Closed fgeek closed 10 years ago
This particular failure looks like the server failing to respond to the ClientHello
message when the tool is trying to determine the compression method used. I have fixed this by outputting a error message instead of an exception in 06ad64fb.
That being said, this is one of the weirdest servers I have seen. It looks like the cipher suite order isn't deterministic, running the tool multiple times results in different cipher suites being preferred. It looks like handshakes are being severely rate limited as well?
Unless I or anyone else run into more problems with IIS servers I'm writing this off as a problem with this particular server's config instead of a more general issue with IIS.
Do let me know if you disagree and thanks for the report!
@Ayrx I thinks this is error intlsenum program. Another example:
~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 204.76.167.20 443
TLS Versions supported by server: 2.0
Traceback (most recent call last):
File "tlsenum.py", line 652, in <module>
main()
File "tlsenum.py", line 612, in main
args.host, args.port, client_hello
File "tlsenum.py", line 473, in send_client_hello
raise ValueError("Handshake Failed")
ValueError: Handshake Failed
~/utils/builds/nmap/6.46/bin/nmap --script ssl-enum-ciphers -p 443 204.76.167.20
Starting Nmap 6.46 ( http://nmap.org ) at 2014-09-02 16:08 EEST
Nmap scan report for 204.76.167.20
Host is up (0.14s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 3.88 seconds
Similar problem with Microsoft IIS httpd 7.0
~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 50.194.14.133 443
Traceback (most recent call last):
File "tlsenum.py", line 652, in <module>
main()
File "tlsenum.py", line 597, in main
supported_tls_vers.append(parse_server_hello(server_hello)[0])
File "tlsenum.py", line 484, in parse_server_hello
":" + "0x%02X" % server_hello[77])
IndexError: list index out of range
After 06ad64f:
~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 204.76.167.20 443
TLS Versions supported by server: 2.0, 3.0, 1.0
Deflate compression: no
Supported Cipher suites in order of priority:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
@fgeek So how tlsenum
works is by sending ClientHello
messages to the server and checking what ServerHello
message the server sends back.
If you run the tool a few times, you will see that sometimes it fails to get any information because the server fails to respond and drops the connection silently. It's very possible that the ssl-enum-ciphers
script in nmap
or the SSL Labs tool has some rate limiting and retry logic to minimize this but I'll have to investigate the source (at least for nmap) when I have the time to be sure.
Right now, running tlsenum
a few more times should hopefully work. Sorry if the tool is still rough around the edges. There are a few kinks I need to work out still. :) I'll reopen this until I have time to spin up a IIS server and test.
Thanks. Please tell me if you need any help.
@fgeek Can you pull down the rewrite
branch and check if the various errors you have been seeing are fixed? :) I have added dependencies on quite a few Python packages in that branch so you have to install it with python setup.py install
or pip install --editable .
in a virtualenv instead of simply running the script.
The rewrite
branch is a general code cleanup since the original code is a quick PoC and pretty messy to extend. There's a temporary regression in support for detecting SSLv2 but I hope to add that within a day.
nmap -P0 -sV 50.194.14.133 -p443 --script ssl-enum-ciphers
Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-05 16:49 EEST
Nmap scan report for 50-194-14-133-static.hfc.comcastbusiness.net (50.194.14.133)
Host is up (0.19s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http Microsoft IIS httpd 7.0
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: strong
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.60 seconds
(python-env)fgeek@kludge:~/temp/tlsenum/tlsenum$ ./python-env/bin/python3 tlsenum.py 50.194.14.133 443
Traceback (most recent call last):
File "tlsenum.py", line 658, in <module>
main()
File "tlsenum.py", line 595, in main
args.host, args.port, client_hello
File "tlsenum.py", line 466, in send_client_hello
tls_header = s.recv(5)
ConnectionResetError: [Errno 104] Connection reset by peer
Python 3.4.1
@fgeek That looks like the master branch. Can you do a git checkout rewrite
followed by a pip install --editable .
followed by tlsenum 50.194.14.133 443
?
pip install --editable .
Directory '.' is not installable. File 'setup.py' not found.
@fgeek Which git branch are you on?
I'll do more testing and get back to you. Upper post is a branch problem.
After I fixed problems with my environment I can see that it is working now. Thank you a lot :) I can report more problems later if I notice anything.
@fgeek Cheers! :) I'm planning to release this on PyPI tomorrow so a pip install tlsenum
will install the tool.
Server: Microsoft-IIS/6.0 Hostname: mhhkiweb1.matkahuolto.fi https://www.ssllabs.com/ssltest/analyze.html?d=mhhkiweb1.matkahuolto.fi