ALPN detection fails

[uhei]

O-Saft fails to detect provided ALPN protocols in my setup.

$ ./o-saft.pl +protocols --header XXXX.YYYY.com
..
Target supports Application Layer Protocol Negotiation (ALPN):  no (<<mismatch:   and 'No ALPN negotiated'>>)
Target supports Next Protocol Negotiation (NPN):        no ( )

Capturing the O-Saft requests shows no ClientHello message with ALPN extension (Wireshark display filter: 'ssl.handshake.type == 1 and ssl.handshake.extension.type==16').

Running openssl lists the available ALPN protocol:

$ openssl.exe s_client -connect XXXX.YYYY.com:443 -alpn 'http/1.1,h2c,h2c-14,spdy/1,npn-spdy/2,spdy/2,spdy/3,spdy/3.1,spdy/4a2,spdy/4a4,h2-14,h2-15,http/2.0,h2'
..
ALPN protocol: http/1.1
..

My environment:

$ ./o-saft.pl +version
=== reading: ./.o-saft.pl (RC-FILE done) ===
=== reading: /usr/lib/perl5/vendor_perl/5.22/IO/Socket/SSL.pm (IO SSL module done) ===
=== reading: /usr/lib/perl5/vendor_perl/5.22/Net/DNS.pm (Net module done) ===
=== reading: /usr/lib/perl5/5.22/Time/Local.pm (Time module done) ===
=== reading: Net/SSLhello.pm (O-Saft module done) ===
=== reading: Net/SSLinfo.pm (O-Saft module done) ===
**WARNING: SSL version 'SSLv2': not supported by Net::SSLeay; not checked
**WARNING: SSL version 'SSLv3': not supported by Net::SSLeay; not checked
**WARNING: SSL version 'TLSv13': not supported by Net::SSLeay; not checked
=== ./o-saft.pl 17.04.05 ===
    Net::SSLeay::
       ::OPENSSL_VERSION_NUMBER()    0x268443839
       ::SSLeay()                    0x268443839
    Net::SSLeay::SSLeay_version()    OpenSSL 1.0.2k  26 Jan 2017
= openssl =
    version of external executable   OpenSSL 1.0.2k  26 Jan 2017
    external executable              /usr/bin/openssl
    used environment variable (name) LD_LIBRARY_PATH
    environment variable (content)   <<undef>>
    path to shared libraries
    full path to openssl.cnf file    <<undef>>
    common openssl.cnf files         /usr/lib/ssl/openssl.cnf /etc/ssl/openssl.cnf /System//Library/OpenSSL/openssl.cnf /usr/ssl/openssl.cnf
    URL where to find CRL file       <<undef>>
    directory with PEM files for CAs /usr/ssl/certs
    PEM format file with CAs         <<undef>>
    common paths to PEM files for CAs /etc/ssl/certs /usr/lib/certs /System/Library/OpenSSL
    common PEM filenames for CAs     ca-certificates.crt certificates.crt certs.pem
    number of supported ciphers      121
    openssl supported SSL versions   TLSv1 TLSv11 TLSv12
    o-saft.pl known SSL versions     SSLv2 SSLv3 TLSv1 TLSv11 TLSv12 TLSv13 DTLSv09 DTLSv1 DTLSv11 DTLSv12 DTLSv13
= o-saft.pl +cipherall =
    default list of ciphers          0x03000000 .. 0x030000FF, 0x0300C000 .. 0x0300C0FF,
                        0x0300CC00 .. 0x0300CCFF, 0x0300FE00 .. 0x0300FFFF,

= Required (and used) Modules =
    @INC                 . ./lib ./ ./lib . /bin /usr/lib/perl5/site_perl/5.22/x86_64-cygwin-threads /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/x86_64-cygwin-threads /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/x86_64-cygwin-threads /usr/lib/perl5/5.22 .
=   module name            VERSION  found in
=   ----------------------+--------+------------------------------------------
    IO::Socket::INET       1.35     /usr/lib/perl5/5.22/x86_64-cygwin-threads/IO/Socket/INET.pm
    IO::Socket::SSL        2.047    /usr/lib/perl5/vendor_perl/5.22/IO/Socket/SSL.pm
    Time::Local            1.2300   /usr/lib/perl5/5.22/Time/Local.pm
    Net::DNS               1.09     /usr/lib/perl5/vendor_perl/5.22/Net/DNS.pm
    Net::SSLeay            1.81     /usr/lib/perl5/vendor_perl/5.22/x86_64-cygwin-threads/Net/SSLeay.pm
    Net::SSLinfo           17.03.17 Net/SSLinfo.pm
    Net::SSLhello          17.03.02 Net/SSLhello.pm
    Ciphers
    osaft                  17.03.17 osaft.pm

The TLS server has NPN disabled and ALPN enabled. Only http/1.1 is available.

[EnDe]

O-Saft currenlty uses openssl's -nextprotoneg hence checking for NPN only. To avoid confusion, checking for ALPN has been temporary disabled in .o-saft.pl

A new issue for proper ALPN and NPN checks will be opend.

[EnDe]

complete fix no in o-saft.pl and Net::SSLinfo.pm