search

drwetter / testssl.sh

Testing TLS/SSL encryption anywhere on any port
https://testssl.sh
GNU General Public License v2.0
7.98k stars 1.03k forks source link

macOS 10.14.5: testssl.sh 3.0rc5: warning: command substitution: ignored null byte in input #1292

Closed bknowles closed 5 years ago

bknowles commented 5 years ago

Summary

On first glance, this issue appears to be related to https://github.com/drwetter/testssl.sh/issues/352 where a lot of background information can be found. However, it appears that this is actually a different problem.

Hardware Architecture (uname -a):

Darwin CECEN-SX2EVGTFL 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64

Testssl version (from the banner: testssl.sh -b 2>/dev/null | head -4 | tail -2)

testssl.sh       3.0rc5 from https://testssl.sh/dev/
(eef63b1 2019-07-03 11:54:56 -- )

Git commit (git log | head -1)

commit eef63b1726b9f44ff63a6dc19c6e2ea16e78b644

OpenSSL Version (used by testssl.sh: testssl.sh -b 2>/dev/null | awk -F':' '/openssl/ { print $2}')

./bin/openssl.Darwin.x86_64

Steps to Reproduce (testssl.sh or docker command line, if possible incl. host)

$ ./testssl.sh https://host.domain.private:7233

This is a private host, using private DNS, on a private RFC-1918 10.* IP address. Trust me, you are not going to be able to hit this machine yourselves.

What's Wrong (output is needed)

I get the following warnings output to stderr throughout various test sections:

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          ./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384
                              DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256
                              ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA
                              DHE-RSA-CAMELLIA128-SHA 
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
 Elliptic curves offered:     sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 secp384r1 secp521r1 brainpoolP256r1 
                              brainpoolP384r1 brainpoolP512r1 
 DH group offered:            Unknown DH group (1024 bits)

 Testing server preferences 

 Has server cipher order?     ./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 1278: warning: command substitution: ignored null byte in input
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
nope (NOT ok)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
ECDHE-RSA-RC4-SHA, 570 bit ECDH (B-571) -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto  (matching cipher in list missing)
./testssl.sh: line 6941: warning: command substitution: ignored null byte in input
./testssl.sh: line 1278: warning: command substitution: ignored null byte in input
./testssl.sh: line 1265: warning: command substitution: ignored null byte in input
     ECDHE-RSA-AES256-SHA:          TLSv1, TLSv1.1
     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
 No further cipher order check has been done as order is determined by the client

What did you expect instead?

None of the warnings above should be shown. More importantly, these warnings do not show up for version 2.9.5 or 2.9dev of testssl.

bknowles commented 5 years ago

I followed the instructions at https://github.com/drwetter/testssl.sh/issues/352#issuecomment-509361612 and ran the command:

$ ./testssl.sh --protocols --ssl-native --debug 1 https://host.domain.private:7233

Looking at the bottom of the output, I see the line:

DEBUG (level 1): see files in /tmp/testssl.UAUIYL

Looking in these files, I see:

$ hexdump -C /tmp/testssl.UAUIYL/*run_prototest_openssl-tls1.txt | grep --color -A 4 -B 4 " 00 "
000016a0  20 72 65 74 75 72 6e 20  63 6f 64 65 3a 20 31 39  | return code: 19|
000016b0  20 28 73 65 6c 66 20 73  69 67 6e 65 64 20 63 65  | (self signed ce|
000016c0  72 74 69 66 69 63 61 74  65 20 69 6e 20 63 65 72  |rtificate in cer|
000016d0  74 69 66 69 63 61 74 65  20 63 68 61 69 6e 29 0a  |tificate chain).|
000016e0  2d 2d 2d 0a 00 00 00 01  00 00 00 03 3c 0e 31 fb  |---.........<.1.|
000016f0

So, it looks to me like maybe the OpenSSL command is actually generating nulls in the output, perhaps only when we see a self-signed CA certificate.

This implies to me that perhaps we need to post-filter the output from OpenSSL, to remove any nulls that it might generate.

bknowles commented 5 years ago

When I run the following command:

./testssl.sh -U --debug 1 https://host.domain.private:7233

I also see the errors shown above, this time it should be using ./bin/openssl.Darwin.x86_64 and not the natively installed version of OpenSSL. Looking in the output text files, I'm seeing a lot of what appear to be nulls being returned as part of the certificates:

