DimitriPapadopoulos
commented
2 years ago On Ubuntu 22.04, I cannot get rid of #5 using the solution suggested in SSL error unsafe legacy renegotiation disabled.
Closed DimitriPapadopoulos closed 2 years ago
DimitriPapadopoulos
commented
2 years ago On Ubuntu 22.04, I cannot get rid of #5 using the solution suggested in SSL error unsafe legacy renegotiation disabled.
DimitriPapadopoulos
commented
2 years ago Wait, while this is not sufficient:
Options = UnsafeLegacyRenegotiationthis does work:
Options = UnsafeLegacyRenegotiation
CipherString = DEFAULT:@SECLEVEL=1Using the above trick, errors are reduced to:
$ OPENSSL_CONF=/home/username/openssl.conf nose2-3
.....WARNING:root:sniffing vpn.ycp.edu for fortinet resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: /remote/login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e11450>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.ycp.edu for anyconnect resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e11570>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.ycp.edu for f5_bigip resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: /myvpn?sess=none&hdlc_framing=no&ipv4=1&ipv6=1&Z=none&hostname=none (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e13490>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
F..........WARNING:root:sniffing sslvpn.co.adams.il.us for barracuda resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7c1c0>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
WARNING:root:sniffing sslvpn.co.adams.il.us for sonicwall_nx resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: /sslvpnclient?launchplatform=mac&neProto=3&supportipv6=yes (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7c3d0>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
WARNING:root:sniffing sslvpn.co.adams.il.us for array_networks resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: /vpntunnel (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7c220>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
F.WARNING:root:sniffing vpn.tongji.cn for fortinet resulted in exception HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /remote/login (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f9607c7c430>: Failed to establish a new connection: [Errno 111] Connection refused'))
...........WARNING:root:sniffing vpn.aurora.edu for anyconnect resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7d840>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for sonicwall_nx resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /sslvpnclient?launchplatform=mac&neProto=3&supportipv6=yes (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7c670>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for juniper_pulse resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7d660>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for global_protect resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7d240>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for check_point resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /clients (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7dde0>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for array_networks resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /vpntunnel (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7dba0>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for sstp resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /sra_%7BBA195980-CD49-458b-9E23-C84EE0ADCD75%7D/ (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607c7cf70>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for openvpn resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607dda860>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for fortinet resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /remote/login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e116c0>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for f5_bigip resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: /myvpn?sess=none&hdlc_framing=no&ipv4=1&ipv6=1&Z=none&hostname=none (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e13130>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for barracuda resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e13f40>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.aurora.edu for aruba_via resulted in exception HTTPSConnectionPool(host='vpn.aurora.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f9607e12ef0>, 'Connection to vpn.aurora.edu timed out. (connect timeout=10)'))
...WARNING:root:sniffing vpn.uu.edu for sonicwall_nx resulted in exception HTTPSConnectionPool(host='69.167.204.2', port=4433): Max retries exceeded with url: /sslvpnLogin.html (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607c7df90>: Failed to establish a new connection: [Errno 111] Connection refused'))
WARNING:root:sniffing vpn.uu.edu for sstp resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
WARNING:root:sniffing vpn.uu.edu for check_point resulted in exception The read operation timed out
WARNING:root:sniffing vpn.uu.edu for anyconnect resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
.WARNING:root:sniffing vpn.drew.edu for anyconnect resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
WARNING:root:sniffing vpn.drew.edu for check_point resulted in exception The read operation timed out
WARNING:root:sniffing vpn.drew.edu for sstp resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
.WARNING:root:sniffing vpn.softlayer.edu for sonicwall_nx resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /sslvpnclient?launchplatform=mac&neProto=3&supportipv6=yes (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607dd9fc0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for global_protect resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607dda140>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for sstp resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /sra_%7BBA195980-CD49-458b-9E23-C84EE0ADCD75%7D/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f96089f24d0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for check_point resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /clients (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607dd9fc0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for openvpn resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f96089f29b0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for anyconnect resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607e137f0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for barracuda resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f96089f2650>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for juniper_pulse resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607e128f0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for f5_bigip resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /myvpn?sess=none&hdlc_framing=no&ipv4=1&ipv6=1&Z=none&hostname=none (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607dda500>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for fortinet resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /remote/login (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607e13ac0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for array_networks resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: /vpntunnel (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607dda140>: Failed to establish a new connection: [Errno -2] Name or service not known'))
WARNING:root:sniffing vpn.softlayer.edu for aruba_via resulted in exception HTTPSConnectionPool(host='vpn.softlayer.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9607e13e20>: Failed to establish a new connection: [Errno -2] Name or service not known'))
.
