Testing TLS/SSL encryption anywhere on any port. https://testssl.sh/
Go to file
David Cooper e0f5c7513a Name check for XMPP servers
This PR is an attempt to address #1097. I have only been able to test it against jabber.topf.org and against locally created test certificates, so it needs more testing.

The main issue that this addresses is that testssl.sh currently checks against the wrong name for XMPP servers. According to RFC 6120, Section 13.7.2.1:

   o  The initiating entity sets the source domain of its reference
      identifiers to the 'to' address it communicates in the initial
      stream header; i.e., this is the identity it expects the receiving
      entity to provide in a PKIX certificate.

So, if the --xmpphost option is provided, then the name provided in that option should be compared against the name in the certificate rather than the host name.

compare_server_name_to_cert() currently takes the server name to look for in the certificate as an parameter, but every call to compare_server_name_to_cert() uses $NODE as the argument. So, this PR removes the parameter and sets $servername to either $XMPP_HOST or $NODE as appropriate. This small change alone should fix the problem for most XMPP servers since the server's name SHOULD appear in the certificate encoded as a DNS name. That is the case for the one server I could test - jabber.topf.org.

The majority of the code in this PR is to address the other possibilities noted in RFC 6120, Section 13.7.1.2.1. This section notes that an XMPP server's identity name also appear in the subjectAltName extension as an otherName, either an SRV-ID or an XmppAddr identifier. Unfortunately, OpenSSL's certificate printer does not support otherName and just prints "othername:<unsupported>". So, this PR includes code to manually extract any SRV-ID or XmppAddr names from the certificate. This involves parsing the DER encoding of the certificate to look for the subjectAltName extension, looping through all of the names in the extension, and pulling out the names of these two name forms. This code is only run if the server is an XMPP server and the certificate does not have a matching DNS name. So, this code will rarely be executed.

This PR addresses one other issue. There is code in certificate_info() to set the variables $has_dns_sans and $has_dns_sans_nosni. These variables are needed to address the following requirement:

     # Find out if the subjectAltName extension is present and contains
     # a DNS name, since Section 6.3 of RFC 6125 says:
     #      Security Warning: A client MUST NOT seek a match for a reference
     #      identifier of CN-ID if the presented identifiers include a DNS-ID,
     #      SRV-ID, URI-ID, or any application-specific identifier types
     #      supported by the client.

While it is relatively easy to determine whether a certificate includes a DNS name in the subjectAltName extension, as noted above, it is not easy to determine whether it has an SRV-ID or an XmppAddr. So, this PR leverages the work compare_server_name_to_cert() does in parsing the subjectAltName extension by having compare_server_name_to_cert() set a global variable indicating whether the certificate has a subjectAltName extension with a relevant name form (DNS, SRV-ID, or XmppAddr for XMPP, or DNS for other servers). $has_dns_sans and $has_dns_sans_nosni are then just set to the value of this global variable.
2018-10-03 08:44:23 -04:00
.github Update ISSUE_TEMPLATE.md 2017-12-04 14:04:41 +01:00
bin Update Readme.md 2016-09-27 00:08:01 +02:00
doc Tell which OpenSSL versions support IPv6 out of the box 2018-09-10 09:52:59 +02:00
etc Remove '0a' character from public keys 2018-09-21 17:07:46 -04:00
t Make Travis CI shut up. 2018-07-11 17:14:29 +02:00
utils Minor polish 2018-07-18 00:57:32 +02:00
.gitignore update 2016-11-07 21:05:21 +01:00
.travis.yml Be more verbose in your error testing 2016-06-29 00:15:32 +02:00
CHANGELOG.stable-releases.txt Correct typos 2017-09-20 12:10:29 -04:00
CREDITS.md Test for vulnerability to Bleichenbacher attack 2017-12-12 09:51:48 -05:00
Dockerfile curl added for --phone-out checks 2018-09-04 20:20:09 +02:00
Dockerfile.md convert Dockerfile to alpine linux 2018-02-08 21:06:19 +01:00
LICENSE Initial commit 2014-07-01 13:55:26 +02:00
openssl-rfc.mappping.html FIX #851 2017-10-10 19:54:36 +02:00
Readme.md Some improvements added. bash >= 3.2 is required 2018-02-19 11:55:12 +01:00
testssl.sh Name check for XMPP servers 2018-10-03 08:44:23 -04:00