$ hexdump -C /tmp/testssl.qKxHAZ/*txt | grep --color -A 4 -B 4 " 00 00 "
00003eb0  72 69 66 79 20 72 65 74  75 72 6e 20 63 6f 64 65  |rify return code|
00003ec0  3a 20 31 39 20 28 73 65  6c 66 20 73 69 67 6e 65  |: 19 (self signe|
00003ed0  64 20 63 65 72 74 69 66  69 63 61 74 65 20 69 6e  |d certificate in|
00003ee0  20 63 65 72 74 69 66 69  63 61 74 65 20 63 68 61  | certificate cha|
00003ef0  69 6e 29 0a 2d 2d 2d 0a  00 00 00 01 00 00 00 03  |in).---.........|
00003f00  2a f4 d5 8d 44 4f 4e 45  0a 3d 3d 3d 3d 3d 3d 3d  |*...DONE.=======|
00003f10  3d 3d 3d 3d 3d 3d 3d 3d  3d 3d 3d 3d 3d 3d 3d 3d  |================|
00003f20  3d 3d 3d 3d 3d 3d 3d 3d  3d 3d 3d 3d 3d 3d 3d 0a  |===============.|
00003f30  0a 43 4f 4e 4e 45 43 54  45 44 28 30 30 30 30 30  |.CONNECTED(00000|
--
--
000043b0  20 39 34 20 31 35 20 66  61 20 65 65 20 35 34 20  | 94 15 fa ee 54 |
000043c0  30 38 20 39 39 20 36 66  20 62 38 20 66 31 20 38  |08 99 6f b8 f1 8|
000043d0  37 20 38 39 20 38 63 20  35 61 20 62 62 20 63 65  |7 89 8c 5a bb ce|
000043e0  0a 20 20 20 20 64 64 20  61 37 20 66 62 20 35 31  |.    dd a7 fb 51|
000043f0  20 35 31 20 62 63 20 30  30 20 30 30 20 65 34 20  | 51 bc 00 00 e4 |
00004400  63 63 20 31 34 20 63 63  20 31 33 20 63 63 20 31  |cc 14 cc 13 cc 1|
00004410  35 20 63 30 0a 20 20 20  20 33 30 20 63 30 20 32  |5 c0.    30 c0 2|
00004420  63 20 63 30 20 32 38 20  63 30 20 32 34 20 63 30  |c c0 28 c0 24 c0|
00004430  20 31 34 20 63 30 20 30  61 20 30 30 20 61 35 20  | 14 c0 0a 00 a5 |
--
--
000046b0  30 30 20 31 33 20 30 30  0a 20 20 20 20 31 30 20  |00 13 00.    10 |
000046c0  30 30 20 30 64 20 63 30  20 30 64 20 63 30 20 30  |00 0d c0 0d c0 0|
000046d0  33 20 30 30 20 30 61 20  30 30 20 39 33 20 30 30  |3 00 0a 00 93 00|
000046e0  20 66 66 20 30 31 20 30  30 20 30 30 0a 20 20 20  | ff 01 00 00.   |
000046f0  20 39 31 20 30 30 20 30  30 20 30 30 20 31 61 20  | 91 00 00 00 1a |
00004700  30 30 20 31 38 20 30 30  20 30 30 20 31 35 20 34  |00 18 00 00 15 4|
00004710  34 20 34 35 20 35 36 20  32 64 20 34 35 20 35 33  |4 45 56 2d 45 53|
00004720  0a 20 20 20 20 34 32 20  32 64 20 34 35 20 34 64  |.    42 2d 45 4d|
00004730  20 35 33 20 32 64 20 33  31 20 32 65 20 37 37 20  | 53 2d 31 2e 77 |
00004740  36 36 20 36 64 20 32 65  20 37 30 20 37 36 20 37  |66 6d 2e 70 76 7|
--
--
00004800  20 30 35 20 30 30 20 31  32 20 30 30 20 31 33 20  | 05 00 12 00 13 |
00004810  30 30 20 30 31 20 30 30  20 30 32 20 30 30 20 30  |00 01 00 02 00 0|
00004820  33 20 30 30 0a 20 20 20  20 30 66 20 30 30 20 31  |3 00.    0f 00 1|
00004830  30 20 30 30 20 31 31 20  30 30 20 32 33 20 30 30  |0 00 11 00 23 00|
00004840  20 30 30 20 30 30 20 30  64 20 30 30 20 32 30 20  | 00 00 0d 00 20 |
00004850  30 30 20 31 65 20 30 36  0a 20 20 20 20 30 31 20  |00 1e 06.    01 |
00004860  30 36 20 30 32 20 30 36  20 30 33 20 30 35 20 30  |06 02 06 03 05 0|
00004870  31 20 30 35 20 30 32 20  30 35 20 30 33 20 30 34  |1 05 02 05 03 04|
00004880  20 30 31 20 30 34 20 30  32 20 30 34 0a 20 20 20  | 01 04 02 04.   |
--
--
00004980  20 37 37 20 34 61 20 66  32 20 65 35 0a 20 20 20  | 77 4a f2 e5.   |
00004990  20 31 34 20 36 39 20 63  38 20 62 37 20 33 39 20  | 14 69 c8 b7 39 |
000049a0  37 37 20 30 30 20 63 30  20 33 30 20 30 30 20 30  |77 00 c0 30 00 0|
000049b0  30 20 31 36 20 66 66 20  30 31 20 30 30 20 30 31  |0 16 ff 01 00 01|
000049c0  0a 20 20 20 20 30 30 20  30 30 20 30 62 20 30 30  |.    00 00 0b 00|
000049d0  20 30 34 20 30 33 20 30  30 20 30 31 20 30 32 20  | 04 03 00 01 02 |
--
000049d0  20 30 34 20 30 33 20 30  30 20 30 31 20 30 32 20  | 04 03 00 01 02 |
000049e0  30 30 20 32 33 20 30 30  20 30 30 20 30 30 20 30  |00 23 00 00 00 0|
000049f0  66 20 30 30 0a 20 20 20  20 30 31 20 30 31 0a 3c  |f 00.    01 01.<|
00004a00  3c 3c 20 3f 3f 3f 20 5b  6c 65 6e 67 74 68 20 30  |<< ??? [length 0|
00004a10  30 30 35 5d 0a 20 20 20  20 31 36 20 30 33 20 30  |005].    16 03 0|
00004a20  33 20 31 37 20 31 32 0a  3c 3c 3c 20 54 4c 53 20  |3 17 12.<<< TLS |
--
--
00004a90  20 30 37 20 31 38 20 61  30 20 30 33 20 30 32 20  | 07 18 a0 03 02 |
00004aa0  30 31 20 30 32 20 30 32  20 31 33 20 33 38 20 30  |01 02 02 13 38 0|
00004ab0  30 20 30 30 20 65 35 20  61 66 20 38 39 20 30 34  |0 00 e5 af 89 04|
00004ac0  0a 20 20 20 20 31 34 20  35 62 20 31 35 20 31 30  |.    14 5b 15 10|
00004ad0  20 32 63 20 38 32 20 30  30 20 30 30 20 30 30 20  | 2c 82 00 00 00 |
00004ae0  30 30 20 65 35 20 61 66  20 33 30 20 30 64 20 30  |00 e5 af 30 0d 0|
00004af0  36 20 30 39 0a 20 20 20  20 32 61 20 38 36 20 34  |6 09.    2a 86 4|
00004b00  38 20 38 36 20 66 37 20  30 64 20 30 31 20 30 31  |8 86 f7 0d 01 01|
00004b10  20 30 62 20 30 35 20 30  30 20 33 30 20 35 36 20  | 0b 05 00 30 56 |
--
--
00006860  31 36 20 30 30 20 30 38  0a 20 20 20 20 61 31 20  |16 00 08.    a1 |
00006870  33 30 20 38 32 20 30 38  20 39 64 20 33 30 20 38  |30 82 08 9d 30 8|
00006880  32 20 30 36 20 38 35 20  61 30 20 30 33 20 30 32  |2 06 85 a0 03 02|
00006890  20 30 31 20 30 32 20 30  32 20 31 33 0a 20 20 20  | 01 02 02 13.   |
000068a0  20 36 34 20 30 30 20 30  30 20 30 30 20 30 32 20  | 64 00 00 00 02 |
000068b0  32 35 20 39 30 20 63 31  20 61 32 20 63 62 20 32  |25 90 c1 a2 cb 2|
--
000068b0  32 35 20 39 30 20 63 31  20 61 32 20 63 62 20 32  |25 90 c1 a2 cb 2|
000068c0  30 20 34 32 20 35 61 20  30 30 20 30 30 20 30 30  |0 42 5a 00 00 00|
000068d0  0a 20 20 20 20 30 30 20  30 30 20 30 32 20 33 30  |.    00 00 02 30|
000068e0  20 30 64 20 30 36 20 30  39 20 32 61 20 38 36 20  | 0d 06 09 2a 86 |
000068f0  34 38 20 38 36 20 66 37  20 30 64 20 30 31 20 30  |48 86 f7 0d 01 0|
00006900  31 20 30 62 0a 20 20 20  20 30 35 20 30 30 20 33  |1 0b.    05 00 3|
00006910  30 20 32 37 20 33 31 20  32 35 20 33 30 20 32 33  |0 27 31 25 30 23|
--
--
00009c50  36 20 30 33 20 30 33 20  30 30 20 30 37 0a 3e 3e  |6 03 03 00 07.>>|
00009c60  3e 20 54 4c 53 20 31 2e  32 20 48 61 6e 64 73 68  |> TLS 1.2 Handsh|
00009c70  61 6b 65 20 5b 6c 65 6e  67 74 68 20 30 30 30 37  |ake [length 0007|
00009c80  5d 2c 20 43 65 72 74 69  66 69 63 61 74 65 0a 20  |], Certificate. |
00009c90  20 20 20 30 62 20 30 30  20 30 30 20 30 33 20 30  |   0b 00 00 03 0|
00009ca0  30 20 30 30 20 30 30 0a  3e 3e 3e 20 3f 3f 3f 20  |0 00 00.>>> ??? |
00009cb0  5b 6c 65 6e 67 74 68 20  30 30 30 35 5d 0a 20 20  |[length 0005].  |
00009cc0  20 20 31 36 20 30 33 20  30 33 20 30 30 20 39 36  |  16 03 03 00 96|
00009cd0  0a 3e 3e 3e 20 54 4c 53  20 31 2e 32 20 48 61 6e  |.>>> TLS 1.2 Han|
--
--
00009ff0  20 20 31 36 20 30 33 20  30 33 20 30 30 20 63 61  |  16 03 03 00 ca|
0000a000  0a 3c 3c 3c 20 54 4c 53  20 31 2e 32 20 48 61 6e  |.<<< TLS 1.2 Han|
0000a010  64 73 68 61 6b 65 20 5b  6c 65 6e 67 74 68 20 30  |dshake [length 0|
0000a020  30 63 61 5d 3f 3f 3f 0a  20 20 20 20 30 34 20 30  |0ca]???.    04 0|
0000a030  30 20 30 30 20 63 36 20  30 30 20 30 30 20 30 31  |0 00 c6 00 00 01|
0000a040  20 32 63 20 30 30 20 63  30 20 35 64 20 37 37 20  | 2c 00 c0 5d 77 |
0000a050  37 35 20 31 37 20 37 64  20 64 63 0a 20 20 20 20  |75 17 7d dc.    |
0000a060  39 39 20 33 34 20 33 63  20 64 35 20 61 63 20 36  |99 34 3c d5 ac 6|
0000a070  63 20 63 39 20 61 66 20  33 61 20 39 63 20 36 37  |c c9 af 3a 9c 67|
--
--
0000a330  36 20 30 33 20 30 33 20  30 30 20 32 38 0a 3c 3c  |6 03 03 00 28.<<|
0000a340  3c 20 54 4c 53 20 31 2e  32 20 48 61 6e 64 73 68  |< TLS 1.2 Handsh|
0000a350  61 6b 65 20 5b 6c 65 6e  67 74 68 20 30 30 31 30  |ake [length 0010|
0000a360  5d 2c 20 46 69 6e 69 73  68 65 64 0a 20 20 20 20  |], Finished.    |
0000a370  31 34 20 30 30 20 30 30  20 30 63 20 31 38 20 61  |14 00 00 0c 18 a|
0000a380  30 20 64 34 20 63 30 20  32 64 20 61 39 20 38 38  |0 d4 c0 2d a9 88|
0000a390  20 38 35 20 62 30 20 63  64 20 36 36 20 61 34 0a  | 85 b0 cd 66 a4.|
0000a3a0  2d 2d 2d 0a 43 65 72 74  69 66 69 63 61 74 65 20  |---.Certificate |
0000a3b0  63 68 61 69 6e 0a 20 30  20 73 3a 2f 43 3d 55 53  |chain. 0 s:/C=US|
--
--
0000bc10  65 72 74 69 66 69 63 61  74 65 20 69 6e 20 63 65  |ertificate in ce|
0000bc20  72 74 69 66 69 63 61 74  65 20 63 68 61 69 6e 29  |rtificate chain)|
0000bc30  0a 2d 2d 2d 0a 3c 3c 3c  20 3f 3f 3f 20 5b 6c 65  |.---.<<< ??? [le|
0000bc40  6e 67 74 68 20 30 30 30  35 5d 0a 20 20 20 20 31  |ngth 0005].    1|
0000bc50  37 20 30 33 20 30 33 20  30 30 20 32 34 0a 00 00  |7 03 03 00 24...|
0000bc60  00 01 00 00 00 03 35 20  f0 6d 3e 3e 3e 20 3f 3f  |......5 .m>>> ??|
0000bc70  3f 20 5b 6c 65 6e 67 74  68 20 30 30 30 35 5d 0a  |? [length 0005].|
0000bc80  20 20 20 20 31 36 20 30  33 20 30 33 20 30 31 20  |    16 03 03 01 |
0000bc90  63 39 0a 3e 3e 3e 20 54  4c 53 20 31 2e 32 20 48  |c9.>>> TLS 1.2 H|
0000bca0  61 6e 64 73 68 61 6b 65  20 5b 6c 65 6e 67 74 68  |andshake [length|
--
--
0000bd00  33 20 37 35 20 63 63 20  33 37 20 38 35 20 66 66  |3 75 cc 37 85 ff|
0000bd10  20 65 36 20 37 32 20 39  61 20 39 35 20 34 65 20  | e6 72 9a 95 4e |
