Handshake problem with Microsoft IIS

[fgeek]

Server: Microsoft-IIS/6.0 Hostname: mhhkiweb1.matkahuolto.fi https://www.ssllabs.com/ssltest/analyze.html?d=mhhkiweb1.matkahuolto.fi

fgeek@kludge:~/code/tlsenum$ ~/utils/builds/python/3.3.2/bin/python3 tlsenum.py mhhkiweb1.matkahuolto.fi 443
TLS Versions supported by server: 
Traceback (most recent call last):
  File "tlsenum.py", line 652, in <module>
    main()
  File "tlsenum.py", line 612, in main
    args.host, args.port, client_hello
  File "tlsenum.py", line 473, in send_client_hello
    raise ValueError("Handshake Failed")
ValueError: Handshake Failed

fgeek@kludge:~$ ~/utils/builds/nmap/6.46/bin/nmap --script ssl-enum-ciphers -p 443 mhhkiweb1.matkahuolto.fi

Starting Nmap 6.46 ( http://nmap.org ) at 2014-09-01 17:20 EEST
Nmap scan report for mhhkiweb1.matkahuolto.fi (62.71.13.7)
Host is up (0.036s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA - weak
|       TLS_RSA_EXPORT1024_WITH_RC4_56_SHA - weak
|       TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - weak
|       TLS_RSA_EXPORT_WITH_RC4_40_MD5 - weak
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA - weak
|       TLS_RSA_EXPORT1024_WITH_RC4_56_SHA - weak
|       TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - weak
|       TLS_RSA_EXPORT_WITH_RC4_40_MD5 - weak
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|_  least strength: weak

Nmap done: 1 IP address (1 host up) scanned in 1.21 seconds

[Ayrx]

This particular failure looks like the server failing to respond to the ClientHello message when the tool is trying to determine the compression method used. I have fixed this by outputting a error message instead of an exception in 06ad64fb.

That being said, this is one of the weirdest servers I have seen. It looks like the cipher suite order isn't deterministic, running the tool multiple times results in different cipher suites being preferred. It looks like handshakes are being severely rate limited as well?

Unless I or anyone else run into more problems with IIS servers I'm writing this off as a problem with this particular server's config instead of a more general issue with IIS.

Do let me know if you disagree and thanks for the report!

[fgeek]

@Ayrx I thinks this is error intlsenum program. Another example:

~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 204.76.167.20 443
TLS Versions supported by server: 2.0
Traceback (most recent call last):
  File "tlsenum.py", line 652, in <module>
    main()
  File "tlsenum.py", line 612, in main
    args.host, args.port, client_hello
  File "tlsenum.py", line 473, in send_client_hello
    raise ValueError("Handshake Failed")
ValueError: Handshake Failed

~/utils/builds/nmap/6.46/bin/nmap --script ssl-enum-ciphers -p 443 204.76.167.20

Starting Nmap 6.46 ( http://nmap.org ) at 2014-09-02 16:08 EEST
Nmap scan report for 204.76.167.20
Host is up (0.14s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 3.88 seconds

[fgeek]

Similar problem with Microsoft IIS httpd 7.0

~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 50.194.14.133 443
Traceback (most recent call last):
  File "tlsenum.py", line 652, in <module>
    main()
  File "tlsenum.py", line 597, in main
    supported_tls_vers.append(parse_server_hello(server_hello)[0])
  File "tlsenum.py", line 484, in parse_server_hello
    ":" + "0x%02X" % server_hello[77])
IndexError: list index out of range

[fgeek]

After 06ad64f:

~/utils/builds/python/3.3.2/bin/python3 tlsenum.py 204.76.167.20 443
TLS Versions supported by server: 2.0, 3.0, 1.0
Deflate compression: no
Supported Cipher suites in order of priority: 
TLS_RSA_WITH_3DES_EDE_CBC_SHA

[Ayrx]

@fgeek So how tlsenum works is by sending ClientHello messages to the server and checking what ServerHello message the server sends back.

If you run the tool a few times, you will see that sometimes it fails to get any information because the server fails to respond and drops the connection silently. It's very possible that the ssl-enum-ciphers script in nmap or the SSL Labs tool has some rate limiting and retry logic to minimize this but I'll have to investigate the source (at least for nmap) when I have the time to be sure.

Right now, running tlsenum a few more times should hopefully work. Sorry if the tool is still rough around the edges. There are a few kinks I need to work out still. :) I'll reopen this until I have time to spin up a IIS server and test.

[fgeek]

Thanks. Please tell me if you need any help.

[Ayrx]

@fgeek Can you pull down the rewrite branch and check if the various errors you have been seeing are fixed? :) I have added dependencies on quite a few Python packages in that branch so you have to install it with python setup.py install or pip install --editable . in a virtualenv instead of simply running the script.

The rewrite branch is a general code cleanup since the original code is a quick PoC and pretty messy to extend. There's a temporary regression in support for detecting SSLv2 but I hope to add that within a day.

[fgeek]

nmap -P0 -sV 50.194.14.133 -p443 --script ssl-enum-ciphers

Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-05 16:49 EEST
Nmap scan report for 50-194-14-133-static.hfc.comcastbusiness.net (50.194.14.133)
Host is up (0.19s latency).
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Microsoft IIS httpd 7.0
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.60 seconds

(python-env)fgeek@kludge:~/temp/tlsenum/tlsenum$ ./python-env/bin/python3 tlsenum.py 50.194.14.133 443
Traceback (most recent call last):
  File "tlsenum.py", line 658, in <module>
    main()
  File "tlsenum.py", line 595, in main
    args.host, args.port, client_hello
  File "tlsenum.py", line 466, in send_client_hello
    tls_header = s.recv(5)
ConnectionResetError: [Errno 104] Connection reset by peer

Python 3.4.1

[Ayrx]

@fgeek That looks like the master branch. Can you do a git checkout rewrite followed by a pip install --editable . followed by tlsenum 50.194.14.133 443?

[fgeek]

pip install --editable .
Directory '.' is not installable. File 'setup.py' not found.

[Ayrx]

@fgeek Which git branch are you on?

[fgeek]

I'll do more testing and get back to you. Upper post is a branch problem.

[fgeek]

After I fixed problems with my environment I can see that it is working now. Thank you a lot :) I can report more problems later if I notice anything.

[Ayrx]

@fgeek Cheers! :) I'm planning to release this on PyPI tomorrow so a pip install tlsenum will install the tool.