Commit Graph

3961 Commits

Author SHA1 Message Date
Dirk Wetter 0b24e80057 Merge pull request #580 from gniltaws/2.9dev
Detect $TESTSSL_INSTALL_DIR when testssl is a symlinked command
2017-01-08 15:55:21 +01:00
David Cooper 95c75f1792 Add support for OpenSSL 1.1.0
Starting with OpenSSL 1.1.0, s_client will not offer TLS compression methods, even if OpenSSL is compiled with zlib support, unless the `-comp` flag is included in the command line.
2017-01-05 15:45:18 -05:00
David Cooper ab9eb6044e Use sockets for run_crime()
This PR changes `run_crime()` to use `tls_sockets()` rather than failing if `$OPENSSL` lacks zlib support, unless `$SSL_NATIVE` is `true`.

At the moment, the ClientHello created by `socksend_tls_clienthello()` only specifies the NULL compression method. So, this PR adds a new parameter to `socksend_tls_clienthello()` and `tls_sockets()` to allow to caller to request that additional compression methods (DEFLATE and LZS) be specified in the ClientHello.

This PR makes another change to `run_crime()`. At the moment, if `$OPENSSL s_client` fails to connect to the server, `run_crime()` will report that the server is not vulnerable, since the output from `$OPENSSL s_client` includes the line "Compression: NONE" (see below). This PR changes that by checking whether the connection was successful, and reporting a "test failed (couldn't connect)" warning if it wasn't successful, rather than reporting "not vulnerable (OK)".

```
CONNECTED(00000003)
140338777061024:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 389 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1483645971
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
```
2017-01-05 14:55:08 -05:00
Todd Swatling 557c15607a detects install dir when symlinked and realpath not present
$ ls -l /usr/local/bin/testssl
lrwxrwxrwx /usr/local/bin/testssl -> /home/user/testssl.sh/testssl.sh
2017-01-05 14:45:39 -05:00
Todd Swatling 70e6e289e1 removed trailing spaces 2017-01-05 14:20:19 -05:00
David Cooper d66e5ec0d7 sslv2_sockets() bug fixes
This PR fixes a few bugs in `sslv2_sockets()`. The main issue is that a server may not send the entire ServerHello in a single packet. If it doesn't and the full response is being parsed (i.e., certificate and list of ciphers), then `parse_sslv2_serverhello()` will encounter errors, since it assumes that it has the entire ServerHello. This PR compares the length of the response to the length of the ServerHello as specified in the first two bytes of the response and requests more data from the server if the response appears incomplete.

