From 747fb039edc329e759aa634fed8a256031808324 Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 17 Jan 2020 15:16:26 +0100 Subject: [PATCH 1/8] Shortcuts for TLS13 only servers in renegotiation checks As noted in #1444 a few vulnerability checks don't make sense or aren't working. This commit addresses the renegotiation checks. Also a few redundant quotes in parse_tls_serverhello() and run_crime() were removed. --- testssl.sh | 63 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 26 deletions(-) diff --git a/testssl.sh b/testssl.sh index 407e0dc..422f890 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12480,7 +12480,7 @@ parse_tls_serverhello() { # If the ClientHello included a supported_versions extension, then check that the # $DETECTED_TLS_VERSION appeared in the list offered in the ClientHello. - if [[ "${TLS_CLIENT_HELLO:0:2}" == "01" ]]; then + if [[ "${TLS_CLIENT_HELLO:0:2}" == 01 ]]; then # get position of cipher lists (just after session id) offset=78+2*$(hex2dec "${TLS_CLIENT_HELLO:76:2}") # get position of compression methods @@ -12496,7 +12496,7 @@ parse_tls_serverhello() { offset+=6 tls_protocol2="$(tolower "$tls_protocol2")" for (( j=0; j < extension_len-2; j=j+4 )); do - [[ "${TLS_CLIENT_HELLO:offset:4}" == "$tls_protocol2" ]] && break + [[ "${TLS_CLIENT_HELLO:offset:4}" == $tls_protocol2 ]] && break offset+=4 done if [[ $j -eq $extension_len-2 ]]; then @@ -14333,27 +14333,34 @@ run_renego() { pr_bold " Secure Renegotiation (RFC 5746) " jsonID="secure_renego" - # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " - $OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 $TMPFILE 2>$ERRFILE - if sclient_connect_successful $? $TMPFILE; then - grep -iaq "Secure Renegotiation IS NOT" $TMPFILE - sec_renego=$? # 0= Secure Renegotiation IS NOT supported - # grep -iaq "Secure Renegotiation IS supported" - #FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported" - case $sec_renego in - 0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)" - fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint" - ;; - 1) prln_svrty_best "supported (OK)" - fileout "$jsonID" "OK" "supported" "$cve" "$cwe" - ;; - *) prln_warning "FIXME (bug): $sec_renego" - fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe" - ;; - esac + + if "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then + # https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ + prln_svrty_best "no support in TLS 1.3 only servers (OK)" + fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" else - prln_warning "OpenSSL handshake didn't succeed" - fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe" + # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " + $OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 $TMPFILE 2>$ERRFILE + if sclient_connect_successful $? $TMPFILE; then + grep -iaq "Secure Renegotiation IS NOT" $TMPFILE + sec_renego=$? # 0= Secure Renegotiation IS NOT supported + # grep -iaq "Secure Renegotiation IS supported" + #FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported" + case $sec_renego in + 0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)" + fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint" + ;; + 1) prln_svrty_best "supported (OK)" + fileout "$jsonID" "OK" "supported" "$cve" "$cwe" + ;; + *) prln_warning "FIXME (bug): $sec_renego" + fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe" + ;; + esac + else + prln_warning "OpenSSL handshake didn't succeed" + fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe" + fi fi # FIXME: Basically this can be done with sockets and we might have that information already @@ -14393,6 +14400,9 @@ run_renego() { prln_warning "client x509-based authentication prevents this from being tested" fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested" sec_client_renego=1 + elif "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then + pr_svrty_best "not vulnerable (OK)"; outln " (TLS 1.3 only server)" + fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" else # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background # msg enables us to look deeper into it while debugging @@ -14404,7 +14414,7 @@ run_renego() { sec_client_renego=1 else # second try in the foreground as we are sure now it won't hang - echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE + echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln! case "$sec_client_renego" in 0) # We try again if server is HTTP. This could be either a node.js server or something else. @@ -14415,7 +14425,7 @@ run_renego() { fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint" else (for i in {1..4}; do echo R; sleep 1; done) | \ - $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE + $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE case $? in 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat" fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint" @@ -14488,20 +14498,21 @@ run_crime() { sclient_connect_successful $? $TMPFILE sclient_success=$? fi + if [[ $sclient_success -ne 0 ]]; then pr_warning "test failed (couldn't connect)" fileout "CRIME_TLS" "WARN" "Check failed, couldn't connect" "$cve" "$cwe" ret=1 elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then pr_svrty_good "not vulnerable (OK)" - if [[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH"; then + if [[ $SERVICE != HTTP ]] && ! "$CLIENT_AUTH"; then out " (not using HTTP anyway)" fileout "CRIME_TLS" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe" else fileout "CRIME_TLS" "OK" "not vulnerable" "$cve" "$cwe" fi else - if [[ $SERVICE == "HTTP" ]] || "$CLIENT_AUTH"; then + if [[ $SERVICE == HTTP ]] || "$CLIENT_AUTH"; then pr_svrty_high "VULNERABLE (NOT ok)" fileout "CRIME_TLS" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint" else From 8c24d1a6f2a759e6fb0f8ee143ef64b69c995c8a Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 12:31:38 +0100 Subject: [PATCH 2/8] Complete shortcut checks (Renegotiation and CRIME) This also makes a short exit when the server side supports TLS 1.3 only as this protocol doesn't support TLS renegotiation or compression. Also it fixes the logic flaw from the previous commit that "-no_tls1_3" has to be supplied. Furthermore, it unifies the output presented to the user. --- testssl.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/testssl.sh b/testssl.sh index 422f890..dbcfa85 100755 --- a/testssl.sh +++ b/testssl.sh @@ -14334,9 +14334,9 @@ run_renego() { pr_bold " Secure Renegotiation (RFC 5746) " jsonID="secure_renego" - if "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then + if "$TLS13_ONLY"; then # https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ - prln_svrty_best "no support in TLS 1.3 only servers (OK)" + pr_svrty_best "not vulnerable (OK)"; outln ", no renegotiation support in TLS 1.3 only servers" fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" else # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " @@ -14396,13 +14396,13 @@ run_renego() { esac - if "$CLIENT_AUTH"; then + if "$TLS13_ONLY"; then + pr_svrty_best "not vulnerable (OK)"; outln ", no renegotiation support in TLS 1.3 only servers" + fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" + elif "$CLIENT_AUTH"; then prln_warning "client x509-based authentication prevents this from being tested" fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested" sec_client_renego=1 - elif "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then - pr_svrty_best "not vulnerable (OK)"; outln " (TLS 1.3 only server)" - fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" else # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background # msg enables us to look deeper into it while debugging @@ -14471,15 +14471,21 @@ run_crime() { local cwe="CWE-310" local hint="" - # in a nutshell: don't offer TLS/SPDY compression on the server side - # This tests for CRIME Vulnerability (www.ekoparty.org/2012/juliano-rizzo.php) on HTTPS, not SPDY (yet) - # Please note that it is an attack where you need client side control, so in regular situations this - # means anyway "game over", w/wo CRIME - # www.h-online.com/security/news/item/Vulnerability-in-SSL-encryption-is-barely-exploitable-1708604.html + # In a nutshell: don't offer TLS/SPDY compression. This tests for CRIME Vulnerability on HTTPS only, + # not SPDY or ALPN (yet). Please note that it is an attack where you need client side control, so in + # regular situations this # means anyway "game over", with or without CRIME. + # + # https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln pr_bold " CRIME, TLS " ; out "($cve) " + if "$TLS13_ONLY"; then + pr_svrty_best "not vulnerable (OK)"; outln ", no compression in TLS 1.3 only servers" + fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" + return 0 + fi + if ! "$HAS_ZLIB"; then if "$SSL_NATIVE"; then prln_local_problem "$OPENSSL lacks zlib support" From 2563dfb5e57d3e35a50cfc85d6fb97a30763369b Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:36:19 +0100 Subject: [PATCH 3/8] add set -x --- t/03_set-x.t | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100755 t/03_set-x.t diff --git a/t/03_set-x.t b/t/03_set-x.t new file mode 100755 index 0000000..f63abb6 --- /dev/null +++ b/t/03_set-x.t @@ -0,0 +1,28 @@ +#!