0000bd20  35 31 20 36 30 20 35 32  20 37 66 0a 20 20 20 20  |51 60 52 7f.    |
0000bd30  38 65 20 61 34 20 34 34  20 37 64 20 37 38 20 61  |8e a4 44 7d 78 a|
0000bd40  32 20 30 30 20 30 30 20  65 32 20 63 63 20 31 34  |2 00 00 e2 cc 14|
0000bd50  20 63 63 20 31 33 20 63  63 20 31 35 20 63 30 0a  | cc 13 cc 15 c0.|
0000bd60  20 20 20 20 33 30 20 63  30 20 32 63 20 63 30 20  |    30 c0 2c c0 |
0000bd70  32 38 20 63 30 20 32 34  20 63 30 20 31 34 20 63  |28 c0 24 c0 14 c|
0000bd80  30 20 30 61 20 30 30 20  61 35 20 30 30 20 61 33  |0 0a 00 a5 00 a3|
--
--
0000c170  20 20 20 20 30 30 20 30  34 20 30 30 20 30 35 20  |    00 04 00 05 |
0000c180  30 30 20 31 32 20 30 30  20 31 33 20 30 30 20 30  |00 12 00 13 00 0|
0000c190  31 20 30 30 20 30 32 20  30 30 20 30 33 20 30 30  |1 00 02 00 03 00|
0000c1a0  20 30 66 0a 20 20 20 20  30 30 20 31 30 20 30 30  | 0f.    00 10 00|
0000c1b0  20 31 31 20 30 30 20 32  33 20 30 30 20 30 30 20  | 11 00 23 00 00 |
0000c1c0  30 30 20 30 64 20 30 30  20 32 30 20 30 30 20 31  |00 0d 00 20 00 1|
0000c1d0  65 20 30 36 20 30 31 0a  20 20 20 20 30 36 20 30  |e 06 01.    06 0|
0000c1e0  32 20 30 36 20 30 33 20  30 35 20 30 31 20 30 35  |2 06 03 05 01 05|
0000c1f0  20 30 32 20 30 35 20 30  33 20 30 34 20 30 31 20  | 02 05 03 04 01 |
--
--
0000c260  20 31 36 20 30 33 20 30  33 20 30 30 20 37 32 0a  | 16 03 03 00 72.|
0000c270  3c 3c 3c 20 54 4c 53 20  31 2e 32 20 48 61 6e 64  |<<< TLS 1.2 Hand|
0000c280  73 68 61 6b 65 20 5b 6c  65 6e 67 74 68 20 30 30  |shake [length 00|
0000c290  35 61 5d 2c 20 53 65 72  76 65 72 48 65 6c 6c 6f  |5a], ServerHello|
0000c2a0  0a 20 20 20 20 30 32 20  30 30 20 30 30 20 35 36  |.    02 00 00 56|
0000c2b0  20 30 33 20 30 33 20 38  31 20 31 31 20 66 36 20  | 03 03 81 11 f6 |
0000c2c0  35 39 20 37 31 20 62 64  20 34 34 20 32 33 20 61  |59 71 bd 44 23 a|
0000c2d0  64 20 64 35 0a 20 20 20  20 37 38 20 63 35 20 39  |d d5.    78 c5 9|
0000c2e0  39 20 33 64 20 35 34 20  36 61 20 37 39 20 39 33  |9 3d 54 6a 79 93|
--
--
0000c2e0  39 20 33 64 20 35 34 20  36 61 20 37 39 20 39 33  |9 3d 54 6a 79 93|
0000c2f0  20 66 64 20 33 36 20 65  65 20 35 36 20 62 63 20  | fd 36 ee 56 bc |
0000c300  39 30 20 31 35 20 38 37  0a 20 20 20 20 63 36 20  |90 15 87.    c6 |
0000c310  32 31 20 61 38 20 66 34  20 31 34 20 61 66 20 30  |21 a8 f4 14 af 0|
0000c320  30 20 63 30 20 33 30 20  30 30 20 30 30 20 32 65  |0 c0 30 00 00 2e|
0000c330  20 66 66 20 30 31 20 30  30 20 31 39 0a 20 20 20  | ff 01 00 19.   |
0000c340  20 31 38 20 64 61 20 37  36 20 35 61 20 62 32 20  | 18 da 76 5a b2 |
0000c350  63 61 20 63 39 20 35 39  20 33 36 20 64 38 20 63  |ca c9 59 36 d8 c|
0000c360  65 20 61 39 20 39 36 20  31 38 20 61 30 20 64 34  |e a9 96 18 a0 d4|
--
--
0000c370  0a 20 20 20 20 63 30 20  32 64 20 61 39 20 38 38  |.    c0 2d a9 88|
0000c380  20 38 35 20 62 30 20 63  64 20 36 36 20 61 34 20  | 85 b0 cd 66 a4 |
0000c390  30 30 20 30 62 20 30 30  20 30 34 20 30 33 20 30  |00 0b 00 04 03 0|
0000c3a0  30 20 30 31 0a 20 20 20  20 30 32 20 30 30 20 32  |0 01.    02 00 2|
0000c3b0  33 20 30 30 20 30 30 20  30 30 20 30 66 20 30 30  |3 00 00 00 0f 00|
0000c3c0  20 30 31 20 30 31 0a 3c  3c 3c 20 3f 3f 3f 20 5b  | 01 01.<<< ??? [|
0000c3d0  6c 65 6e 67 74 68 20 30  30 30 35 5d 0a 20 20 20  |length 0005].   |
0000c3e0  20 31 36 20 30 33 20 30  33 20 31 37 20 32 61 0a  | 16 03 03 17 2a.|
0000c3f0  3c 3c 3c 20 54 4c 53 20  31 2e 32 20 48 61 6e 64  |<<< TLS 1.2 Hand|
--
--
0000c430  20 30 30 20 31 37 20 30  62 20 30 30 20 30 39 20  | 00 17 0b 00 09 |
0000c440  33 34 20 33 30 20 38 32  20 30 39 20 33 30 20 33  |34 30 82 09 30 3|
0000c450  30 20 38 32 0a 20 20 20  20 30 37 20 31 38 20 61  |0 82.    07 18 a|
0000c460  30 20 30 33 20 30 32 20  30 31 20 30 32 20 30 32  |0 03 02 01 02 02|
0000c470  20 31 33 20 33 38 20 30  30 20 30 30 20 65 35 20  | 13 38 00 00 e5 |
0000c480  61 66 20 38 39 20 30 34  0a 20 20 20 20 31 34 20  |af 89 04.    14 |
0000c490  35 62 20 31 35 20 31 30  20 32 63 20 38 32 20 30  |5b 15 10 2c 82 0|
--
0000c480  61 66 20 38 39 20 30 34  0a 20 20 20 20 31 34 20  |af 89 04.    14 |
0000c490  35 62 20 31 35 20 31 30  20 32 63 20 38 32 20 30  |5b 15 10 2c 82 0|
0000c4a0  30 20 30 30 20 30 30 20  30 30 20 65 35 20 61 66  |0 00 00 00 e5 af|
0000c4b0  20 33 30 20 30 64 20 30  36 20 30 39 0a 20 20 20  | 30 0d 06 09.   |
0000c4c0  20 32 61 20 38 36 20 34  38 20 38 36 20 66 37 20  | 2a 86 48 86 f7 |
0000c4d0  30 64 20 30 31 20 30 31  20 30 62 20 30 35 20 30  |0d 01 01 0b 05 0|
0000c4e0  30 20 33 30 20 35 36 20  33 31 20 31 33 20 33 30  |0 30 56 31 13 30|
--
--
00011340  20 30 30 20 31 63 0a 3c  3c 3c 20 54 4c 53 20 31  | 00 1c.<<< TLS 1|
00011350  2e 32 20 48 61 6e 64 73  68 61 6b 65 20 5b 6c 65  |.2 Handshake [le|
00011360  6e 67 74 68 20 30 30 30  34 5d 2c 20 53 65 72 76  |ngth 0004], Serv|
00011370  65 72 48 65 6c 6c 6f 44  6f 6e 65 0a 20 20 20 20  |erHelloDone.    |
00011380  30 65 20 30 30 20 30 30  20 30 30 0a 3e 3e 3e 20  |0e 00 00 00.>>> |
00011390  3f 3f 3f 20 5b 6c 65 6e  67 74 68 20 30 30 30 35  |??? [length 0005|
000113a0  5d 0a 20 20 20 20 31 36  20 30 33 20 30 33 20 30  |].    16 03 03 0|
000113b0  30 20 61 65 0a 3e 3e 3e  20 54 4c 53 20 31 2e 32  |0 ae.>>> TLS 1.2|
000113c0  20 48 61 6e 64 73 68 61  6b 65 20 5b 6c 65 6e 67  | Handshake [leng|
--
--
000113b0  30 20 61 65 0a 3e 3e 3e  20 54 4c 53 20 31 2e 32  |0 ae.>>> TLS 1.2|
000113c0  20 48 61 6e 64 73 68 61  6b 65 20 5b 6c 65 6e 67  | Handshake [leng|
000113d0  74 68 20 30 30 39 36 5d  2c 20 43 6c 69 65 6e 74  |th 0096], Client|
000113e0  4b 65 79 45 78 63 68 61  6e 67 65 0a 20 20 20 20  |KeyExchange.    |
000113f0  31 30 20 30 30 20 30 30  20 39 32 20 39 31 20 30  |10 00 00 92 91 0|
00011400  34 20 30 34 20 63 30 20  61 38 20 66 39 20 36 36  |4 04 c0 a8 f9 66|
00011410  20 31 33 20 39 35 20 39  34 20 62 35 20 62 66 0a  | 13 95 94 b5 bf.|
00011420  20 20 20 20 61 65 20 36  66 20 61 64 20 31 31 20  |    ae 6f ad 11 |
00011430  63 33 20 61 36 20 37 31  20 31 30 20 33 38 20 37  |c3 a6 71 10 38 7|
--
--
000116d0  5d 0a 20 20 20 20 31 36  20 30 33 20 30 33 20 30  |].    16 03 03 0|
000116e0  30 20 65 32 0a 3c 3c 3c  20 54 4c 53 20 31 2e 32  |0 e2.<<< TLS 1.2|
000116f0  20 48 61 6e 64 73 68 61  6b 65 20 5b 6c 65 6e 67  | Handshake [leng|
00011700  74 68 20 30 30 63 61 5d  3f 3f 3f 0a 20 20 20 20  |th 00ca]???.    |
00011710  30 34 20 30 30 20 30 30  20 63 36 20 30 30 20 30  |04 00 00 c6 00 0|
00011720  30 20 30 31 20 32 63 20  30 30 20 63 30 20 35 64  |0 01 2c 00 c0 5d|
00011730  20 37 37 20 37 35 20 31  37 20 37 64 20 64 63 0a  | 77 75 17 7d dc.|
00011740  20 20 20 20 39 39 20 33  34 20 33 63 20 64 35 20  |    99 34 3c d5 |
00011750  61 63 20 36 63 20 63 39  20 61 66 20 33 61 20 39  |ac 6c c9 af 3a 9|
--
--
00011a10  20 20 20 31 36 20 30 33  20 30 33 20 30 30 20 32  |   16 03 03 00 2|
00011a20  38 0a 3c 3c 3c 20 54 4c  53 20 31 2e 32 20 48 61  |8.<<< TLS 1.2 Ha|
00011a30  6e 64 73 68 61 6b 65 20  5b 6c 65 6e 67 74 68 20  |ndshake [length |
00011a40  30 30 31 30 5d 2c 20 46  69 6e 69 73 68 65 64 0a  |0010], Finished.|
00011a50  20 20 20 20 31 34 20 30  30 20 30 30 20 30 63 20  |    14 00 00 0c |
00011a60  63 35 20 36 39 20 66 66  20 65 64 20 34 63 20 37  |c5 69 ff ed 4c 7|
00011a70  32 20 37 62 20 63 64 20  36 32 20 39 34 20 35 35  |2 7b cd 62 94 55|
00011a80  20 31 35 0a 3e 3e 3e 20  3f 3f 3f 20 5b 6c 65 6e  | 15.>>> ??? [len|
00011a90  67 74 68 20 30 30 30 35  5d 0a 20 20 20 20 31 35  |gth 0005].    15|
--
--
00011d50  3a 20 31 35 36 32 36 39  32 39 36 37 0a 20 20 20  |: 1562692967.   |
00011d60  20 54 69 6d 65 6f 75 74  20 20 20 3a 20 33 30 30  | Timeout   : 300|
00011d70  20 28 73 65 63 29 0a 20  20 20 20 56 65 72 69 66  | (sec).    Verif|
00011d80  79 20 72 65 74 75 72 6e  20 63 6f 64 65 3a 20 30  |y return code: 0|
00011d90  20 28 6f 6b 29 0a 2d 2d  2d 0a 00 00 00 01 00 00  | (ok).---.......|
00011da0  00 03 3c 8a 4c 96 20 20  20 20 20 20 20 20 20 20  |..<.L.          |
00011db0  30 78 43 43 2c 30 78 31  34 20 2d 20 45 43 44 48  |0xCC,0x14 - ECDH|
00011dc0  45 2d 45 43 44 53 41 2d  43 48 41 43 48 41 32 30  |E-ECDSA-CHACHA20|
00011dd0  2d 50 4f 4c 59 31 33 30  35 2d 4f 4c 44 20 54 4c  |-POLY1305-OLD TL|
--
--
00018800  79 20 72 65 74 75 72 6e  20 63 6f 64 65 3a 20 31  |y return code: 1|
00018810  39 20 28 73 65 6c 66 20  73 69 67 6e 65 64 20 63  |9 (self signed c|
00018820  65 72 74 69 66 69 63 61  74 65 20 69 6e 20 63 65  |ertificate in ce|
00018830  72 74 69 66 69 63 61 74  65 20 63 68 61 69 6e 29  |rtificate chain)|
00018840  0a 2d 2d 2d 0a 00 00 00  01 00 00 00 03 36 40 17  |.---.........6@.|
00018850  84 75 6e 6b 6e 6f 77 6e  20 6f 70 74 69 6f 6e 20  |.unknown option |
00018860  2d 68 65 6c 70 0a 75 73  61 67 65 3a 20 73 5f 63  |-help.usage: s_c|
00018870  6c 69 65 6e 74 20 61 72  67 73 0a 0a 20 2d 68 6f  |lient args.. -ho|
00018880  73 74 20 68 6f 73 74 20  20 20 20 20 2d 20 75 73  |st host     - us|
bknowles commented 5 years ago