This PR also modifies `parse_sslv2_serverhello()` to check for more errors. It compares the length of the response it has been provided to the specified length (`$v2_hello_length`) and returns an error if the response is shorter than `$v2_hello_length` and the full response is supposed to be parsed. It will also check whether there was an error in converting the certificate from DER to PEM format and will return an error if there was (and it will suppress the error message).
2017-01-04 10:47:36 -05:00
David Cooper c1d072b7a8 Check for matching SSLv2 cipher
Some servers respond to an SSLv2 ClientHello with a list of all SSLv2 ciphers that the server supports rather than just a list of ciphers that it supports in common with the client (i.e., that appear in the ClientHello). This PR changes the sockets version of `std_cipherlists()` so that, if `sslv2_sockets()` is successful, it checks whether there are any ciphers in common between the ClientHello and the ServerHello before declaring that the server supports the specified cipher list.
2017-01-04 10:34:13 -05:00
David Cooper 5270747eb0 Check for matching SSLv2 cipher
Some servers respond to an SSLv2 ClientHello with a list of all SSLv2 ciphers that the server supports rather than just a list of ciphers that it supports in common with the client (i.e., that appear in the ClientHello). This PR changes the sockets version of `run_freak()` so that, if `sslv2_sockets()` is successful, it checks whether there are any ciphers in common between the ClientHello and the ServerHello before declaring that the server supports an export RSA cipher.
2017-01-04 10:31:13 -05:00
David Cooper ad5590a444 run_server_defaults() bugfix
If `determine_tls_extensions()` does not create a temporary file (`$TEMPDIR/$NODEIP.determine_tls_extensions.txt`) then `run_server_defaults()` will display error messages when an attempt is made to copy this file or to search (grep) it. This may happen if `$OPTIMAL_PROTO` is `-ssl2` or if `determine_tls_extensions()` uses sockets and `parse_tls_serverhello()` encountered an error and did not create a temporary file (`$TEMPDIR/$NODEIP.parse_tls_serverhello.txt`). This PR fixes this by only trying to copy and search `$TEMPDIR/$NODEIP.determine_tls_extensions.txt` is `$OPTIMAL_PROTO` is not `-ssl2` and `determine_tls_extensions()` was successful (return value 0).
2017-01-04 10:19:11 -05:00
David Cooper 83472301bc Don't "echo" the prime to the terminal 2016-12-30 11:33:27 -05:00
David Cooper 62aee8f846 Remove leading "00" byte from prime, if present
The primes in https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse do not include a leading "00" byte, so don't include it in `$dh_p`.
2016-12-30 11:32:41 -05:00
David Cooper c0c041b1c2 Merge branch '2.9dev' into run_std_cipherlists_sockets 2016-12-29 16:59:58 -05:00
David Cooper 5e5199ddb5 Merge branch '2.9dev' into run_freak_sockets 2016-12-29 16:58:22 -05:00
David Cooper 3b54ac398e Merge branch '2.9dev' into run_ssl_poodle_sockets 2016-12-29 16:57:31 -05:00
David Cooper 99290ea1a5 Merge branch '2.9dev' into run_beast_sockets 2016-12-29 16:56:08 -05:00
David Cooper a094acc155 Merge branch '2.9dev' into run_server_preference_sockets 2016-12-29 16:54:05 -05:00
David Cooper 7116d1bbdf Merge branch '2.9dev' into cipher_order_sockets 2016-12-29 16:52:50 -05:00
David Cooper b7ff8a1ee3 Add extra check 2016-12-29 16:45:46 -05:00
David Cooper e931ebf6b4 Merge branch '2.9dev' into extend_logjam_phase_1 2016-12-29 16:43:44 -05:00
Dirk Wetter e8e60e368f Merge pull request #568 from dcooper16/test_just_one_sockets
test_just_one() sockets
2016-12-29 22:38:35 +01:00
David Cooper ec3a644c4d Common primes test phase 1
In response to your request in #572, this PR provides a starting point for addressing #120. It adds code to `run_logjam()` to try connecting to the server using any cipher that uses an ephemeral DH key. If successful, it gets the server's ephemeral key (in OpenSSL's PEM format) and then extracts the prime from the key and places it in `$dh_p`. So, all that needs to be done at this point is to compare `$dh_p` against a set of "bad" primes. I'm not sure if I'll be able to work on that part soon, so if someone else has the time, that would be great.