/usr/bin/env perl + +# Basics: is there a synatx error where already bash hiccups on? +# --banner is equal to --version + +use strict; +use Test::More; + +my $tests = 0; +my $fileout=""; +# Blacklists we use to trigger an error: +my $error_regexp='^(\|)+([0-9])+>\s+[a-z]'; + +printf "\n%s\n", "Testing whether we forgot \"set -x\" ..."; +$fileout = `./testssl.sh --help 2>&1`; +my $retval=$?; + +unlike($fileout, qr/$error_regexp/, "just ran help"); +$tests++; + +$fileout = `./testssl.sh --ssl-native --color=0 --fast google.com 2>&1`; +unlike($fileout, qr/$error_regexp/, "ran --ssl-native --color=0 --fast google.com"); +$tests++; + +printf "\n"; +done_testing($tests); + + From bec9ebdda8252f32184e0b757f3197a488d13c24 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:44:24 +0100 Subject: [PATCH 4/8] only one ip --- t/03_set-x.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/t/03_set-x.t b/t/03_set-x.t index f63abb6..abd8645 100755 --- a/t/03_set-x.t +++ b/t/03_set-x.t @@ -18,8 +18,8 @@ my $retval=$?; unlike($fileout, qr/$error_regexp/, "just ran help"); $tests++; -$fileout = `./testssl.sh --ssl-native --color=0 --fast google.com 2>&1`; -unlike($fileout, qr/$error_regexp/, "ran --ssl-native --color=0 --fast google.com"); +$fileout = `./testssl.sh --ssl-native --color=0 --fast --ip=one google.com 2>&1`; +unlike($fileout, qr/$error_regexp/, "ran --ssl-native --color=0 --fast --ip=one google.com"); $tests++; printf "\n"; From cb6677e2d3aa76aecb5d84c3b662ff83107a5b6d Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:45:32 +0100 Subject: [PATCH 5/8] removed comment --- t/01_testssl_banner.t | 1 - 1 file changed, 1 deletion(-) diff --git a/t/01_testssl_banner.t b/t/01_testssl_banner.t index 4eccadd..f68d6df 100755 --- a/t/01_testssl_banner.t +++ b/t/01_testssl_banner.t @@ -14,7 +14,6 @@ my $error_regexp2='testssl.sh: line'; my $error_regexp3='bash: warning'; my $error_regexp4='command not found'; my $error_regexp5='(syntax error|unexpected token)'; -# my $good_regexp='free software.*USAGE w/o ANY WARRANTY.*OWN RISK.*Using.*ciphers.*built(.*)platform'; my $good_regexp='free software([\s\S]*)USAGE w/o ANY WARRANTY([\s\S]*)OWN RISK([\s\S]*)Using([\s\S]*)ciphers([\s\S]*)built([\s\S]*)platform'; printf "\n%s\n", "Testing whether just calling \"./testssl.sh --banner\" produces no error ..."; From f109d3bbd6602fce1066bbb61e984b4e83cfe619 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:47:44 +0100 Subject: [PATCH 6/8] add unlink / start with a clean state ... good when running "prove -v" locally and previously the run was interrrupted by e.g. ^C --- t/07_isJSON_valid.t | 1 + t/08_isHTML_valid.t | 1 + t/09_isJSON_severitylevel_valid.t | 1 + 3 files changed, 3 insertions(+) diff --git a/t/07_isJSON_valid.t b/t/07_isJSON_valid.t index abba0f4..26814b8 100755 --- a/t/07_isJSON_valid.t +++ b/t/07_isJSON_valid.t @@ -22,6 +22,7 @@ die "Unable to open $prg" unless -f $prg; my $uri="cloudflare.com"; printf "\n%s\n", "Unit testing JSON output ..."; +unlink 'tmp.json'; #1 printf "%s\n", ".. plain JSON --> $uri "; diff --git a/t/08_isHTML_valid.t b/t/08_isHTML_valid.t index f8877a8..4642435 100755 --- a/t/08_isHTML_valid.t +++ b/t/08_isHTML_valid.t @@ -19,6 +19,7 @@ my $check2run="--color 0 --htmlfile tmp.html"; die "Unable to open $prg" unless -f $prg; printf "\n%s\n", "Doing HTML output checks"; +unlink 'tmp.html'; #1 printf "%s\n", " .. running $prg against $uri to create HTML and terminal outputs (may take 2~3 minutes)"; diff --git a/t/09_isJSON_severitylevel_valid.t b/t/09_isJSON_severitylevel_valid.t index ab78d94..e39d6ab 100755 --- a/t/09_isJSON_severitylevel_valid.t +++ b/t/09_isJSON_severitylevel_valid.t @@ -17,6 +17,7 @@ $tests = 0; printf "\n%s\n", "Doing severity level checks"; +unlink 'tmp.json'; #1 pass(" .. running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++; From 