IPv6

[drwetter]

tests fail using IPv6 addresses

[drwetter]

a) currently impossible: "openssl s_client -connect ipv6.google.com:https" doesn't work!!! There's a patch though: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589520

b) Also it's more or less a disaster to implement as some helper programs either doesn't understand IPv6 at all (some netcat flavors), some need square brackets, some not, some quotes

[drwetter]

Only sockets do work with IPv6, so unless the whole testssl.sh is using this or openssl is supporting IPv6 there's nothing I could do.

[drwetter]

Good news:

The IPv6 patch from Fedora/RH works and out of the box newer FC/CentOS/RHEL openssl versions seems to have that included. ( @feld: Any any idea about the IPV6 status of FreeBSD openssl binaries?). Anyway: There need to be new binaries (see https://github.com/PeterMosmans/openssl/issues/31).

As I wrote testssl.sh anticipatory for IPv6 (yes, I am one of the handful IPv6 users out there) the changes to testssl.sh were minor and I could w/ 20 minutes effort get a complete check of ipv6.google.com The only thing I am worrying now is how not to bother IPv4 only users with error messages.

Stay tuned!

[drwetter]

Just committed the IPv6 patch.

As the log says: IPv6 is 80% working now. You either need a recent FC/RHEL/CentOS or a manually patched openssl tree with the patch from Fedora http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.2a-ipv6-apps.patch . Also you need a to set `HAS_IPv6=true``.

Example:

prompt% OPENSSL=/data/tmp/openssl-1.0.2d.v6/apps/openssl HAS_IPv6=true ./testssl.sh -p -U ipv6.google.com           22:52:39

###########################################################
    testssl.sh       2.7dev from https://testssl.sh/dev/
    (feaef68 2015-09-26 22:44:33 -- 1.393)

      This program is free software. Distribution and 
             modification under GPLv2 permitted. 
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2d 9 Jul 2015" [~145 ciphers] on
XXXX:/data/tmp/openssl-1.0.2d.v6/apps/openssl
 (built: "Sep 26 00:30:42 2015", platform: "linux-x86_64")

Testing now (2015-09-26 22:52) ---> [2a00:1450:4007:80e::200e]:443 (ipv6.google.com) <---

 rDNS ([2a00:1450:4007:80e::200e]): --
 Service detected:       HTTP

--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

 SSLv2      not offered (OK)
 SSLv3      offered (NOT ok)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 SPDY/NPN   h2, h2-15, h2-14, spdy/3.1, spdy/3, http/1.1 (advertised)

--> Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK)
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    NOT ok: uses gzip HTTP compression (only "/" tested)
 POODLE, SSL (CVE-2014-3566)               VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
 TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK) (tested with 6/9 ciphers)                                                                
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. "testssl.sh -E/-e" spots candidates                                                                                                                               
 BEAST (CVE-2011-3389)                     SSL3: ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA                                                                    
                                           TLS1: ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA                                                                    
                                           -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2                                 
 RC4 (CVE-2013-2566, CVE-2015-2808)        VULNERABLE (NOT ok): ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 RC4-MD5                                               

Done now (2015-09-26 22:53) ---> [2a00:1450:4007:80e::200e]:443 (ipv6.google.com) <---
prompt%

The "has thing" is kind of ugly, --ip= hasn;t been checked as well as proxy support. But other than that IPv6 works!

[drwetter]

Work still to do:

1) make the --proxy option work wit IPv6 (OpenSSL is not that far yet but LibreSSL is) 2) --ip doesn't work 3) rDNS output looks ugly 4) "further IP addresses" lists now all IP addresses, not only the "other" ones. This is a general issue but was introduced in the IPv6 patch feaef680aac306ccf27ca2c160de3ec644f062bd 5) The thing with the environment variable is ugly. Best would be auto detection (don't know how as a valid AAAA DNS record returned doesn't necessarily mean the client / the client's network supports IPv6). For medium terms maybe a cmd line flag suffices.

