search

OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool
GNU General Public License v2.0
373 stars 86 forks source link

SSLv2 missing in the end table #152

Closed kylak closed 2 months ago

kylak commented 2 months ago

When doing ./o-saft.pl my.tld +cipher --cipher-range=huge --ca-path=/etc/pki/tls, I got at the end of the output :

Total number of accepted ciphers:       69
SSLv3:    0   0   0   0   0   0 <<N/A as no ciphers found>>     
TLSv1:   10   2   0   7  10  19 RC4-SHA                         
TLSv11:  10   2   0   7  10  19 RC4-SHA                         
TLSv12:  22   2   0   7  18  31 RC4-SHA                         
TLSv13:   0   0   0   0   0   0 <<N/A as no ciphers found>>     
DTLSv1:   0   0   0   0   0   0 <<N/A as no ciphers found>>     
DTLSv12:      0   0   0   0   0   0 <<N/A as no ciphers found>>

The results for the SSLv2 protocol are not present in this output table, it seems to be a bug because the test apparently have tested SSL2 since the ouput also have : 

=== Ciphers: Checking SSLv2 ===
Total number of checked ciphers:        59
EnDe commented 2 months ago

fixed in o-saft.pl

kylak commented 2 months ago

I've ran ./o-saft.pl my.tld +cipher --cipher-range=huge --ca-path=/etc/pki/tls with the updated o-saft.pl, however I've gotten now the following error message : Undefined subroutine &Ciphers::is_typ called at ./o-saft.pl line 2366.

EnDe commented 2 months ago

please update all files from github, using github is "work in progress" ;-)

kylak commented 2 months ago

Ok thanks, it works now. However, why for SSLv2 the message is SSLv2 has no server selected cipher compared to others having simply no ciphers found please? I mean I don't get the difference. Also, isn't the DTLSv 1.2 first space a bug (since it's not aligned with the others)?

EnDe commented 2 months ago

However, why for SSLv2 the message is SSLv2 has no server selected cipher ... If you read the complete text with

  • preferred=offered by server;
  • preferred-strong-cipher

what exactly is wrong with the message in question which is printed in the column "prefered-strong-cipher"?

... first space a bug ...

consider it a bug in pretty printing, will be fixed at any time or another ... However, if you read the documentation, you'll find the options --sep= and --tab, then read the documentation for example --help=result and --help=output. If something does not work as described, feel free to open an issue.

kylak commented 2 months ago

I'm not saying it's wrong but rather I don't really understand its meaning.

EnDe commented 2 months ago

I don't really understand its meaning.

SSLv2 has no server selected cipher