Commit Graph

2237 Commits

Author SHA1 Message Date
Dirk Wetter fc7a89e659 Merge pull request #788 from sdann/mysql_ccs_injection
Fix CCS Injection detection for MySQL (yaSSL)
2017-07-19 18:37:51 +02:00
Dirk Wetter cc5d8a708e Merge pull request #792 from dcooper16/last_extension_not_empty
Make sure last ClientHello extension is not empty
2017-07-19 17:33:31 +02:00
David Cooper bcd71555ea Make sure last ClientHello extension is not empty
According to a discussion thread on the IETF TLS WG mail list (see https://www.ietf.org/mail-archive/web/tls/current/msg19720.html), there is at least one TLS server that will fail if the last extension in the ClientHello has contains extension_data of length 0.

Currently, `tls_sockets()` will create such a ClientHello if:
* The padding extension is included, and the length of the ClientHello without the padding data would be between 508 and 511 bytes.
* No padding extension is included, and the caller provided `$extra_extensions` in which the last extension in `$extra_extensions` is empty.
* No padding extension is included, `$extra_extensions` is empty, no ECC cipher suites are offered, and the ClientHello is for TLSv1.1 or below (in this case the next protocol extension would be that last one).

This PR avoids the server bug (in nearly all cases) by ensuring the the padding extension (when present) always contains at least one byte, and by ensuring that when the padding extension is not present that the (non-empty) heartbeat extension is the last extension.

This PR does leave one possible scenario in which the last extension would be empty. If the caller provides an `$extra_extensions` in which the last extension in `$extra_extensions` is empty, `tls_sockets()` does not add a padding extension (or a padding extension is included in `$extra_extensions`), and `$extra_extensions` includes a heartbeat extension, then the last extension in the ClientHello would be empty. This, however, is a highly unlikely scenario, and certainly there are currently no such calls to `tls_sockets()` in testssl.sh.
2017-07-14 15:48:59 -04:00
Dirk Wetter 507e59dc97 Update CREDITS.md 2017-07-13 14:02:33 +02:00
Dirk Wetter 17513abfe8 Update CREDITS.md 2017-07-13 14:00:41 +02:00
Dirk Wetter fb6901a792 Update Readme.md 2017-07-13 13:56:14 +02:00
Dirk Wetter dc0db33588 Installation section and polish 2017-07-13 13:55:22 +02:00
Dirk 9d1e7d1f29 Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-07-13 12:37:52 +02:00
Dirk 28fe4c48de manpage not for editing
Generated via ``ronn -r testssl.1.md`` from the md source. Can be viewed
e.g. by ``nroff -man testssl.1 [| less]``
2017-07-13 12:35:13 +02:00
Dirk f2d07ec22b First draft of the manpage
Until the content is finalized the plan is to keep it in MD format.
For medium terms it is something which needs to be reconsidered
as markdown as the source format for documentation has too many limits.
Happy for suggestions here.

In the meantime here's what needs to be done:

* finalizing (see comments)
* proofreading 1: accuracy, logic, more content related
* proofreading 2: grammar, spelling
* more? pls let me know
2017-07-13 12:27:28 +02:00
Dirk Wetter 7339e43b18 Merge pull request #784 from dcooper16/fix_782
Handle server returning unsupported cipher
2017-07-13 09:15:07 +02:00
Dirk Wetter 413751c806 Merge pull request #785 from dcooper16/parse_tls_serverhello_bugfix
Remove extra line break in debugging output
2017-07-13 09:10:30 +02:00
Steven Danneman ca818c4dde Fix CCS Injection detection for MySQL (yaSSL)
Another yaSSL server incompatiblity. MySQL protects against CCS
Injection by erroring if it sees to CCS requests before the handshake
completes. But instead of returning a TLS alert, it seems to error up
the stack to MySQL which returns it's own error message.

Debug output looks like:

---
sending client hello,
reading server hello

1st reply:

sending payload #2 with TLS version x03, x02:
tls_content_type: 16 | tls_protocol: 0000 | byte6: 04

2nd reply:
00000000  16 00 00 02 ff 13 04 23  30 38 53 30 31 42 61 64  |.......#08S01Bad|
00000010  20 68 61 6e 64 73 68 61  6b 65                    | handshake|
0000001a

test failed, probably read buffer too small (16000002FF1304)
---

This patch adds a custom check for this MySQL specific error, as far
down in the error check path as I can.
2017-07-12 17:14:05 -07:00
Steven Danneman ec18c5231c Fix logic in has_server_protocol()
If $PROTOS_OFFERED was empty, and thus the protocols unknown, this
function would return true for any protocol you passed it. This caused
most callers to assume TLS1.0, even if the server didn't offer it.

Instead return false and make the caller do an extra lookup.
2017-07-12 17:11:21 -07:00
David Cooper 92fb537e24 Remove extra line break in debugging output
A commit that was made on May 15 replaced a `tm_out` with `echo` rather than `echo -e` resulting in an extra line break.
2017-07-12 16:32:12 -04:00
David Cooper 6004123dc0 Merge branch '2.9dev' into fix_782 2017-07-12 08:55:44 -04:00
Dirk Wetter 9244f2c83c Merge pull request #783 from sdann/mysql_starttls
Add mysql (sockets) starttls support
2017-07-12 09:32:31 +02:00
Dirk Wetter bddf5b2404 Merge pull request #775 from dcooper16/hpkp_bugfix
run_hpkp() bug fix
2017-07-11 23:21:51 +02:00
David Cooper 7037bd8e4b Handle server returning unsupported cipher
As reported in #782, some servers will return a ServerHello with a cipher not listed in the ClientHello rather than than return an Alert, if the server does not support any of the ciphers listed in the ClientHello.

