drwetter / testssl.sh Goto Github PK

INRIA yesterday disclosed a new SSL vulnerability:
https://freakattack.com/

Both seem to have outphased nc / netcat.

--> Bash sockets!

https://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#upgradeenc

is currently depending on client hello=openssl. Bash Sockets!

probably with bash sockets

Looks like testssl.sh is needing the space where the RFC names are. If the window is broader everything looks ok

Automagically determine mx record of supplied domain / host and do a starttls scan on it if requested, e.g. ./testssl.sh --mx <domain|host>

When there is no support in openssl for SSLv2 the error message and the next protocol test get on the same line

 SSLv2      Local problem: /usr/bin/openssl doesn't support "s_client -ssl2"  SSLv3      not offered (OK)
 TLSv1      offered (OK)
 TLSv1.1    not offered
 TLSv1.2    not offered
 SPDY/NPN   not offered

see e.g https://http2.golang.org/

shows up in STARTTLS which is wrong

.. is more compatible e.g. with FreeBSD

./testssl.sh domain.net:465 smtp
Stalling on BREACH =HTTP Compression, experimental

testssl.sh -V:

--> Displaying all local ciphers 

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
-------------------------------------------------------------------------
Error configuring OpenSSL
139797606893472:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared   library:dso_dlfcn.c:187:filename(/usr/lib64/openssl/engines/libgost.so): /usr/lib64/openssl/engines/libgost.so: cannot open shared object file: No such file or directory
139797606893472:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
139797606893472:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
139797606893472:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:419:id=gost
139797606893472:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=gost_section, name=default_algorithms, value=ALL
139797606893472:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:237:module=engines, value=engine_section, retcode=-1      

Default is now displaying OpenSSL name spaces and if mapping file is available RFC style.

Best would be to have a switch what is going to be displayed (OPenSSL, RFC, both) and maybe one default (OpenSSL),

Mod_security and probably other WAFs complain and may reject a test

testssl.sh -x 0x5

echo -e is not supported on BSD-like systems including Mac OS [1] which leads to garbled output. It would be great to replace it with printf. https://github.com/dmitris/testssl.sh/blob/crossplat/testssl.sh has the first attempt on the change (in branch cross plat).

[1] http://en.wikipedia.org/wiki/Echo_command
Some variants of Unix, such as Linux, support the options -n and -e, and do not process escape sequences unless the -e option is supplied. For example, FGRED=echo -e "\033[31m" might be used under Linux. Unfortunately, such options are non standard[3] due to historical incompatibilities between BSD and System V; the printf command can be used in situations where this is a problem. It is therefore recommended that printf be used to ensure that escape sequences are processed.

needs to be done

Add SHA256 fingerprint output, along with SHA1. ie: out " Fingerprint / Serial "
outln "$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint | sed 's/Fingerprint=//' ) / $($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 | sed 's/Fingerprint=//' )/ $($OPENSSL x509 -noout -in $HOSTCERT -serial | sed 's/serial=//')"

# color = number of stars + ANSI escape code
declare -A COLORS=( [litegreen]='0\033[0;32m' [green]='2\033[1;32m' )

colorfuncmaker() {
    local COLOR_NAME
    local -i COLOR_STAR_NUM
    local COLOR_STARS=""
    local COLOR_CODE

    for COLOR_NAME in ${!COLORS[*]}; do
        COLOR_STAR_NUM="${COLORS[$COLOR_NAME]:0:1}"
        COLOR_CODE="${COLORS[$COLOR_NAME]:1}"

        if [ "$COLOR" == 0 ]; then
            # colored function
            eval "${COLOR_NAME}() { out \"${COLOR_CODE}\$1 \"; off; }"
        else
            # b/w function
            # generate stars
            if [ "$COLOR_STAR_NUM" -gt 0 ]; then
                printf -v COLOR_STARS '*%.0s' $(seq 1 ${COLORS[$COLOR_NAME]:0:1})
            fi
            eval "${COLOR_NAME}() { out \"${COLOR_STARS}\$1${COLOR_STARS} \"; }"
        fi
        # the common ...ln function
        eval "${COLOR_NAME}ln() { ${COLOR_NAME} \"\$1\"; outln; }"
    done
}

It makes testssl.sh smaller.

• job control should help here (workaround for now: 'killall dd')
• testssl.sh also hangs seldom on other special occasions: header / renegotiation ( 'killall dd' / 'killall openssl64')

Can't tell whether with that old openssl version (native but ports would be interesting too) a error free detection is possible. Without BSD ports under FreeBSD 9 I get useless results.

