This commit adds an improvement so that e.g. under MacOS
/opt/homebrew/bin/openssl is automatically taken as
$OPENSSL so that also QUIC works out of the box for MacOS.
Formally for at least MacOS with silicon CPUs OPENSSL was
equal to OPENSSL2 and LibreSSL in /usr/bin/openssl doesn't
have QUIC support (up to version 15.5 of MacoOS at least).
Fixes#2833
This does a check for the opossum vulnerability, see https://opossum-attack.com/ .
It uses a separate function to send the payload and retrieve the result via `http_header_printf()`. It doesn't use curl or wget. The latter wouldn't work anyway as according to the manpage as the HTTP header which needs to be sent must not contain LFs. This function was introduced because `http_get_header()` -- which was renamed to `http_head()` -- could use wget if curl is not available. On the way to this PR `http_head()` was improved, so that timeouts were used for curl and wget for better maturity.
`http_header_printf()` now uses bach sockets , strips the URI so that a plaintext request is made. This will be done in the background because not every host will answer.
Done also:
- handling when PROXY is requested (try anyway directly as the payload is not "proxyable")
- print a message when no HTTP service is present
- try hard to use plaintext HTTP when auth is required for HTTPS and service HTTP would not be defined otherwise
- manpages
- help
Also when pwnedkeys are checked a not pwned certificate is labled not neutral but OK=green.
Before:
```
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
QUIC not offered or timed out
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1 (offered)
```
After:
```
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
QUIC not offered or timed out
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1 (offered)
```
The logic was wrong when calling set_rating_state() in parse_cmd_line() as do_rating was set before to true through set_scanning_defaults().
This PR fixes#2825 by querying ${SKIP_TESTS[@]} instead and then calling set_rating_state() when no --disable-rating was supplied .
This is an implementation for QUIC (RFC 9000, RFC 9114). It's purely
OpenSSL based for now. As some distros support newer (>= 3.2) versions
this works on some distros now and will work on more as time goes by.
It has been tested with MacOS and Linux. If there's an OpenSSL version
in /usr/bin/ it will automagically use that version.
A new short sub function named sub_quic() was introduced for handling this as
run_protocols() is already "full".
It appears below TLS 1.3. A check against HTTPS RR #2484 is planned but
not implemented yet. PR #2484 has to be worked on and merged before.
New variables were introduces (HAS_QUIC/ +HAS2_QUIC). Also there's
QUIC_WAIT as we run the connect in the background and we need a wait time.
HAS_UDS2 was renamed to HAS2_UDS as HAS2 should signal this is for OPENSSL2
and UDS2 doesn't make sense.
To clarify:
- check for a proxy and then don't do the check?
- short unit test (t/31_isJSON_valid.t cjecks cloudflare but ...)
In #2727 there were workarounds introduced which sped up processing decryption of
ChaCha20 and and AES-GCM by using OPENSSL2 when it is supporting such functions.
However when OPENSSL2 is called and OPENSSL_CONF still points to the autogenerated
file which works for `~/bin/openssl.$(uname -s).$(uname -m)` the decryption `$plaintext`
will be empty which later on caused a negative value, see #2780 .
This fixes#2780 by prepending `OPENSSL_CONF=''` to each OPENSSL2 instance. Also it
makes `chacha20()` and `gcm-decrypt()` more robust. It is now more readable now.
At other places $OPENSSL2 were prepended by `OPENSSL_CONF=''` also if there weren't
any obvious errors noticed.
Also now all OPENSSL2 vars will appear in /tmp/testssl.XXXXXX/environment.txt when
debugging.
It was also noticed that the `find_socat()` function had room for improvements, it was
not set in any case when `socat was in $PATH or supplied via env SOCAT.
This fixes a problem which was introduced @ 8d8f83ace5.
It caused for some hosts not to parse / display the issuer CN correctly.
Also it adds some code in testssl.sh and in a unit test to detect
this earlier. In general an output string FIXME will now cause a
unit test to fail. This can + should be used at other places too!
Fixes#2789
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
This commit adds support for server certificates that have ML-DSA pubilc keys. It also adds supports for certificates that are signed with ML-DSA or SLH-DSA. The ML-DSA code points for the signature_algorithms extension are taken from https://datatracker.ietf.org/doc/draft-tls-westerbaan-mldsa/ and are the ones used by OpenSSL 3.5.0.
In OpenSSL 3.5.0 the `list` command can be used to obtain a list of supported groups for TLS. The commit makes use of this command when $OPENSSL is OpenSSL 3.5.0 or later. This should be faster than testing curves one at a time.
This commit fixes a check where the Boolean variables $HAS_UDS and $HAS_UDS2 are checked for whether they are empty rather than for whether they are true.
Decryption is TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.
This commit also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.
As a quick hack this PR enables *basically* the IPv6 proxy which results that testssl.sh
will use an IPv6 proxy when
* the binary supports that
* the binary is used an not tls_sockets()
* there's no A record but an AAAA record of the proxy or an IPv6 address as proxy address was specified.
The latter should guarantee that it doesn't break anything.
However tls_sockets() still uses IPv4 for the connection to the proxy.
See #1105
On MacOS `run_http_header()` hiccuped when in any place of the web site unprintable chars were returned, see https://github.com/testssl/testssl.sh/issues/2708#issuecomment-2738347784 .
This PR fixes that by moving the sanitization to a separate function and run it earlier before any processing of the returned content (header plus body) takes place.
Output was:
```
'HTTP Status Code awk: towc: multibyte conversion failure on: '� disabilitato");
input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
source line number 1
'wk: towc: multibyte conversion failure on: '� disabilitato");
input record number 36, file /tmp/testssl.FHu8E0/AAA.BBB.CCC.DDD.http_header.txt
source line number 1
200 OK
```