This commit modifies `tls_sockets()` to check whether the cipher in the ServerHello was one included in the ClientHello and to fail if it wasn't.
2017-07-11 15:10:40 -04:00
Steven Danneman 8be69e9789 Add sockets implementation of mysql starttls
This is the simplest direct socket implementation of the MySQL STARTTLS
protocol.

This is a binary protocol, so it requires a new stream based send
(instead of the current line based send).
2017-07-11 11:11:44 -07:00
Steven Danneman a8ae90137d fd_socket now also modifies NW_STR
Assign to local variable sooner.
2017-07-11 11:05:24 -07:00
David Cooper 0bd8eca2a2 Merge branch '2.9dev' into hpkp_bugfix 2017-07-11 08:52:55 -04:00
Dirk deb7fd52a9 making some socket timeouts configurable through ENV, thus synching it with the documentation 2017-07-11 10:03:33 +02:00
David Cooper 05c8e1e595 Merge branch '2.9dev' into hpkp_bugfix 2017-07-10 08:49:30 -04:00
Dirk 637812a022 bali out if both flat and pretty JSON outout was specified 2017-07-10 10:57:48 +02:00
David Cooper 1f76c4d144 Merge branch '2.9dev' into hpkp_bugfix 2017-07-06 08:59:00 -04:00
Dirk bc0c1dc553 FIX #779 2017-07-06 13:02:27 +02:00
David Cooper 26ec80e764 run_hpkp() bug fix
In `run_hpkp()` there is a call to `$OPENSSL s_client` that uses `${sni[i]}` as one of the command line options, but `sni` is not defined. My guess is that this was a copy/paste error from `run_client_simulation()`, which is the only function where an `sni` array is defined.

I am guessing that the intention was to use `$SNI` in `run_hpkp()`.
2017-07-03 14:28:21 -04:00
Dirk Wetter 7aaadf731c Merge pull request #773 from sdann/postgres_cleanup
Postgres cleanup
2017-07-01 10:43:05 +02:00
Dirk Wetter 4cb48a1399 Merge branch '2.9dev' into postgres_cleanup 2017-07-01 10:25:28 +02:00
Dirk 02488884bb added experimental label for MySQL STARTTLS protocol 2017-07-01 10:11:34 +02:00
Dirk Wetter 152c5c225c Merge pull request #774 from sdann/mysql_starttls
Add mysql (openssl) starttls support
2017-07-01 10:05:05 +02:00
Steven Danneman 123db1d694 Add mysql (openssl) starttls support
openssl/master branch now supports mysql STARTTLS in s_client

This patch adds support to call and use that s_client support to run
most, but not all (pfs, client simulation) tests.

The socket implementation is stubbed, but not yet functional.
2017-06-30 16:12:03 -07:00
Steven Danneman 2a2e9ebc07 Rename variable as it is not a regex 2017-06-30 15:57:41 -07:00
Steven Danneman e4212f4fb3 Remove use of "postgress" with extra 's' for secure
Though it matches the pattern of the other protocol names in testssl, it
is not commonly used in practice.
2017-06-29 14:39:22 -07:00
Dirk 2d007e4c8b increased verbosity for some standard cipher lists 2017-06-29 17:58:58 +02:00
Dirk 62ce04adf0 remove redundant option "false" in --warnings 2017-06-28 20:28:23 +02:00
Dirk 9d699d1248 straighten server header markup 2017-06-22 13:39:37 +02:00
Dirk ff63700c6e add few more header flags, work on #765 2017-06-20 23:18:15 +02:00
Dirk 4cb435a549 added several insecurity headers 2017-06-20 11:31:22 +02:00
Dirk f53c3c1377 removed separate option for SPDY and HTTP/2 , addressing #767 2017-06-20 08:43:35 +02:00
Dirk 4c73afeef8 fix for nmap file parser (not properly assigned ip variable) 2017-06-14 09:24:20 +02:00
Dirk 7094c4436f also now honor different ports per host from nmap file.
testssl.sh is taking an educated guess which port makes sense to scan,
which one not and for which one to use which starttls handshake upfront.
This minimizes needless sscans and error messages.
2017-06-13 18:42:07 +02:00
Dirk 531b4453ef new function for guessing "port --> invoking" assignments 2017-06-13 15:19:28 +02:00
Dirk Wetter 18cbdcc272 Will Hunt 2017-06-13 08:41:32 +02:00
Dirk Wetter 0488ef1a5f Will Hunt 2017-06-13 08:40:31 +02:00
Dirk Wetter ff37bc3bef Create Readme.md 2017-06-13 00:29:44 +02:00
Dirk f7fdefcdc0 mass testing nmap grep(p)able prefers now hostname instead of ip address in nmap file
--serial is now a shortcut for --mode=serial
2017-06-12 22:56:36 +02:00
Dirk e0960c5379 --parallel is now shortcut for --mode=parallel 2017-06-12 19:07:58 +02:00
Dirk 241b6e4d2e parallel mass testing mode, Ticketbleed+client auth, parallel mode also for nmap
Parallel mass testing mode is now not anymore experimental. To
use it a separate flag ``--mode=parallel`` was introduced. Serial
is still the default for now to avoid unexpected conditions.
Both the mode arguement and the default is subject to change.

The parallel mass testing mode can now also make use of a
nmap file. Also the functional test for nmap file was put
into a separate function and made more user safe. Open point is
that we better should use the hostname if the forward DNS record matches.

Fixed logical inconsistency: Ticketbleed was not being tested against a server with client authentication

Some variables in the beginning reordered
2017-06-12 18:23:55 +02:00