44d1139e9937058bd17580f19b80cdc170d23e27 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:54:42 +0100 Subject: [PATCH 7/8] Revert "Complete shortcut checks (Renegotiation and CRIME)" This reverts commit 8c24d1a6f2a759e6fb0f8ee143ef64b69c995c8a. --- testssl.sh | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/testssl.sh b/testssl.sh index dbcfa85..422f890 100755 --- a/testssl.sh +++ b/testssl.sh @@ -14334,9 +14334,9 @@ run_renego() { pr_bold " Secure Renegotiation (RFC 5746) " jsonID="secure_renego" - if "$TLS13_ONLY"; then + if "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then # https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ - pr_svrty_best "not vulnerable (OK)"; outln ", no renegotiation support in TLS 1.3 only servers" + prln_svrty_best "no support in TLS 1.3 only servers (OK)" fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" else # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " @@ -14396,13 +14396,13 @@ run_renego() { esac - if "$TLS13_ONLY"; then - pr_svrty_best "not vulnerable (OK)"; outln ", no renegotiation support in TLS 1.3 only servers" - fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" - elif "$CLIENT_AUTH"; then + if "$CLIENT_AUTH"; then prln_warning "client x509-based authentication prevents this from being tested" fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested" sec_client_renego=1 + elif "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then + pr_svrty_best "not vulnerable (OK)"; outln " (TLS 1.3 only server)" + fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" else # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background # msg enables us to look deeper into it while debugging @@ -14471,21 +14471,15 @@ run_crime() { local cwe="CWE-310" local hint="" - # In a nutshell: don't offer TLS/SPDY compression. This tests for CRIME Vulnerability on HTTPS only, - # not SPDY or ALPN (yet). Please note that it is an attack where you need client side control, so in - # regular situations this # means anyway "game over", with or without CRIME. - # - # https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls + # in a nutshell: don't offer TLS/SPDY compression on the server side + # This tests for CRIME Vulnerability (www.ekoparty.org/2012/juliano-rizzo.php) on HTTPS, not SPDY (yet) + # Please note that it is an attack where you need client side control, so in regular situations this + # means anyway "game over", w/wo CRIME + # www.h-online.com/security/news/item/Vulnerability-in-SSL-encryption-is-barely-exploitable-1708604.html [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln pr_bold " CRIME, TLS " ; out "($cve) " - if "$TLS13_ONLY"; then - pr_svrty_best "not vulnerable (OK)"; outln ", no compression in TLS 1.3 only servers" - fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" - return 0 - fi - if ! "$HAS_ZLIB"; then if "$SSL_NATIVE"; then prln_local_problem "$OPENSSL lacks zlib support" From 45f28d816652be59f6d41e7b2200f3325bf04f3e Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 18 Jan 2020 21:55:35 +0100 Subject: [PATCH 8/8] Revert "Shortcuts for TLS13 only servers in renegotiation checks" This reverts commit 747fb039edc329e759aa634fed8a256031808324. --- testssl.sh | 63 ++++++++++++++++++++++-------------------------------- 1 file changed, 26 insertions(+), 37 deletions(-) diff --git a/testssl.sh b/testssl.sh index 422f890..407e0dc 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12480,7 +12480,7 @@ parse_tls_serverhello() { # If the ClientHello included a supported_versions extension, then check that the # $DETECTED_TLS_VERSION appeared in the list offered in the ClientHello. - if [[ "${TLS_CLIENT_HELLO:0:2}" == 01 ]]; then + if [[ "${TLS_CLIENT_HELLO:0:2}" == "01" ]]; then # get position of cipher lists (just after session id) offset=78+2*$(hex2dec "${TLS_CLIENT_HELLO:76:2}") # get position of compression methods @@ -12496,7 +12496,7 @@ parse_tls_serverhello() { offset+=6 tls_protocol2="$(tolower "$tls_protocol2")" for (( j=0; j < extension_len-2; j=j+4 )); do - [[ "${TLS_CLIENT_HELLO:offset:4}" == $tls_protocol2 ]] && break + [[ "${TLS_CLIENT_HELLO:offset:4}" == "$tls_protocol2" ]] && break offset+=4 done if [[ $j -eq $extension_len-2 ]]; then @@ -14333,34 +14333,27 @@ run_renego() { pr_bold " Secure Renegotiation (RFC 5746) " jsonID="secure_renego" - - if "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then - # https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ - prln_svrty_best "no support in TLS 1.3 only servers (OK)" - fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe" + # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " + $OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 $TMPFILE 2>$ERRFILE + if sclient_connect_successful $? $TMPFILE; then + grep -iaq "Secure Renegotiation IS NOT" $TMPFILE + sec_renego=$? # 0= Secure Renegotiation IS NOT supported + # grep -iaq "Secure Renegotiation IS supported" + #FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported" + case $sec_renego in + 0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)" + fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint" + ;; + 1) prln_svrty_best "supported (OK)" + fileout "$jsonID" "OK" "supported" "$cve" "$cwe" + ;; + *) prln_warning "FIXME (bug): $sec_renego" + fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe" + ;; + esac else - # first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS " - $OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 $TMPFILE 2>$ERRFILE - if sclient_connect_successful $? $TMPFILE; then - grep -iaq "Secure Renegotiation IS NOT" $TMPFILE - sec_renego=$? # 0= Secure Renegotiation IS NOT supported - # grep -iaq "Secure Renegotiation IS supported" - #FIXME: didn't occur to me yet but why not also to check on "Secure Renegotiation IS supported" - case $sec_renego in - 0) prln_svrty_critical "Not supported / VULNERABLE (NOT ok)" - fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint" - ;; - 1) prln_svrty_best "supported (OK)" - fileout "$jsonID" "OK" "supported" "$cve" "$cwe" - ;; - *) prln_warning "FIXME (bug): $sec_renego" - fileout "$jsonID" "WARN" "FIXME (bug) $sec_renego" "$cve" "$cwe" - ;; - esac - else - prln_warning "OpenSSL handshake didn't succeed" - fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe" - fi + prln_warning "OpenSSL handshake didn't succeed" + fileout "$jsonID" "WARN" "OpenSSL handshake didn't succeed" "$cve" "$cwe" fi # FIXME: Basically this can be done with sockets and we might have that information already @@ -14400,9 +14393,6 @@ run_renego() { prln_warning "client x509-based authentication prevents this from being tested" fileout "$jsonID" "WARN" "client x509-based authentication prevents this from being tested" sec_client_renego=1 - elif "$TLS13_ONLY" && [[ "$proto" == -no_tls1_3 ]]; then - pr_svrty_best "not vulnerable (OK)"; outln " (TLS 1.3 only server)" - fileout "$jsonID" "OK" "not vulnerable, TLS 1.3 only" "$cve" "$cwe" else # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background # msg enables us to look deeper into it while debugging @@ -14414,7 +14404,7 @@ run_renego() { sec_client_renego=1 else # second try in the foreground as we are sure now it won't hang - echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE + echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln! case "$sec_client_renego" in 0) # We try again if server is HTTP. This could be either a node.js server or something else. @@ -14425,7 +14415,7 @@ run_renego() { fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint" else (for i in {1..4}; do echo R; sleep 1; done) | \ - $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE + $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE case $? in 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat" fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint" @@ -14498,21 +14488,20 @@ run_crime() { sclient_connect_successful $? $TMPFILE sclient_success=$? fi - if [[ $sclient_success -ne 0 ]]; then pr_warning "test failed (couldn't connect)" fileout "CRIME_TLS" "WARN" "Check failed, couldn't connect" "$cve" "$cwe" ret=1 elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then pr_svrty_good "not vulnerable (OK)" - if [[ $SERVICE != HTTP ]] && ! "$CLIENT_AUTH"; then + if [[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH"; then out " (not using HTTP anyway)" fileout "CRIME_TLS" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe" else fileout "CRIME_TLS" "OK" "not vulnerable" "$cve" "$cwe" fi else - if [[ $SERVICE == HTTP ]] || "$CLIENT_AUTH"; then + if [[ $SERVICE == "HTTP" ]] || "$CLIENT_AUTH"; then pr_svrty_high "VULNERABLE (NOT ok)" fileout "CRIME_TLS" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint" else