So, I'm guessing this problem is not unique to the native version of OpenSSL that is installed.

dcooper16 commented 5 years ago

So, I'm guessing this problem is not unique to the native version of OpenSSL that is installed.

The --ssl-native isn't about which version of OpenSSL to use -- it is about whether to use OpenSSL or testssl.sh's own implementation of the TLS handshake.

If you want to see if you get the same results using the OpenSSL that comes with your OS, then try

./testssl.sh --openssl=/usr/bin/openssl --protocols --ssl-native --debug 1 https://host.domain.private:7233

I tried running testssl.sh on my Mac, which seems to be the exact same version as yours, but did not see the problems that you did. Have you tried testing against a different server? Do you know whether these error messages appear whenever you use testssl.sh or only when testing this specific server?

The results that you are seeing are odd:

$ hexdump -C /tmp/testssl.UAUIYL/*run_prototest_openssl-tls1.txt | grep --color -A 4 -B 4 " 00 "
000016a0  20 72 65 74 75 72 6e 20  63 6f 64 65 3a 20 31 39  | return code: 19|
000016b0  20 28 73 65 6c 66 20 73  69 67 6e 65 64 20 63 65  | (self signed ce|
000016c0  72 74 69 66 69 63 61 74  65 20 69 6e 20 63 65 72  |rtificate in cer|
000016d0  74 69 66 69 63 61 74 65  20 63 68 61 69 6e 29 0a  |tificate chain).|
000016e0  2d 2d 2d 0a 00 00 00 01  00 00 00 03 3c 0e 31 fb  |---.........<.1.|
000016f0

Looking at the OpenSSL source code (apps/s_client.c), I see that a call is made to print out session information (SSL_SESSION_print), which ends with printing the return code, after which BIO_printf is called to print "---\n", and then finally BIO_flush is called.

In every test that I've run, the text that is output ends with the "---\n" (i.e, 2d 2d 2d 0a). In your case, however, there is extra stuff that is appearing after the "---\n".

So, my uneducated guess would be that when I run the test BIO_flush isn't printing anything, but in your case there is some internally buffered data that is being printed when BIO_flush is called.

I can see that in every case you showed above that "extra stuff" begins with 00 00 00 01 00 00 00 03, but I don't know what that might mean. I just don't understand the OpenSSL source code well enough to understand how that might happen. My first guess was that OpenSSL's behavior might be affected by some environmental variable that is set differently in your environment than in mine, but I didn't notice anything in the source code that would cause that to happen.

If my guess is correct that this data is being printed when BIO_flush is called, I don't know what might result in data being internally buffered rather than being printed immediately. I don't even know if this is expected behavior or a bug in the OpenSSL code.

drwetter commented 5 years ago

@dcooper16 thx! Normally the architecture shouldn't matter but did you just try with OSX?

@bknowles : can you please try 1) run ./utils/00_unittest_baseline.sh (after a fresh pull)? 2) ./testssl.sh self-signed.badssl.com. Please report back whether those runs showed similar errors than you reported.

dcooper16 commented 5 years ago

This implies to me that perhaps we need to post-filter the output from OpenSSL, to remove any nulls that it might generate.

This would technically be possible. We could change

local server_hello="$(< "$1")"

to

local server_hello="$(tr -d '\00' < "$1")"

However, this change would have a performance impact. For most systems that impact would be relatively small, but it would it would be helpful to find out why this is happening first, given that it doesn't make sense for OpenSSL to be printing null characters to the terminal.

bknowles commented 5 years ago

@dcooper16

The --ssl-native isn't about which version of OpenSSL to use -- it is about whether to use OpenSSL or testssl.sh's own implementation of the TLS handshake.

Ahh, sorry. I misunderstood.

If you want to see if you get the same results using the OpenSSL that comes with your OS, then try

I don't know if this will make a difference, but in the interest of getting more complete information, I will give it a shot.

Have you tried testing against a different server? Do you know whether these error messages appear whenever you use testssl.sh or only when testing this specific server?

I have tried hitting other TIBCO servers that we have running internally at other life cycle levels (dev versus test, etc...), and I have seen the same kind of errors. However, they're also using the same internal self-signed root CA, so I can't be sure that this is a TIBCO problem versus a self-signed root CA problem.

When I use this version 3.0rc5 of testssl.sh against other servers on the 'net, I do not see these kinds of problems. It's just when I'm trying to debug internal servers that are owned and operated by other teams, which speak a highly proprietary protocol, and where they are only now starting to move off SSLv3, and they are still using 1024 bit RSA keys. So, my hands are tied with regards to their servers, but I can test against other hosts.

Oh, and did I mention that they're still using RC4 and 3DES? 🤦🏻‍♂️

At least we're finally now completely dropping the export grade ciphers, although we are not yet requiring server cipher order, so insecure clients could easily choose poor algorithms. 😱

bknowles commented 5 years ago

However, this change would have a performance impact. For most systems that impact would be relatively small, but it would it would be helpful to find out why this is happening first, given that it doesn't make sense for OpenSSL to be printing null characters to the terminal.

Unfortunately, that syntax does not appear to be correct for tr. I get the following error:

tr: Illegal byte sequence
dcooper16 commented 5 years ago

@dcooper16 thx! Normally the architecture shouldn't matter but did you just try with OSX?

No, I also tried on Ubuntu and got the same results. I generally try to avoid running testssl.sh on my Mac, and usually only run it on a VM that I set up for development.

In any case, it seems that the problem is specific to the servers being tested rather than to the client being used.

I just tried creating a certificate with a null character in the subject name, but that didn't cause a problem. OpenSSL just escaped the null character as '\x00' and didn't print any null characters to the terminal.

dcooper16 commented 5 years ago

Unfortunately, that syntax does not appear to be correct for tr. I get the following error:

  tr: Illegal byte sequence

I tried the tr -d '\00' < "$1" on both Linux and Mac, and it worked on both. I did a search, and it seems that "Illegal byte sequence" is a complaint about the contents of the file, and not about the command line.

Another option would be cat -v "$1". The -v option tells cat to "use ^ and M- notation" for non-printing characters. However, without access to a file that cause tr to complain a an "Illegal byte sequence," I can't be certain that cat wouldn't complain as well.

bknowles commented 5 years ago 
local server_hello="$(tr -d '\00' < "$1")"

I tried all variants of this I could, including '\0' and '\000', both of which should have worked. Unfortunately, tr barfed on all three of these choices. I also tried using sed to strip the null character using the example at https://superuser.com/questions/287997/how-to-use-sed-to-remove-null-bytes and that also barfed.

I'm going to try Python or Perl next.

bknowles commented 5 years ago

Yup, perl worked. I used this syntax:

local server_hello="$(perl -np -e 's/\0//g' < "$1")"
bknowles commented 5 years ago

So, you guys are probably going to want to drop support for macOS at some point, because it just gets too painful to continue to support. And if/when you make that decision, I totally won't blame you -- although I will hope that the documentation gets updated to suit. ;)

In the meanwhile, do you want a PR for this change on those three lines?

drwetter commented 5 years ago

Why would we?

Please run the tests to help get this resolved.

bknowles commented 5 years ago

Please run the tests to help get this resolved.

I'll run the requested tests with my modified version of testssl.sh (with these three lines changed), as well as your version from a fresh pull.

But even if self-signed.badssl.com can't trigger the same kind of errors that I'm seeing internally, my view is that this is a case where you need to protect yourself against potential garbage input from external/upstream tools, and so stripping nulls on input would still make sense.

dcooper16 commented 5 years ago

So, you guys are probably going to want to drop support for macOS at some point, because it just gets too painful to continue to support.

At the moment we haven't discovered any evidence that the problems you are encountering a related to the client (macOS) you are using. It just seems to be some weird interaction between OpenSSL and your internal servers.