Can somebody please check against testssl.sh and let me know? Thx!

Please consider adding tests (e.g. TravisCI) for every feature.

It is a good question how to set up badly configured webservers in Travis.
Maybe someone has an answer.

currently cmd line parsing is not the greatest thing on earth

This is what I'm getting with cipherscan when using OpenSSL 1.0.2

prio  ciphersuite                  protocols  pfs_keysize
1     DHE-RSA-AES256-GCM-SHA384    TLSv1.2    DH,4096bits
2     DHE-RSA-AES256-SHA256        TLSv1.2    DH,4096bits
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2    DH,4096bits
4     DHE-RSA-AES128-SHA256        TLSv1.2    DH,4096bits
5     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-384,384bits
6     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,P-384,384bits
7     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-384,384bits
8     ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,P-384,384bits

Even though that version of OpenSSL isn't out yet, I think it would be useful to get ready and offer that kind of information as soon as it's out.

tests fail using IPv6 addresses

Json / html would be fine. Target: version 2.2.

Differences in 40Bit and export ciphers.

prompt % openssl64 s_client -cipher EXPORT -connect 192.168.AAA.BBB.:443 -servername broken </dev/null
CONNECTED(00000003)
depth=0 CN = borken
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = broken
verify return:1
140245377365872:error:140D1044:SSL routines:tls1_change_cipher_state:internal error:t1_enc.c:652:
prompt %

@PeterMosmans: Can you reproduce that? The binaries are the ones from July from your branch:
https://github.com/drwetter/testssl.sh/tree/master/openssl-bins/openssl-1.0.2-chacha.pm

• header / renegotiation ( 'killall dd' / 'killall openssl64' needed) then.
• to do: find guineapigs, implement also job control here

(and likely also other protocols)

probably a need for different check for protocols

Looking at the summary box, I'm missing the certificate signature

Here is one way to get it

current_sigalg=$(${OPENSSLBIN} x509 -noout -text 2>/dev/null <<<"$tmp"|grep Signature\ Algorithm | head -n 1 | awk '{print $3}') || current_sigalg="None"

outputs
sha256WithRSAEncryption

When running these checks, there is no good way to output to a file. I asked this question on Twitter, and it was suggested that I make this an issue...

What I'm looking for is something simple. HTML is just fine. When I attempted to send the output to a file, the output was mangled with escape codes and the like. It would be great if I could get an HTML

general is done, see #44 .

Would fit perfectly into -E

send bytes over socket

Service detection fails sometimes if a WAF is in place.

Needs to be done properly so that the WAF (detected: Secusphere) senses a real client or needs to be a workaround.

Provide new OpenSSL bins.

Currently I have a private version which includes more ciphers however some don't work yet. Resolve that and provide binaries.

(checkcert.sh)

no help want for now. Pls be patient

implement

https://gist.github.com/singe/f433c54f134a9390214e
https://www.imperialviolet.org/binary/scanpadding.go
https://www.imperialviolet.org/binary/poodle-tls-go.patch

• FreeBSD 10
  • heartbleed check ails, see #34
  • with Olivier's @oparoz patch CCS is done, but false positive
• FreeBSD 9 (openssl 0.9.8za): lots of errors!
  • null/anonyomous/40 Bit, export, DES : false negative
  • heartbleed check ails, see #34
  • with Olivier's @oparoz patch CCS is done, but false positive
  • PFS (Error in cipher list 2071:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_lib.c:1223:
    Note: you have the following client side ciphers only for PFS. Thus it doesn't make sense to test PFS)

needs to be done

The TLS spec demands that the server choses the first matching algorithm from the client cipher list.
However, because many client developers do not care, some servers choose the "best" cipher from the client-supplied list, instead of the first one.

Mozilla's Server-side TLS best practices have this setting enabled, and my gut feeling is that it is consensus on the web (e.g. in Apache, this is done with SSLHonorCipherOrder).

Therefore, it would be great to have a test for it.

A possible test would be to perform two connections, one of them with the cipher list reversed (don't know if OpenSSL allows that), and check if the same cipher is chosen (server priority) or not (client priority).

Please consider adding tagged releases https://help.github.com/articles/creating-releases/

leads to false positive! (see also #33)

probably doens't take GOST ciphers into account

This code is an 'isatty' equivalent in shell:

if [ -t 1 ] ; then
    echo "manual mode"
else
    echo "batch mode"
fi

for HSTS and HPKP

.. by using internal bash functions (test, sed, etc.)

• define ciphers
• call function and test for them
• label light red