Camellia  256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256              not a/v
 xc1     DH-DSS-CAMELLIA256-SHA256         DH/DSS     Camellia  256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256              not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia  256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA                available
 x87     DHE-DSS-CAMELLIA256-SHA           DH TBD   Camellia  256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA                not a/v
 x86     DH-RSA-CAMELLIA256-SHA            DH/RSA     Camellia  256      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA                 not a/v
 x85     DH-DSS-CAMELLIA256-SHA            DH/DSS     Camellia  256      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA                 not a/v
 xc5     ADH-CAMELLIA256-SHA256            DH TBD   Camellia  256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256             not a/v
 x89     ADH-CAMELLIA256-SHA               DH TBD   Camellia  256      TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA                not a/v
 xc079   ECDH-RSA-CAMELLIA256-SHA384       ECDH/RSA   Camellia  256      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384            not a/v
 xc075   ECDH-ECDSA-CAMELLIA256-SHA384     ECDH/ECDSA Camellia  256      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384          not a/v
 xc0     CAMELLIA256-SHA256                RSA        Camellia  256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256                 not a/v
 x84     CAMELLIA256-SHA                   RSA        Camellia  256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                    not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH TBD   Camellia  128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH TBD   Camellia  128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256         not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH TBD   Camellia  128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH TBD   Camellia  128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 xbc     DH-RSA-CAMELLIA128-SHA256         DH/RSA     Camellia  128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256              not a/v
 xbb     DH-DSS-CAMELLIA128-SHA256         DH/DSS     Camellia  128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256              not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia  128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA                available
 x44     DHE-DSS-CAMELLIA128-SHA           DH TBD   Camellia  128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA                not a/v
 x43     DH-RSA-CAMELLIA128-SHA            DH/RSA     Camellia  128      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA                 not a/v
 x42     DH-DSS-CAMELLIA128-SHA            DH/DSS     Camellia  128      TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA                 not a/v
 xbf     ADH-CAMELLIA128-SHA256            DH TBD   Camellia  128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256             not a/v
 x46     ADH-CAMELLIA128-SHA               DH TBD   Camellia  128      TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA                not a/v
 xc078   ECDH-RSA-CAMELLIA128-SHA256       ECDH/RSA   Camellia  128      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256            not a/v
 xc074   ECDH-ECDSA-CAMELLIA128-SHA256     ECDH/ECDSA Camellia  128      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256          not a/v
 xba     CAMELLIA128-SHA256                RSA        Camellia  128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256                 not a/v
 x41     CAMELLIA128-SHA                   RSA        Camellia  128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                    not a/v
```
2016-12-16 10:15:05 -05:00
David Cooper 8b6b308b30 Merge branch '2.9dev' into run_pfs_sockets 2016-12-14 16:10:27 -05:00
David Cooper 87d4063abf Merge branch '2.9dev' into run_cipher_per_proto_sockets 2016-12-14 16:07:42 -05:00
Dirk Wetter 576d0f7412 Merge pull request #563 from AlGreed/2.9dev
Avoidance of escape characters in JSON and CSV reports
2016-12-14 21:45:44 +01:00
AlGreed ee74fe0b25 Merge branch 'drwetter/2.9dev' into 2.9dev 2016-12-14 20:59:13 +01:00