In the meanwhile, do you want a PR for this change on those three lines?

I won't speak for Dirk, but at the moment testssl.sh doesn't use perl and https://github.com/drwetter/testssl.sh/wiki/Coding-Style says "don't use additional binaries" (unless it's really necessary).

bknowles commented 5 years ago

I won't speak for Dirk, but at the moment testssl.sh doesn't use perl and https://github.com/drwetter/testssl.sh/wiki/Coding-Style says "don't use additional binaries" (unless it's really necessary).

Sadly, I can't get the null stripping working with either tr or sed, which would be the obvious candidates. All I can figure is that Apple bundles old, janky, broken versions of these tools, and doesn't care to fix them.

Do you have another suggestion? Maybe depend on the GNU versions instead?

bknowles commented 5 years ago

@bknowles : can you please try 1) run ./utils/00_unittest_baseline.sh (after a fresh pull)?

So far, I found one problem, specifically with sed complaining:

Running testssl.sh SSLv2 protocol check against localhost for SSLv2: 

 Start 2019-07-09 17:14:54        -->> 127.0.0.1:4433 (localhost) <<--

 A record via:           /etc/hosts 
 rDNS (127.0.0.1):       --
127.0.0.1:4433 appears to only support SSLv2.
 Service detected:       HTTP

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      offered (NOT ok), also VULNERABLE to DROWN attack -- 9 ciphers
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    not offered
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Done 2019-07-09 17:15:13 [0023s] -->> 127.0.0.1:4433 (localhost) <<--

sed: 1: "tmp.json": undefined label 'mp.json'
SSLv2: PASSED

And later we see the same problem again:

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      offered (NOT ok), also VULNERABLE to DROWN attack -- 9 ciphers
 SSLv3      offered (NOT ok)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered
 NPN/SPDY   spdy/3,  http/1.1 (advertised)
 ALPN/HTTP2 h2 (offered)

 Done 2019-07-09 17:15:35 [0022s] -->> 127.0.0.1:4433 (localhost) <<--

sed: 1: "tmp.json": undefined label 'mp.json'
SPDY/NPN:  PASSED
sed: 1: "tmp.json": undefined label 'mp.json'
HTTP2/ALPN: PASSED
rm: tmp.json: No such file or directory
Running baseline check with testssl.sh against localhost

EDIT: Note that these results came from the following version:

$ git log | head -1
commit f405991b8cf1ba19117980e538da3d242c093a36

EDIT2: Note that my hacked-up version using Perl to strip nulls did not fare any better with ./unit/00_unittest_baseline.sh.

bknowles commented 5 years ago

I won't speak for Dirk, but at the moment testssl.sh doesn't use perl and https://github.com/drwetter/testssl.sh/wiki/Coding-Style says "don't use additional binaries" (unless it's really necessary).

I did note the use of Perl in this file: ./utils/update_client_sim_data.pl

EDIT: Here's all the places where I could find perl being used in the repo, skipping the reference to perldoc.org:

t/23_client_simulation.t:#!/usr/bin/env perl
t/21_baseline_ipv6_http.t.DISABLED:#!/usr/bin/env perl
t/25_baseline_starttls.t:#!/usr/bin/env perl
t/08_isHTML_valid.t:#!/usr/bin/env perl
t/51_badssl.com.t:#!/usr/bin/env perl
t/01_ca_hashes_up_to_date.t:#!/usr/bin/env perl
t/59_hpkp.t.tmpDISABLED:#!/usr/bin/env perl
t/07_isJSON_valid.t:#!/usr/bin/env perl
t/20_baseline_ipv4_http.t:#!/usr/bin/env perl
t/09_isJSON_severitylevel_valid.t:#!/usr/bin/env perl
utils/parse_client_ciphers.pl:#!/usr/bin/perl
utils/update_client_sim_data.pl:#!/usr/bin/perl
bknowles commented 5 years ago

However, this change would have a performance impact. For most systems that impact would be relatively small, but it would it would be helpful to find out why this is happening first, given that it doesn't make sense for OpenSSL to be printing null characters to the terminal.

I'm looking at performance right now. I'm re-running my tests under /usr/bin/time, and with the latest version of 3.0rc5 that I have (from commit f405991b8cf1ba19117980e538da3d242c093a36), I get the following timing:

180.70 real        30.75 user        32.37 sys

So, almost exactly three minutes to run the standard array of tests against the same host I've been working with so far.

Now, my hacked-up version which uses Perl to strip nulls:

184.23 real        31.21 user        33.32 sys

That's 3.53 wallclock seconds more, or about 1.953514111787493082% longer.

I'll try using the cat -v suggestion above, and compare that:

181.34 real        30.39 user        31.11 sys

So, a bit better than the Perl solution on wall clock time, and better in both user time and system time than the original unmodified testssl.sh script itself!

So maybe this might be a non-egregious use of cat?

Of course, all these timings are single runs only. We'd need to do a lot more runs against a lot more targets before we could be sure of the real overall expected impact of these kinds of changes.

bknowles commented 5 years ago

Note that my hacked-up version using Perl to strip nulls did not fare any better with ./unit/00_unittest_baseline.sh.

And the hacked-up version using cat -v to do null stripping also fared no better. ;(

bknowles commented 5 years ago

Sadly, I can't get the null stripping working with either tr or sed, which would be the obvious candidates.

I can confirm that cat -v appears to work in reliably converting nulls into something that is at least printable, and then can be ignored.

So, we can skip using Perl, although it's good to know that there are multiple solutions available to us, in the case that both tr and sed are so horribly broken that we can't reliably use them to strip nulls.

drwetter commented 5 years ago

Hi @dcooper16 ,

In any case, it seems that the problem is specific to the servers being tested rather than to the client being used.

Thought the same. But I wanted to exclude that it is an OpenSSL+Darwin ghost we're chasing.

drwetter commented 5 years ago

Hi @bknowles ,

perl is being used in helper programs and for unit tests but as @dcooper16 said we're won't use it in testssl.sh itself.

And before doing any code changes I'd rather like to have it confirmed if it's the certificate and to understand how the null chars made it into your certificate.

Is it possible to send me the file /tmp/testssl.XXXXX/host_certificate.pem (see grep SWCONTACT testssl.sh ?

drwetter commented 5 years ago

@bknowles: ./utils/00_unittest_baseline.sh is a PoC. Thus I am not interested in any script errors for now. But what does the server defaults section in the last test say?

On 7/10/19 12:18 AM, Brad Knowles wrote:

@bknowles <https://github.com/bknowles> : can you please try 1) run |./utils/00_unittest_baseline.sh| (after a fresh pull)?

So far, I found one problem, specifically with |sed| complaining:

|Running testssl.sh SSLv2 protocol check against localhost for SSLv2: Start 2019-07-09 17:14:54 -->> 127.0.0.1:4433 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- 127.0.0.1:4433 appears to only support SSLv2. Service detected: HTTP Testing protocols via sockets except NPN+ALPN SSLv2 offered (NOT ok), also VULNERABLE to DROWN attack -- 9 ciphers SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 not offered TLS 1.3 not offered NPN/SPDY not offered ALPN/HTTP2 not offered Done 2019-07-09 17:15:13 [0023s] -->> 127.0.0.1:4433 (localhost) <<-- sed: 1: "tmp.json": undefined label 'mp.json' SSLv2: PASSED |

And later we see the same problem again:

|Testing protocols via sockets except NPN+ALPN SSLv2 offered (NOT ok), also VULNERABLE to DROWN attack -- 9 ciphers SSLv3 offered (NOT ok) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) TLS 1.3 not offered NPN/SPDY spdy/3, http/1.1 (advertised) ALPN/HTTP2 h2 (offered) Done 2019-07-09 17:15:35 [0022s] -->> 127.0.0.1:4433 (localhost) <<-- sed: 1: "tmp.json": undefined label 'mp.json' SPDY/NPN: PASSED sed: 1: "tmp.json": undefined label 'mp.json' HTTP2/ALPN: PASSED rm: tmp.json: No such file or directory Running baseline check with testssl.sh against localhost |

bknowles commented 5 years ago

Is it possible to send me the file /tmp/testssl.XXXXX/host_certificate.pem (see grep SWCONTACT testssl.sh ?

It might be possible to share that with you privately, but doing so would certainly require the approval of our Senior Systems Architect, plus presumably several other layers in the chain of command. And they would almost certainly require that you sign an NDA.

Before we go that route, I would prefer to try exploring other things that are less likely to potentially expose things that they would consider to be internal company proprietary information.

I am happy to explore an examination of the PEM file certificate, if you can help me understand the various commands that you might want to run.

bknowles commented 5 years ago

But what does the server defaults section in the last test say?

When testing against the local server that the script fires up itself, listening on 127.0.0.1:4433, I don't see any "Server Defaults" section.

I'm also not finding any host_certificate.pem file in any of the /tmp/testssl.* directories.

And going a grep -ir 'server default' /tmp/testssl.* doesn't turn up any hits.

Obviously, I'm missing something here, but it's not clear to me what that is.

bknowles commented 5 years ago

Thought the same. But I wanted to exclude that it is an OpenSSL+Darwin ghost we're chasing.

BTW, I think it is entirely possible that this is an OpenSSL+Darwin ghost, and wouldn't happen with any other OS with a reasonable implementation of bash, or OpenSSL, etc....

I think the more important question is whether or not this is something you are willing to modify the code to protect itself against, or if you want to drop support for macOS/Darwin instead. Frankly, if I were in your shoes, I think I might be inclined to drop support for macOS/Darwin.

However, I'm not in your shoes, so if you do decide to drop support for macOS/Darwin, then I'm inclined to fork the repo and maintain my own separate version that is intended to deal with all these weird edge cases that don't appear to happen on any other platform. In that case, I would be inclined to try to continue to track your version as an upstream repo as much as I could, but I would commit to maintaining a separate macOS/Darwin-specific version, at least for as long as I could.

