Closed jumaffre closed 4 years ago
Ran https://github.com/drwetter/testssl.sh against the starting CCF node. Results below (hard to read without colours, I've <<<<<
the 5 lines that show up in red/amber). I don't think there's anything to worry about here.
$ ./testssl.sh --full --add-ca networkcert.pem 127.25.131.82:57516
###########################################################
testssl.sh 3.1dev from https://testssl.sh/dev/
(b0cce84 2020-02-10 20:45:16 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
###########################################################
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on jumaffre:./bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2020-02-12 15:24:09 -->> 127.25.131.82:57516 (127.25.131.82) <<--
rDNS (127.25.131.82): --
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing for server implementation bugs
No bugs found.
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsolete: SEED + 128+256 Bit CBC cipher not offered
Strong encryption (AEAD ciphers) offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK) ECDHE-ECDSA-AES128-GCM-SHA256
Elliptic curves offered: secp384r1 secp521r1 brainpoolP512r1
Testing server preferences
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Cipher order
TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11"
"max fragment length/#1" "extended master secret/#23"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: no
TLS clock skew -1 sec from localtime
Signature Algorithm ECDSA with SHA384
Server key size EC 384 bits
Server key usage --
Server extended key usage --
Serial / Fingerprints 4A389B0B457117550BE5EE4EB6E6C617 / SHA1 1D974F6E357835171A72B75BB70F93E679FA515C
SHA256 B7DA99D95861DC936CBCF92B1D494A2A7934DA1401F10E477ECEE38DF4D8BDF3
Common Name (CN) CCF node 0
subjectAltName (SAN) 127.25.131.82
Issuer CCF Network
Trust (hostname) Ok via SAN
Chain of trust Ok
EV cert (experimental) no
ETS/"eTLS", visibility info not present
Certificate Validity (UTC) 688 >= 60 days (2019-11-01 00:00 --> 2021-12-31 23:59)
# of certificates provided 1
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided <<<<<<< RED
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered <<<<<<< AMBER
Certificate Transparency --
Testing HTTP header response @ "/"
HTTP Status Code 400 Bad Request (Hint: better try another URL)
HTTP clock skew Got no HTTP time, maybe try different URL?
Strict Transport Security not offered <<<<<< AMBER
Public Key Pinning --
Server banner (no "Server" line in header, interesting!)
Application banner --
Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
Security headers -- <<<<<< AMBER
Reverse Proxy banner -- <<<<<< AMBER
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.3
Running client simulations (HTTP) via sockets
Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 7.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 9.0 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 10.0 (native) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 74 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 79 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 66 (Win 8.1/10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Firefox 71 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Edge 17 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Opera 66 (Win 10) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Safari 12.1 (iOS 12.2) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Safari 13.0 (macOS 10.14.6) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Java 11.0.2 (OpenJDK) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Java 12.0.1 (OpenJDK) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
OpenSSL 1.1.1d (Debian) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Thunderbird (68.3) TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Done 2020-02-12 15:25:00 [ 53s] -->> 127.25.131.82:57516 (127.25.131.82) <<--
Closing this. Will set this up in the nightly build as part of #832
OWASP lists some tools that can be used to test the security of TLS (see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md#test-the-server-configuration).
We should investigate and run some of them against CCF nodes to make sure that TLS connections are 100% secure.