thecky
commented
7 years ago Hi Dirk,
do you have an example host for #621 and #622?
Thomas
Closed drwetter closed 7 years ago
thecky
commented
7 years ago Hi Dirk,
do you have an example host for #621 and #622?
Thomas
drwetter
commented
7 years ago Good point :-) Internal unfortunately...
./testssl.sh -q -e -W -L -t smtp XXXXX:25
[..]
Service set: STARTTLS via SMTP
Testing vulnerabilities
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
LUCKY13 (CVE-2013-0169) not vulnerable (OK)
Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
xc019 AECDH-AES256-SHA ECDH 256 AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
x3a ADH-AES256-SHA DH 1024 AES 256 TLS_DH_anon_WITH_AES_256_CBC_SHA
x89 ADH-CAMELLIA256-SHA DH 1024 Camellia 256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x9a DHE-RSA-SEED-SHA DH 1024 SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA
x45 DHE-RSA-CAMELLIA128-SHA DH 1024 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
xc018 AECDH-AES128-SHA ECDH 256 AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
x34 ADH-AES128-SHA DH 1024 AES 128 TLS_DH_anon_WITH_AES_128_CBC_SHA
x9b ADH-SEED-SHA DH 1024 SEED 128 TLS_DH_anon_WITH_SEED_CBC_SHA
x46 ADH-CAMELLIA128-SHA DH 1024 Camellia 128 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
xc011 ECDHE-RSA-RC4-SHA ECDH 256 RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA
xc016 AECDH-RC4-SHA ECDH 256 RC4 128 TLS_ECDH_anon_WITH_RC4_128_SHA
x18 ADH-RC4-MD5 DH 1024 RC4 128 TLS_DH_anon_WITH_RC4_128_MD5
x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
x16 EDH-RSA-DES-CBC3-SHA DH 1024 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
xc017 AECDH-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
x1b ADH-DES-CBC3-SHA DH 1024 3DES 168 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
x15 EDH-RSA-DES-CBC-SHA DH 1024 DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA
x1a ADH-DES-CBC-SHA DH 1024 DES 56 TLS_DH_anon_WITH_DES_CBC_SHA
x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA
x14 EXP-EDH-RSA-DES-CBC-SHA DH(512) DES 40,exp TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
[..]
prompt % ./testssl.sh -q --ssl-native -W -L -t smtp XXXX:25
[..]
Service set: STARTTLS via SMTP
Testing vulnerabilities
SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers
LUCKY13 (CVE-2013-0169) VULNERABLE, uses cipher block chaining (CBC) ciphers
haven't that spotted in the wild yet -- not that I tried very hard
dcooper16
commented
7 years ago Hi @drwetter ,
I just took a look at run_sweet32() and run_lucky13(), and I noticed an error in them that may be the reason for the false negative.
In both of them, the code looks something like this:
if "$using_sockets"; then
tls_sockets "03" "${sweet32_ciphers_hex}"
sclient_success=$?
else
...
fi
if [[ $sclient_success -eq 0 ]]; then
...If tls_sockets() was successful, but the server downgraded to TLSv1.1, TLSv1, or SSLv3, then it would return 2, not 0, and the code doesn't check for $sclient_success -eq 2. I don't see any TLSv1.2-only cipher suites in the list above, which suggests that this server may not support TLSv1.2
drwetter
commented
7 years ago oops ;-/
I was testing a server (SMTP) and it offers 3DES as well as CBC ciphers. With
--ssl-nativethe results are as expected.