EDIT: Please note, this is not intended to be a threat. Far from it. I find testssl.sh to be a vitally important tool, and I'm willing to go to some extreme lengths to keep it working on my platform of choice. There's lots of things I don't like about macOS/Darwin, but it is still a better overall choice for me than anything else I know of, and so I'll do whatever I have to in order to keep my critical tools working on my platform of choice.

dcooper16 commented 5 years ago

As I noted in an earlier comment, I tried creating a certificate with a null character in the subject name, and OpensSSL seemed able to handle that okay. So, that doesn't seem to be the problem. However, if you are interested, I wrote a C program several years ago that parses a certificate and looks for encoding errors. It is a command-line program and the output isn't very user-friendly, but I could send it to you, if you'd like to try it on this certificate. It should be easy to compile on any system that has a C compiler installed.

Is it possible to send me the file /tmp/testssl.XXXXX/host_certificate.pem (see grep SWCONTACT testssl.sh ?

It might be possible to share that with you privately, but doing so would certainly require the approval of our Senior Systems Architect, plus presumably several other layers in the chain of command. And they would almost certainly require that you sign an NDA.

I am happy to explore an examination of the PEM file certificate, if you can help me understand the various commands that you might want to run.

bknowles commented 5 years ago

As I noted in an earlier comment, I tried creating a certificate with a null character in the subject name, and OpensSSL seemed able to handle that okay. So, that doesn't seem to be the problem. However, if you are interested, I wrote a C program several years ago that parses a certificate and looks for encoding errors. It is a command-line program and the output isn't very user-friendly, but I could send it to you, if you'd like to try it on this certificate. It should be easy to compile on any system that has a C compiler installed.

Absolutely! I'm very happy to try that out.

Thanks!

bknowles commented 5 years ago

Using the certificate_validate program provided by @dcooper16 , I tested each of the certs that we get back from the host I've been working with -- the cert for the host itself, plus the extra certs that come back as the chain to the internally self-signed CA root.

I'm not seeing anything obvious, but here's the output from each of them. First, we have the actual host cert itself, with multiple SANs:

$ certificate_validate 1.pem 
Certificate:
TBSCertificate:
extensions:
Extension:
keyUsage:
Warning: keyUsage should be marked as critical.

This is the internal root CA:

$ certificate_validate 2.pem 
Certificate:
TBSCertificate:
extensions:
Extension:
keyUsage:
Warning: keyUsage should be marked as critical.

Certificate:
TBSCertificate:
extensions:
Extension:
Warning:  Unrecognized non-critical extension: 1.3.6.1.4.1.311.21.1.  Contents not parsed.

This is the internal issuing CA, signed by the root CA:

$ certificate_validate 3.pem 
Certificate:
TBSCertificate:
extensions:
Extension:
Warning:  Unrecognized non-critical extension: 1.3.6.1.4.1.311.21.1.  Contents not parsed.

Certificate:
TBSCertificate:
extensions:
Extension:
keyUsage:
Warning: keyUsage should be marked as critical.

I'm not seeing any obvious errors here, but maybe I'm not using the tool correctly?

EDIT: And yes, I had to go in with openssl x509 -in 123.pem -text for each of the above three files, to see which one was which, and that I was testing against the correct PEM files.

bknowles commented 5 years ago

Looking at the Stackoverflow page at https://stackoverflow.com/questions/6465454/table-of-oids-for-certificates-subject I can see that this exposes what software we're using for the rootCA:

    '1.3.6.1.4.1.311.21' => 'Microsoft CertSrv Infrastructure',
    '1.3.6.1.4.1.311.21.1' => 'szOID_CERTSRV_CA_VERSION',
    '1.3.6.1.4.1.311.21.20' => 'Client Information',

Does knowing that help in any way?

drwetter commented 5 years ago

EDIT: And yes, I had to go in with openssl x509 -in 123.pem -text for each of the above three files, to see which one was which, and that I was testing against the correct PEM files.

First: Did openssl x509 -text... show any non-printable chars?

Second: Also please check with openssl s_client connect YOURHOST:443 -servernane YOURHOST whether there are non-printable chars. Also try with -tls1, -tls1_1 and tls1_2.

3rd check please: try another platform. Preferably Linux.

bknowles commented 5 years ago

First: Did openssl x509 -text... show any non-printable chars?

Crap. I should have thought to check that. Sigh....

I will check and report back.

Second: Also please check with openssl s_client connect YOURHOST:443 -servernane YOURHOST whether there are non-printable chars. Also try with -tls1, -tls1_1 and tls1_2.

Will do.

3rd check please: try another platform. Preferably Linux.

Will do.

bknowles commented 5 years ago

First: Did openssl x509 -text... show any non-printable chars?

Crap. I should have thought to check that. Sigh....

I will check and report back.

I can confirm that no unprintable characters were displayed as a result of running openssl x509 -in 123.pem -text on each of the three PEM files.

In the PEM file for the host itself, I did see weird things like:

        X509v3 extensions:
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            1.3.6.1.4.1.311.21.7: 
                0/.'+.....7....._...........*...5.W...~...$..d..B

And:

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            1.3.6.1.4.1.311.21.10: 
                0.0
..+.......

I ran the command twice, once with and once without piping to cat -v, and I can confirm that these are printable dots, pluses, tildes, dollar signs, etc.... I would assume these come from the fact that they're using 'Microsoft CertSrv' for their internal self-signed root and the part of the OID space that OpenSSL doesn't recognize. But it's not generating unprintable characters as a result.

For the Linux host to use for testing, do you have a preference as to the particular distribution and other tools installed?

bknowles commented 5 years ago

Unfortunately, I can't access the company VPN right now, so I can't run the other tests. I'll have to do those from the office on Monday.

bknowles commented 5 years ago

I'm having trouble accessing one of the servers I had been testing with, but I have another one that is exhibiting the same problem. I've run this command:

echo | openssl s_client -showcerts -CAfile 2.pem -connect hostname.domain.private:17293

And I've run it both ways -- once capturing the output to a binary file, and once piped to cat -v which is then captured to a separate file.

Doing a diff on these two files, there are some differences in the Session ID, the Start Time, etc... which are to be expected. However, what is not expected is that the cat -v version shows that there are actually some additional unprintable characters being output at the very end of the process. The cat -v command shows them as "^@^@^@^A^@^@^@^C6^V#?".

Here's the last few lines from a hexdump -C of the binary file:

00002be0  65 72 69 66 79 20 72 65  74 75 72 6e 20 63 6f 64  |erify return cod|
00002bf0  65 3a 20 30 20 28 6f 6b  29 0a 20 20 20 20 45 78  |e: 0 (ok).    Ex|
00002c00  74 65 6e 64 65 64 20 6d  61 73 74 65 72 20 73 65  |tended master se|
00002c10  63 72 65 74 3a 20 6e 6f  0a 2d 2d 2d 0a 00 00 00  |cret: no.---....|
00002c20  01 00 00 00 03 0e b3 3f  09                       |.......?.|
00002c29

Here's the corresponding last few lines of the file as output through cat -v:

00002bf0  65 3a 20 30 20 28 6f 6b  29 0a 20 20 20 20 45 78  |e: 0 (ok).    Ex|
00002c00  74 65 6e 64 65 64 20 6d  61 73 74 65 72 20 73 65  |tended master se|
00002c10  63 72 65 74 3a 20 6e 6f  0a 2d 2d 2d 0a 5e 40 5e  |cret: no.---.^@^|
00002c20  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 36 5e 56  |@^@^A^@^@^@^C6^V|
00002c30  23 aa                                             |#.|
00002c32
bknowles commented 5 years ago

Looking at the above, it appears that the additional garbage at the end is the bytes starting with the sequence 0a 2d 2d 2d 0a 00 00 00 01 00 00 00 03 0e b3 3f 09.

I'll try the same command with the binary version of openssl that you provide as a part of the testssl.sh package. That command looks like this:

echo | ~/src/git/testssl.sh/bin/openssl.Darwin.x86_64 s_client -showcerts -CAfile 2.pem -connect hostname.domain.private:17293

Looking at the last few lines of the output from hexdump -C on the binary file that is captured from the above command, we see:

00002ad0  75 74 20 20 20 3a 20 33  30 30 20 28 73 65 63 29  |ut   : 300 (sec)|
00002ae0  0a 20 20 20 20 56 65 72  69 66 79 20 72 65 74 75  |.    Verify retu|
00002af0  72 6e 20 63 6f 64 65 3a  20 30 20 28 6f 6b 29 0a  |rn code: 0 (ok).|
00002b00  2d 2d 2d 0a 00 00 00 01  00 00 00 03 2d a4 bf 0a  |---.........-...|
00002b10

Note that there is a "Verify return code" section here, but no "Extended master secret" section. That string of 00 00 00 00 characters looks suspicious, however. And piping that file through cat -v, we see that they are unprintable:

00002ad0  75 74 20 20 20 3a 20 33  30 30 20 28 73 65 63 29  |ut   : 300 (sec)|
00002ae0  0a 20 20 20 20 56 65 72  69 66 79 20 72 65 74 75  |.    Verify retu|
00002af0  72 6e 20 63 6f 64 65 3a  20 30 20 28 6f 6b 29 0a  |rn code: 0 (ok).|
00002b00  2d 2d 2d 0a 5e 40 5e 40  5e 40 5e 41 5e 40 5e 40  |---.^@^@^@^A^@^@|
00002b10  5e 40 5e 43 2d a4 bf 0a                           |^@^C-...|
00002b18

So, both implementations of openssl on macOS seem to have the same problem here.

Now to test on Linux.

bknowles commented 5 years ago

One thing I have discovered is that we don't always get the unprintable characters.

Sometimes, when I run the openssl s_client command, and pipe that through hexdump -C, it will show suspicious characters at the end which I believe are unprintable.

But I re-run the command and pipe it through cat -v before the hexdump -C, and the unprintable characters don't show up.

But if I re-run that command again, also piping it through cat -v again, then the unprintable characters might show up this time.

And this is true for both the system version of the openssl s_client command, as well as the version of the openssl binary that you include in the testssl.sh package.

Weird.

EDIT: And multiple runs of the exact same command, always piping it through cat -v, I see that the unprintable characters at the end will change.

