Hang on testing non-TLS HTTP port 80

AndreyMZ commented 1 year ago

Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch

> docker run --rm drwetter/testssl.sh:latest -v | grep from
    testssl.sh       3.2rc2 from https://testssl.sh/dev/

Before you open an issue please whether this is a known problem by searching the issues

Couldn't find anything related by the search phrase "server hello empty".

Command line / docker command to reproduce

> docker run --rm drwetter/testssl.sh:latest --debug=2 -- www.example.com:80
We provide our own openssl.cnf file as the one from your system cannot be used

###########################################################
    testssl.sh       3.2rc2 from https://testssl.sh/dev/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-bad (1.0.2k-dev)" [~183 ciphers]
 on 3794d44175ec:/home/testssl/bin/openssl.Linux.x86_64
 (built: "Sep  1 14:03:44 2022", platform: "linux-x86_64")

www.example.com:80
URL_PATH: /
 Start 2023-05-30 20:16:05                -->> 93.184.216.34:80 (www.example.com) <<--

 Further IP addresses:   2606:2800:220:1:248:1893:25c8:1946
 rDNS (93.184.216.34):   --

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (37 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (37 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (31 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (28 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.

  (133 lines returned)
sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (28 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (28 lines returned)

sending client hello... sending client hello... reading server hello...
Content type other than alert, handshake, change cipher spec, or application data detected.
  (28 lines returned)
sending client hello... reading server hello...
server hello empty

Expected behavior

No hang. Terminating with the message like

 93.184.216.34:80 doesn't seem to be a TLS/SSL enabled server

Your system

Official docker image.

Additional context

I haven't experienced such problem if the HTTP port is not standard 80, but e.g. 8080.

drwetter commented 1 year ago

I can't reproduce that

AndreyMZ commented 1 year ago

Ok, that means that the problem only appears in some environments, and it is not so easy to reproduce. But why have you closed the issue?

In my environment the execution flow goes to testssl.sh#L12129:

          debugme echo "server hello empty"

In your environment it goes to testssl.sh#L12159:

                    echo "no correct server hello"

The bifurcation is here: testssl.sh#L12127

     if [[ -z "$v2_hello_ascii" ]]; then

It remains to figure out how to reliably direct the execution flow to the first branch.

drwetter commented 1 year ago

Ok, that means that the problem only appears in some environments, and it is not so easy to reproduce

I used the same docker image.

drwetter commented 1 year ago

Can you use testssl.sh:80 as a target?

Not sure why the return code indicates "success" when the SSLv2 ServerHello is empty. There maybe a reason, or not.

AndreyMZ commented 1 year ago

For me it is consistently reproduced with testssl.sh:80.

Output

~~~ > docker pull drwetter/testssl.sh:latest latest: Pulling from drwetter/testssl.sh Digest: sha256:34ab5e68061d3e467b11471af122c9695a8f07277070a6913c083033f7394432 Status: Image is up to date for drwetter/testssl.sh:latest docker.io/drwetter/testssl.sh:latest > docker run --rm drwetter/testssl.sh:latest --debug=2 -- testssl.sh:80 We provide our own openssl.cnf file as the one from your system cannot be used ########################################################### testssl.sh 3.2rc2 from https://testssl.sh/dev/ This program is free software. Distribution and modification under GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Please file bugs @ https://testssl.sh/bugs/ ########################################################### Using "OpenSSL 1.0.2-bad (1.0.2k-dev)" [~183 ciphers] on bc363126a0b1:/home/testssl/bin/openssl.Linux.x86_64 (built: "Sep 1 14:03:44 2022", platform: "linux-x86_64") testssl.sh:80 URL_PATH: / Start 2023-06-02 22:53:15 -->> 81.169.166.184:80 (testssl.sh) <<-- Further IP addresses: 2a01:238:4308:a920:1000:0:e571:51 rDNS (81.169.166.184): -- sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (37 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (37 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (31 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (28 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (106 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (28 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (28 lines returned) sending client hello... sending client hello... reading server hello... Content type other than alert, handshake, change cipher spec, or application data detected. (28 lines returned) sending client hello... reading server hello... server hello empty ~~~

drwetter commented 1 year ago

Ok, thanks.

Not trying to blame your environment but I am curious what your host and docker version is like?

AndreyMZ commented 1 year ago

No problem, here they are.

Windows 10 Pro, version 22H2, OS build 19045.2965.
Docker Desktop 4.19.0 (106363).
Docker version 23.0.5, build bc4487a

drwetter commented 1 year ago

I believe for some reason in sslv2_sockets() your setup ends up with an empty SOCK_REPLY_FILE but I don't get why.

Is that possible for you to pull the container and insert set -x in the beginning of the function and a set +x before close_socket 5, running it against e.g. testssl.sh:80 and and sending me the output?

AndreyMZ commented 1 year ago

Here it is: output.txt

drwetter commented 1 year ago

Sorry for the delay.

Thanks for the feedback! Status was not as enlightening as I hoped: For some reason the data buffer which is being read is empty -- in your case. On Mac and Linux it is not (Linux also tested w docker).

drwetter / testssl.sh