======================================================================
FAIL: test_sniffers.test_known_servers.test_matched_vpns:6
'vpn.ycp.edu', 'fortinet'
----------------------------------------------------------------------
Traceback (most recent call last):
File "/volatile/src/what-vpn/tests/test_sniffers.py", line 97, in check_hits
assert hits == expected_hits, "got {} hits for {}, instead of expected {}".format(hits, server, expected_hits)
AssertionError: got 0 hits for vpn.ycp.edu, instead of expected 1
======================================================================
FAIL: test_sniffers.test_known_servers.test_matched_vpns:17
'sslvpn.co.adams.il.us', 'barracuda'
----------------------------------------------------------------------
Traceback (most recent call last):
File "/volatile/src/what-vpn/tests/test_sniffers.py", line 97, in check_hits
assert hits == expected_hits, "got {} hits for {}, instead of expected {}".format(hits, server, expected_hits)
AssertionError: got 0 hits for sslvpn.co.adams.il.us, instead of expected 1
----------------------------------------------------------------------
Ran 35 tests in 313.059s
FAILED (failures=2)
$ After the latest merge requests, and forcing OpenSSL to ignore SSL errors, the remaining failures have to do with vpn.ycp.edu (#10) and sslvpn.co.adams.il.us (#12), which are not reachable from Europe:
$ OPENSSL_CONF=~/openssl.conf nose2-3
.....WARNING:root:sniffing vpn.ycp.edu for fortinet resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: /remote/login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63e516830>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.ycp.edu for barracuda resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63d798250>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
WARNING:root:sniffing vpn.ycp.edu for sonicwall_nx resulted in exception HTTPSConnectionPool(host='vpn.ycp.edu', port=443): Max retries exceeded with url: /sslvpnclient?launchplatform=mac&neProto=3&supportipv6=yes (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63d7990c0>, 'Connection to vpn.ycp.edu timed out. (connect timeout=10)'))
F............WARNING:root:sniffing sslvpn.co.adams.il.us for barracuda resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63d7987c0>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
WARNING:root:sniffing sslvpn.co.adams.il.us for global_protect resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63d7987f0>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
WARNING:root:sniffing sslvpn.co.adams.il.us for array_networks resulted in exception HTTPSConnectionPool(host='sslvpn.co.adams.il.us', port=443): Max retries exceeded with url: /vpntunnel (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fc63d799360>, 'Connection to sslvpn.co.adams.il.us timed out. (connect timeout=10)'))
F.WARNING:root:sniffing vpn.tongji.cn for anyconnect resulted in exception HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /CSCOSSLC/tunnel (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc63d79a7d0>: Failed to establish a new connection: [Errno 111] Connection refused'))
WARNING:root:sniffing vpn.tongji.cn for juniper_pulse resulted in exception HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /dana-na (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc63d933820>: Failed to establish a new connection: [Errno 111] Connection refused'))
..WARNING:root:sniffing cpvpn.its.hawaii.edu for anyconnect resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
.........WARNING:root:sniffing vpn.wdc.softlayer.com for f5_bigip resulted in exception HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /myvpn?sess=none&hdlc_framing=no&ipv4=1&ipv6=1&Z=none&hostname=none (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc63d79b2e0>: Failed to establish a new connection: [Errno 111] Connection refused'))
..WARNING:root:sniffing vpn.uu.edu for sonicwall_nx resulted in exception HTTPSConnectionPool(host='69.167.204.2', port=4433): Max retries exceeded with url: /sslvpnLogin.html (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc63d7e08e0>: Failed to establish a new connection: [Errno 111] Connection refused'))
WARNING:root:sniffing vpn.uu.edu for check_point resulted in exception The read operation timed out
WARNING:root:sniffing vpn.uu.edu for anyconnect resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
WARNING:root:sniffing vpn.uu.edu for sstp resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
.WARNING:root:sniffing vpn.drew.edu for sstp resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
WARNING:root:sniffing vpn.drew.edu for anyconnect resulted in exception ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
WARNING:root:sniffing vpn.drew.edu for check_point resulted in exception The read operation timed out
.
======================================================================
FAIL: test_sniffers.test_known_servers.test_matched_vpns:6
'vpn.ycp.edu', 'fortinet'
----------------------------------------------------------------------
Traceback (most recent call last):
File "/volatile/src/what-vpn/tests/test_sniffers.py", line 90, in check_hits
assert hits == expected_hits, "got {} hits for {}, instead of expected {}".format(hits, server, expected_hits)
AssertionError: got 0 hits for vpn.ycp.edu, instead of expected 1
======================================================================
FAIL: test_sniffers.test_known_servers.test_matched_vpns:19
'sslvpn.co.adams.il.us', 'barracuda'
----------------------------------------------------------------------
Traceback (most recent call last):
File "/volatile/src/what-vpn/tests/test_sniffers.py", line 90, in check_hits
assert hits == expected_hits, "got {} hits for {}, instead of expected {}".format(hits, server, expected_hits)
AssertionError: got 0 hits for sslvpn.co.adams.il.us, instead of expected 1
----------------------------------------------------------------------
Ran 35 tests in 219.999s
FAILED (failures=2)
$ 
dlenski
commented
2 years ago So #19 should have fixed the renegotiation-related errors, right?
Are your remaining errors due entirely to test servers which can't be accessed from Europe?
DimitriPapadopoulos
commented
2 years ago Yes, the remaining errors are related to servers unreachable from Europe, vpn.ycp.edu and sslvpn.co.adams.il.us.
Running the tests on Ubuntu 22.04:
Probably need to start by removing servers that appear not be active any more:
vpn.ycp.edusslvpn.co.adams.il.usvpn.aurora.eduvpn.uu.eduvpn.softlayer.eduThen try to fix #5:
SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))Finally, investigate cases where servers exist but do not accept the connection:
vpn.uu.eduvpn.drew.edu