Here's one run:

00002ac0  32 30 39 31 36 31 0a 20  20 20 20 54 69 6d 65 6f  |209161.    Timeo|
00002ad0  75 74 20 20 20 3a 20 33  30 30 20 28 73 65 63 29  |ut   : 300 (sec)|
00002ae0  0a 20 20 20 20 56 65 72  69 66 79 20 72 65 74 75  |.    Verify retu|
00002af0  72 6e 20 63 6f 64 65 3a  20 31 39 20 28 73 65 6c  |rn code: 19 (sel|
00002b00  66 20 73 69 67 6e 65 64  20 63 65 72 74 69 66 69  |f signed certifi|
00002b10  63 61 74 65 20 69 6e 20  63 65 72 74 69 66 69 63  |cate in certific|
00002b20  61 74 65 20 63 68 61 69  6e 29 0a 2d 2d 2d 0a 5e  |ate chain).---.^|
00002b30  40 5e 40 5e 40 5e 41 5e  40 5e 40 5e 40 5e 43 5e  |@^@^@^A^@^@^@^C^|
00002b40  52 77 a6 4d 2d 5e 4e                              |Rw.M-^N|
00002b47

And here's the next run, just a few seconds later:

00002ac0  32 30 39 33 39 32 0a 20  20 20 20 54 69 6d 65 6f  |209392.    Timeo|
00002ad0  75 74 20 20 20 3a 20 33  30 30 20 28 73 65 63 29  |ut   : 300 (sec)|
00002ae0  0a 20 20 20 20 56 65 72  69 66 79 20 72 65 74 75  |.    Verify retu|
00002af0  72 6e 20 63 6f 64 65 3a  20 31 39 20 28 73 65 6c  |rn code: 19 (sel|
00002b00  66 20 73 69 67 6e 65 64  20 63 65 72 74 69 66 69  |f signed certifi|
00002b10  63 61 74 65 20 69 6e 20  63 65 72 74 69 66 69 63  |cate in certific|
00002b20  61 74 65 20 63 68 61 69  6e 29 0a 2d 2d 2d 0a 5e  |ate chain).---.^|
00002b30  40 5e 40 5e 40 5e 41 5e  40 5e 40 5e 40 5e 43 28  |@^@^@^A^@^@^@^C(|
00002b40  c7 5e fe                                          |.^.|
00002b43
bknowles commented 5 years ago

Note that using -tls1 or -tls1_1 or -tls1_2 doesn't change any of the above behaviours that have been observed -- sometimes we get unprintable characters at the end, sometimes we don't.

And when we do get unprintable characters at the end, they will be different from the last time we ran the command, even if that was literally less than one second ago.

bknowles commented 5 years ago

I wrote a trivial shell script to loop through and run the same command twenty times, and capturing the last five lines of output from each run:

Mon Jul 15 12:16:06 CDT 2019
--------------------
00002930  20 63 6f 64 65 3a 20 31  39 20 28 73 65 6c 66 20  | code: 19 (self |
00002940  73 69 67 6e 65 64 20 63  65 72 74 69 66 69 63 61  |signed certifica|
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a           |e chain).---.|
0000296d
--------------------
Mon Jul 15 12:16:06 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 4f 4d  |@^@^A^@^@^@^C^OM|
00002980  2d 5e 57 2f d2                                    |-^W/.|
00002985
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 5e a7  |@^@^A^@^@^@^C^^.|
00002980  ed cf                                             |..|
00002982
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 36 5a fb  |@^@^A^@^@^@^C6Z.|
00002980  c6                                                |.|
00002981
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 37 a4 5e  |@^@^A^@^@^@^C7.^|
00002980  52 e2                                             |R.|
00002982
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 48 7a  |@^@^A^@^@^@^C^Hz|
00002980  d3 5e 52                                          |.^R|
00002983
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 5d 46  |@^@^A^@^@^@^C^]F|
00002980  b5 5e 55                                          |.^U|
00002983
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 44 f1  |@^@^A^@^@^@^C^D.|
00002980  fd fd                                             |..|
00002982
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 42 53  |@^@^A^@^@^@^C^BS|
00002980  5e 42 5e 4f                                       |^B^O|
00002984
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 2d c8 a6  |@^@^A^@^@^@^C-..|
00002980  4d 2d 5e 56                                       |M-^V|
00002984
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 29 de fa  |@^@^A^@^@^@^C)..|
00002980  60                                                |`|
00002981
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 33 76 cd  |@^@^A^@^@^@^C3v.|
00002980  4d 2d 5e 5d                                       |M-^]|
00002984
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 42 b5  |@^@^A^@^@^@^C^B.|
00002980  cc bb                                             |..|
00002982
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 5e 45 2a  |@^@^A^@^@^@^C^E*|
00002980  4d 2d 5e 49 4d 2d 5e 46                           |M-^IM-^F|
00002988
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 31 4d 4d  |@^@^A^@^@^@^C1MM|
00002980  2d 5e 5d 48                                       |-^]H|
00002984
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 26 3d 4d  |@^@^A^@^@^@^C&=M|
00002980  2d 5e 42 35                                       |-^B5|
00002984
--------------------
Mon Jul 15 12:16:07 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 34 4d 2d  |@^@^A^@^@^@^C4M-|
00002980  5e 42 5e 54 4d 2d 5e 49                           |^B^TM-^I|
00002988
--------------------
Mon Jul 15 12:16:08 CDT 2019
--------------------
00002930  20 63 6f 64 65 3a 20 31  39 20 28 73 65 6c 66 20  | code: 19 (self |
00002940  73 69 67 6e 65 64 20 63  65 72 74 69 66 69 63 61  |signed certifica|
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a           |e chain).---.|
0000296d
--------------------
Mon Jul 15 12:16:08 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 3f a0 35  |@^@^A^@^@^@^C?.5|
00002980  b7                                                |.|
00002981
--------------------
Mon Jul 15 12:16:08 CDT 2019
--------------------
00002950  74 65 20 69 6e 20 63 65  72 74 69 66 69 63 61 74  |te in certificat|
00002960  65 20 63 68 61 69 6e 29  0a 2d 2d 2d 0a 5e 40 5e  |e chain).---.^@^|
00002970  40 5e 40 5e 41 5e 40 5e  40 5e 40 5e 43 3a 42 48  |@^@^A^@^@^@^C:BH|
00002980  09                                                |.|
00002981
--------------------

As you can see, multiple runs of the same command within the same second, do actually generate different unprintable characters at the end, and sometimes don't generate any unprintable characters at the end.

Note that this is not a case of stderr and stdout both being piped to the hexdump -C command. For this script, I sent stderr to /dev/null, to help clean up the output. Those unprintable characters really are coming from the stdout of the openssl s_client command.

EDIT: Note that this script is using your ~/src/git/testssl.sh/bin/openssl.Darwin.x86_64 binary that you include with the testssl.sh package.

In case you're curious, here's the SHA-1 hash of that file:

$ sha1sum ~/src/git/testssl.sh/bin/openssl.Darwin.x86_64
c3bc0b7682e3d7a9454dfdedba9cc2f348a7b39f  /Users/brad.knowles/src/git/testssl.sh/bin/openssl.Darwin.x86_64
bknowles commented 5 years ago

And here's a Linux host doing exactly the same thing as my Mac, when hitting the same problematic target:

====================
OpenSSL 1.0.2k-fips  26 Jan 2017
====================
Mon Jul 15 21:01:56 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 42 4d 2d 3b 4d 2d  41 4d 2d 41              |C^BM-;M-AM-A|
00002b4c
--------------------
Mon Jul 15 21:01:56 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 35 0a 4d 2d 62 38                              |C5.M-b8|
00002b47
--------------------
Mon Jul 15 21:01:57 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 5c 37 28 4d 2d 5e  52                       |C^\7(M-^R|
00002b49
--------------------
Mon Jul 15 21:01:57 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 5f 4d 2d 5e 59 28  5e 5a                    |C^_M-^Y(^Z|
00002b4a
--------------------
Mon Jul 15 21:01:57 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 29 4d 2d 5e 4d 2d 51  2d                       |C)M-^M-Q-|
00002b49
--------------------
Mon Jul 15 21:01:57 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 22 4d 2d 5e 49 75 4d  2d 5e                    |C"M-^IuM-^|
00002b4a
--------------------
Mon Jul 15 21:01:58 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 39 4d 2d 31 4d 2d 2c  4a                       |C9M-1M-,J|
00002b49
--------------------
Mon Jul 15 21:01:58 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 44 4c 5e 4f 4d 2d  3c                       |C^DL^OM-<|
00002b49
--------------------
Mon Jul 15 21:01:58 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 21 4d 2d 22 21 78                              |C!M-"!x|
00002b47
--------------------
Mon Jul 15 21:01:58 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 4c 5e 57 4d 2d 5e  42 6d                    |C^L^WM-^Bm|
00002b4a
--------------------
Mon Jul 15 21:01:59 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 38 4d 2d 5e 4b 4d 2d  22 4d 2d 5e 5a           |C8M-^KM-"M-^Z|
00002b4d
--------------------
Mon Jul 15 21:01:59 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 4f 4d 2d 5e 4d 2d  38 4d 2d 26              |C^OM-^M-8M-&|
00002b4c
--------------------
Mon Jul 15 21:01:59 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 50 4d 2d 43 2d 5c                           |C^PM-C-\|
00002b48
--------------------
Mon Jul 15 21:01:59 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 2e 6c 5e 4b 4d 2d 5e  45                       |C.l^KM-^E|
00002b49
--------------------
Mon Jul 15 21:02:00 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 4f 4d 2d 39 39 5e  3f                       |C^OM-99^?|
00002b49
--------------------
Mon Jul 15 21:02:00 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 51 4d 2d 32 5e 39                           |C^QM-2^9|
00002b48
--------------------
Mon Jul 15 21:02:00 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 40 62 28 69                                 |C^@b(i|
00002b46
--------------------
Mon Jul 15 21:02:00 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 5e 5e 4d 2d 5e 4d 63  4d 2d 24                 |C^^M-^McM-$|
00002b4b
--------------------
Mon Jul 15 21:02:01 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 29 78 24 4d 2d 2c                              |C)x$M-,|
00002b47
--------------------
Mon Jul 15 21:02:01 UTC 2019
--------------------
00002b10  66 69 63 61 74 65 20 69  6e 20 63 65 72 74 69 66  |ficate in certif|
00002b20  69 63 61 74 65 20 63 68  61 69 6e 29 0a 2d 2d 2d  |icate chain).---|
00002b30  0a 5e 40 5e 40 5e 40 5e  41 5e 40 5e 40 5e 40 5e  |.^@^@^@^A^@^@^@^|
00002b40  43 34 50 4d 2d 6b 4d 2d  5e 57                    |C4PM-kM-^W|
00002b4a
--------------------