Intro

Build Status Gitter

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

Key features

  • Clear output: you can tell easily whether anything is good or bad
  • Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) and MSYS2/Cygwin out of the box: no need to install or to configure something. No gems, CPAN, pip or the like/
  • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
  • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
  • Reliability: features are tested thoroughly
  • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
  • Privacy: It's only you who sees the result, not a third party
  • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.
  • Heck, even the development is open (github)

Installation

You can download testssl.sh by cloning this git repository:

git clone --depth 1 https://github.com/drwetter/testssl.sh.git

Or help yourself downloading the ZIP archive https://github.com/drwetter/testssl.sh/archive/2.9dev.zip. testssl.sh --help will give you some help upfront. More help: see doc directory with man pages. Older sample runs are at https://testssl.sh/.

Status

Here in the 2.9dev branch you find the development version of the software -- with new features and maybe some bugs -- albeit we try our best before committing to test changes. Be aware that we also change the output or command line.

For the previous stable version please see testssl.sh or download the interim release 2.9.5 from here 2.9.5 which is is the successor of 2.8 and stable for day-to-day work.

Compatibility

testssl.sh is working on every Linux/BSD distribution out of the box. Since 2.9dev most of the limitations of disabled features from the openssl client are gone due to bash-socket-based checks. As a result you can also use e.g. LibreSSL. testssl.sh also works on other unixoid system out of the box, supposed they have /bin/bash >= version 3.2 and standard tools like sed and awk installed. System V needs to have GNU grep installed. MacOS X and Windows (using MSYS2 or cygwin) work too. OpenSSL version version >= 1.0.2 is recommended for better LOGJAM checks and to display bit strengths for key exchanges.

Update notification here or @ twitter.

Features implemented in 2.9dev

  • Using bash sockets where ever possible --> better detection of ciphers, independent on the openssl version used.
  • Testing 364 default ciphers (testssl.sh -e/-E) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
  • Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness),
  • TLS 1.2 protocol check via socket in production
  • Finding more TLS extensions via sockets
  • TLS Supported Groups Registry (RFC 7919), key shares extension
  • Non-flat JSON support
  • File output (CSV, JSON flat, JSON non-flat) supports a minimum severity level (only above supplied level there will be output)
  • Support of supplying timeout value for openssl connect -- useful for batch/mass scanning
  • Parallel mass testing (!)
  • File input for serial or parallel mass testing can be also in nmap grep(p)able (-oG) format
  • Native HTML support instead going through 'aha'
  • Better formatting of output (indentation)
  • Choice showing the RFC naming scheme only
  • LUCKY13 and SWEET32 checks
  • Check for vulnerability to Bleichenbacher attacks
  • Ticketbleed check
  • Decoding of unencrypted BIG IP cookies
  • LOGJAM: now checking also for known DH parameters
  • Check for CAA RR
  • Check for OCSP must staple
  • Check for Certificate Transparency
  • Expect-CT Header Detection
  • Check for session resumption (Ticket, ID)
  • TLS Robustness check (GREASE)
  • Postgres und MySQL STARTTLS support, MongoDB support
  • Decodes BIG IP F5 Cookie
  • Fully OpenBSD and LibreSSL support
  • Missing SAN warning
  • Man page
  • Better error msg suppression (not fully installed OpenSSL)
  • DNS over Proxy and other proxy improvements
  • Better JSON output: renamed IDs and findings shorter/better parsable
  • JSON output now valid also for non-responsing servers
  • Added support for private CAs
  • Exit code now 0 for running without error
  • ROBOT check
  • Better extension support
  • Better OpenSSL 1.1.1 support
  • Supports latest and greatest version of TLS 1.3, shows drafts supported

Further features planned in 2.9dev

https://github.com/drwetter/testssl.sh/issues?q=is%3Aopen+is%3Aissue+milestone%3A2.9dev

Contributions

Contributions, feedback, bug reports are welcome! For contributions please note: One patch per feature -- bug fix/improvement. Please test your changes thouroughly as reliability is important for this project.

There's a coding guideline.

Please file bug reports @ https://github.com/drwetter/testssl.sh/issues.

Documentation

For a start see the wiki. Help is needed here. Will Hunt provides a good description for version 2.8, including useful background info.

Bug reports

Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. Nobody can read your thoughts -- yet. And only agencies your screen ;-)


External/related projects

Please address questions not specifically to the code of testssl.sh to the respective projects

Cool web frontend

Mass scanner w parallel scans and elastic searching the results

A ready-to-go docker image is at:

Privacy checker using testssl.sh

Brew package