[drwetter]

5) cannot be done automagically as clients w/o IPv6 connectivity will experience unnecessary timeouts. Also the openssl client doesn't have a flag where one reliably can tell "oh, this has IPv6 support"

[drwetter]

I added a hint in the compiling docu (https://github.com/drwetter/testssl.sh/blob/master/bin/Readme.md) to Peter's IPv6 branch and uploaded for the time being Linux binaries to https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz / https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz.asc.

(Until further planned improvements are done I am hesitant to abuse github as a binary server)

[jpluimers]

You could put the binaries in a separate repository. I've OpenSuSE systems connected to various ISPs, two connections (ADSL and fiber) have IPv6 in addition to IPV6 (the other, fiber and cable only have IPv4). So I can help testing. Just tell me the steps (:

[drwetter]

Hi Jeroen,

thx for letting me know that there's another person in the world using IPv6. ;-)

For now the site above (https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz) is the separate repository. I plan to update the binaries on github if there a more advances in the binaries (NNTP STARTTSSL patch, CCM ciphers/whatsoever).

To run the thing you just need ./testssl.sh -6 or HAS_IPv6=true testssl.sh <mycmdline>. Use ipv6.google.com or dev.testssl.sh as a test.

HTH?

Dirk

[jpluimers]

I presume I need to rebuild my Darwin binaries, right?

[PeterMosmans]

@jpluimers Yes :smile: I created a special branch, called ipv6 - see https://github.com/PeterMosmans/openssl/tree/ipv6 That's the branch with IPv6 support

[drwetter]

depends on you, @jpluimers. ;-)

I'll be happy to also update then the FreeBSD binary with IPv6 support and upload the resulting tarball under https://testssl.sh/ .

[jpluimers]

git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh/
wget https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz.asc
tar xvf openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz
sudo gem install gist
for host in {ipv6.google.com,dev.testssl.sh}; do echo $host && ./testssl.sh --color 0 -6 $host | /usr/lib64/ruby/gems/2.0.0/gems/gist-4.4.2/bin/gist -p -d "testssl ipv6 $host"; done 

(somehow gem doesn't install the gist into the path unlike brew install gist on my Mac; not sure why, boy often I hate those 'helpful' installers)

Anyway, the results are:

ipv6.google.com https://gist.github.com/0f77bdc7d2fcbdb2fa40 dev.testssl.sh https://gist.github.com/22179ec12b744f42f992

[drwetter]

Cool!

See, @ all : IPv6 is sooo easy ;-)

[jpluimers]

@PeterMosmans remind me in 2 weeks. I have to prep for teaching http://www.dapug.dk/2015/08/workshop-20.html and afterwards need a few days to wind down.

[sanderjo]

$ ./testssl.sh -6 ipv6.google.com
...
 Using "OpenSSL 1.0.2-chacha (1.0.2e-dev)" [~181 ciphers] on
 haring:./bin/openssl.Linux.i686
 (built: "Oct  5 11:30:36 2015", platform: "linux-elf")

So ... testssl.sh automagically uses the openssl unpacked in the testssh.sh/bin subdirectory? Impressive!

Sidenote: why is the "-6" needed? Can't testssl.sh self-detect that?

[drwetter]

1) for now you need to override this by using ENV ($OPENSSL) or by the option on the command line `--openssl=`` and use this: https://testssl.sh/openssl-1.0.2e-chacha.pm.ipv6.Linux.tar.gz. Pls read above! It's not updated at github yet as other updates in the binary are pending and I don't want folks to pull gigabytes from this repo -- github is not good serving frequently changing binaries.

2) As far as -6 is concerned: I do not see platform compatible means checking for a local IPv6 address and for connectivity.

Cheers, Dirk

[drwetter]

Forgot to say: --ip=<ipv6address> works, it has always been working, see ./testssl.sh -6 --openssl=<opensslbinarywithipv6support> --ip=2a01:238:4279:1200:1000:1:e571:51 dev.testssl.sh.

What's open is IPv6 proxy support. The fedora patch I gave Peter and he rebased doesn't contain that and I couldn't it get that to fly within' 15 minutes either.

I know LibreSSL has that but haven't looked into the code yet. Is there a patch somehwere?

[drwetter]

Remaining issue of IPv6 proxy support will be tracked in #1105