FWIW, here's more information about this machine:

$ uname -a
Linux ip-10-9-84-17 4.9.85-38.58.amzn1.x86_64 #1 SMP Wed Mar 14 01:17:26 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ cat /etc/os-release 
NAME="Amazon Linux AMI"
VERSION="2017.09"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2017.09"
PRETTY_NAME="Amazon Linux AMI 2017.09"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2017.09:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"
bknowles commented 5 years ago

And for that Linux host, here's the details on the openssl package that is installed:

$ yum info openssl
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.2k
Release     : 16.150.amzn1
Size        : 3.8 M
Repo        : installed
From repo   : amzn-updates
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.
bknowles commented 5 years ago

I had a thought that this issue might be specific to OpenSSL 1.0.2, so I had a go at building 1.1.1c on my laptop. Unfortunately, it displays the same problem:

====================
OpenSSL 1.1.1c  28 May 2019
====================
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  3f fa 49 2e              |^@^@^@^C?.I.|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 42 fe 4d 2d 5e 52 6b  |^@^@^@^C^B.M-^Rk|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 4c 68 3d 78           |^@^@^@^C^Lh=x|
00002c8d
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  38 77 7d 6f              |^@^@^@^C8w}o|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  27 c6 2e fa              |^@^@^@^C'...|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  3b f6 76 45              |^@^@^@^C;.vE|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  38 4d 2d 5e 49 af ae     |^@^@^@^C8M-^I..|
00002c8f
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  24 48 63 4d 2d 5e 42     |^@^@^@^C$HcM-^B|
00002c8f
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  2c 26 5e bd              |^@^@^@^C,&^.|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 44 aa 5b 4d 2d 5e 5b  |^@^@^@^C^D.[M-^[|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 58 d8 d9 3c           |^@^@^@^C^X..<|
00002c8d
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  25 a2 be ee              |^@^@^@^C%...|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c40  6e 20 63 65 72 74 69 66  69 63 61 74 65 20 63 68  |n certificate ch|
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a                           | no.---.|
00002c78
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  2b b9 4d 2d 5e 40 5e 5d  |^@^@^@^C+.M-^@^]|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  37 5e 5c 4d 2d 5e 5e fb  |^@^@^@^C7^\M-^^.|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  37 b0 76 cd              |^@^@^@^C7.v.|
00002c8c
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  2b 5f 4d 2d 5e 4e 5e 43  |^@^@^@^C+_M-^N^C|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  3c 3c 5e 48 d9           |^@^@^@^C<<^H.|
00002c8d
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 47 c6 4d 2d 5e 55 a6  |^@^@^@^C^G.M-^U.|
00002c90
--------------------
Mon Jul 15 17:44:59 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  21 73 5e 4f d6           |^@^@^@^C!s^O.|
00002c8d
--------------------

And here's another run:

====================
OpenSSL 1.1.1c  28 May 2019
====================
Mon Jul 15 17:47:18 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  36 4d 2d 5e 43 f7 7c     |^@^@^@^C6M-^C.||
00002c8f
--------------------
Mon Jul 15 17:47:18 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 50 c4 3e 5e 57        |^@^@^@^C^P.>^W|
00002c8e
--------------------
Mon Jul 15 17:47:18 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 47 a7 5e 52 74        |^@^@^@^C^G.^Rt|
00002c8e
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  39 d2 65 54              |^@^@^@^C9.eT|
00002c8c
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 57 5e 41 5e 4f 5e 3f  |^@^@^@^C^W^A^O^?|
00002c90
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 52 78 72 dd           |^@^@^@^C^Rxr.|
00002c8d
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 4b 5e 54 cf c0        |^@^@^@^C^K^T..|
00002c8e
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  23 eb 70 5e 54           |^@^@^@^C#.p^T|
00002c8d
--------------------
Mon Jul 15 17:47:19 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 44 4d 2d 5e 58 33 5b  |^@^@^@^C^DM-^X3[|
00002c90
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c40  6e 20 63 65 72 74 69 66  69 63 61 74 65 20 63 68  |n certificate ch|
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a                           | no.---.|
00002c78
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  3c 4d 2d 5e 55 de 2a     |^@^@^@^C<M-^U.*|
00002c8f
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  3c fa a3 5e 42           |^@^@^@^C<..^B|
00002c8d
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  34 4d 2d 5e 52 5e 4c e5  |^@^@^@^C4M-^R^L.|
00002c90
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  26 35 c7 41              |^@^@^@^C&5.A|
00002c8c
--------------------
Mon Jul 15 17:47:20 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  23 fd 4d 2d 5e 58 76     |^@^@^@^C#.M-^Xv|
00002c8f
--------------------
Mon Jul 15 17:47:21 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 42 7d c0 5e 4e        |^@^@^@^C^B}.^N|
00002c8e
--------------------
Mon Jul 15 17:47:21 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 4e 24 e1 7d           |^@^@^@^C^N$.}|
00002c8d
--------------------
Mon Jul 15 17:47:21 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  5e 5e 73 a9 57           |^@^@^@^C^^s.W|
00002c8d
--------------------
Mon Jul 15 17:47:21 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  31 7a e7 7c              |^@^@^@^C1z.||
00002c8c
--------------------
Mon Jul 15 17:47:21 CDT 2019
--------------------
00002c50  61 69 6e 29 0a 20 20 20  20 45 78 74 65 6e 64 65  |ain).    Extende|
00002c60  64 20 6d 61 73 74 65 72  20 73 65 63 72 65 74 3a  |d master secret:|
00002c70  20 6e 6f 0a 2d 2d 2d 0a  5e 40 5e 40 5e 40 5e 41  | no.---.^@^@^@^A|
00002c80  5e 40 5e 40 5e 40 5e 43  2a c9 e1 b1              |^@^@^@^C*...|
00002c8c
--------------------
bknowles commented 5 years ago

Note that LibreSSL also does the same thing:

====================
LibreSSL 2.6.5
====================
Mon Jul 15 19:05:44 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 31 fa 5a 27                              |@^C1.Z'|
000028f7
--------------------
Mon Jul 15 19:05:44 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 43 4d 2d 5e  5f 5f f9                 |@^C^CM-^__.|
000028fb
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 31 4d 2d 5e 52  3c 29                    |@^C1M-^R<)|
000028fa
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 2f c7 2c 4d 2d  5e 54                    |@^C/.,M-^T|
000028fa
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 35 ae 74 f1                              |@^C5.t.|
000028f7
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 5f 5e 58 60  50                       |@^C^_^X`P|
000028f9
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 21 4d 2d 5e 5d  d5 4d 2d 5e 49           |@^C!M-^].M-^I|
000028fd
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 20 4d 2d 5e 45  f7 bb                    |@^C M-^E..|
000028fa
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 58 63 bb 79                           |@^C^Xc.y|
000028f8
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 50 c8 aa 6c                           |@^C^P..l|
000028f8
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 48 b1 da 6e                           |@^C^H..n|
000028f8
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 35 49 62 e6                              |@^C5Ib.|
000028f7
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 42 25 50 5f                           |@^C^B%P_|
000028f8
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 21 3e 5e 40 de                           |@^C!>^@.|
000028f8
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 0a a1 2b 7c                              |@^C..+||
000028f7
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 3a 6a a0 4d 2d  5e 5b                    |@^C:j.M-^[|
000028fa
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 2b a0 60 ea                              |@^C+.`.|
000028f7
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 5d 4d 2d 5e  43 4d 2d 5e 5b 5e 53     |@^C^]M-^CM-^[^S|
000028ff
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 2e e8 4d 2d 5e  40 58                    |@^C..M-^@X|
000028fa
--------------------
Mon Jul 15 19:05:45 CDT 2019
--------------------
000028c0  74 69 66 69 63 61 74 65  20 69 6e 20 63 65 72 74  |tificate in cert|
000028d0  69 66 69 63 61 74 65 20  63 68 61 69 6e 29 0a 2d  |ificate chain).-|
000028e0  2d 2d 0a 5e 40 5e 40 5e  40 5e 41 5e 40 5e 40 5e  |--.^@^@^@^A^@^@^|
000028f0  40 5e 43 5e 47 fa a7 f8                           |@^C^G...|
000028f8
--------------------

So, this is a bug or problem that is not unique to OpenSSL 1.0.2 through 1.1.1.

I wonder what other OpenSSL-replacement type libraries also provide this kind of functionality, and could be tested?

bknowles commented 5 years ago

Meanwhile, TIBCO tells us that they haven't tested their software with SSL certs that have SANs, and don't officially support using certs with SANs: https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-38336

Sigh....

dcooper16 commented 5 years ago

Meanwhile, TIBCO tells us that they haven't tested their software with SSL certs that have SANs, and don't officially support using certs with SANs: https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-38336

Interesting. According to https://www.digicert.com/subject-alternative-name-compatibility.htm, major browsers have supported SANs for over 15 years, and for the past couple of years Chrome and Firefox won't accept with certificates that do not include SANs:

bknowles commented 5 years ago

Interesting. According to https://www.digicert.com/subject-alternative-name-compatibility.htm, major browsers have supported SANs for over 15 years, and for the past couple of years Chrome and Firefox won't accept with certificates that do not include SANs:

That's very interesting to know! I will make sure to pass this on to the rest of our team.

Thanks!

drwetter commented 5 years ago

You should have noticed a warning from testssl.sh too if it's a CN-only certificate.

But from what I can't tell (currently using my phone only) it doesn't look the certificate itself is the culprit. It comes later. Doubt that are the oids but would be happy to have a look at it myself.

For sure it's not a client side issue.

Is the server eposed -- Sent from my mobile. Excuse my brevity&typos+the phone's autocorrection

bknowles commented 5 years ago

But from what I can't tell (currently using my phone only) it doesn't look the certificate itself is the culprit. It comes later.

Yeah, makes sense.

Doubt that are the oids but would be happy to have a look at it myself.

I've never seen anything with these oids before, but I will defer to your experience.

For sure it's not a client side issue. Is the server eposed

The server has a private RFC-1918 IP address in the 10.* network. And it is well firewalled off from the outside world. Even the hostname it is using is an internal-only name that is in an internal-only zone in a TLD that is not publicly valid.

So, I'm pretty sure there's no way you can hit this particular machine yourself.