I actually found the `-msg` option easy to use. I moved the code in `parse_tls_serverhello()` that extracts the DH ephemeral public key from the ServerKeyExchange message into a separate function. Then, if using OpenSSL with the `-msg` option, I extract the ServerKeyExchange message from `$TMPFILE` and call this new function to extract the key and convert it to PEM format. That way the new code in `run_logjam()` can use either `$OPENSSL` or `tls_sockets()`.
2016-12-29 16:31:42 -05:00
Dirk Wetter 5627211add Merge pull request #556 from dcooper16/run_pfs_sockets
run_pfs() speedup + sockets
2016-12-29 22:18:28 +01:00
Dirk c3b300c5fb - cleanup ignore_no_or_lame()
- reorder get_install_dir in main() so that warnings are not displayed before --help
- tweak missing ~/etc msg
2016-12-29 22:02:07 +01:00
David Cooper 3884f30821 Merge branch '2.9dev' into run_std_cipherlists_sockets 2016-12-29 11:58:38 -05:00
David Cooper 912db2fc95 Merge branch '2.9dev' into run_freak_sockets 2016-12-29 11:57:43 -05:00
David Cooper f0f3918b0f Merge branch '2.9dev' into run_ssl_poodle_sockets 2016-12-29 11:56:43 -05:00
David Cooper 9513ed4d99 Merge branch '2.9dev' into test_just_one_sockets 2016-12-29 11:55:52 -05:00
David Cooper de61f0cbf3 Merge branch '2.9dev' into run_beast_sockets 2016-12-29 11:55:01 -05:00
David Cooper 2350eaa9f5 Merge branch '2.9dev' into run_server_preference_sockets 2016-12-29 11:54:00 -05:00
David Cooper e18b5a4709 Merge branch '2.9dev' into run_pfs_sockets 2016-12-29 11:52:29 -05:00
David Cooper 802af274d9 Merge branch '2.9dev' into cipher_order_sockets 2016-12-29 11:51:15 -05:00
Dirk Wetter b8e1ede08c Merge pull request #572 from dcooper16/run_logjam_sockets
Use sockets for run_logjam()
2016-12-29 15:38:54 +01:00
Dirk c3671928ae fix for 83d2a63 2016-12-29 00:09:44 +01:00
Dirk 83d2a63e0f - Stronger warning if ~/etc is missing, also requires more explicit consent to continue
- fix lfs for -e -E if openssl has not DH/ECDH
- further minor output corrections
2016-12-28 23:47:35 +01:00
David Cooper 88f4c77078 Merge branch '2.9dev' into run_std_cipherlists_sockets 2016-12-28 11:27:22 -05:00
David Cooper 324a78a47d Merge branch '2.9dev' into run_logjam_sockets 2016-12-28 11:26:20 -05:00
David Cooper 6ed620d740 Merge branch '2.9dev' into run_freak_sockets 2016-12-28 11:25:26 -05:00
David Cooper 322703d39f Merge branch '2.9dev' into run_ssl_poodle_sockets 2016-12-28 11:24:44 -05:00
David Cooper 44c766b993 Merge branch '2.9dev' into test_just_one_sockets 2016-12-28 11:23:54 -05:00
David Cooper 88658f8b89 Merge branch '2.9dev' into run_beast_sockets 2016-12-28 11:23:05 -05:00
David Cooper 1b70bc5994 Merge branch '2.9dev' into run_server_preference_sockets 2016-12-28 11:22:18 -05:00
David Cooper da217f2136 Merge branch '2.9dev' into run_pfs_sockets 2016-12-28 11:21:30 -05:00
David Cooper ccebf47f56 Merge branch '2.9dev' into cipher_order_sockets 2016-12-28 11:19:32 -05:00
Dirk Wetter 5e43739224 Merge pull request #575 from dcooper16/fix_run_protocols
Minor bug fixes in run_protocols()
2016-12-27 23:08:38 +01:00
David Cooper fd2e52c396 Minor bug fixes in run_protocols()
In a few places `run_protocols()` specifies the wrong TLS version as the "ID" when calling `fileout()`.
2016-12-27 14:14:20 -05:00
David Cooper fddc8a012e Merge branch '2.9dev' into run_std_cipherlists_sockets 2016-12-23 14:32:08 -05:00
David Cooper b88cc4af71 Merge branch '2.9dev' into run_logjam_sockets 2016-12-23 14:31:13 -05:00
David Cooper 2bdc63e47d Merge branch '2.9dev' into run_freak_sockets 2016-12-23 14:28:18 -05:00
David Cooper 6084968b7a Merge branch '2.9dev' into run_ssl_poodle_sockets 2016-12-23 14:27:18 -05:00
David Cooper 3050a4c1fc Merge branch '2.9dev' into test_just_one_sockets 2016-12-23 14:25:23 -05:00