Open floatingatoll opened 9 years ago
that basically should be handled as another column in the text output - if it is the same for all ciphers, put it below on a single line, otherwise leave in
This can't be done simply per-cipher because some servers emit different certificates based not ONLY on cipher, but ALSO on TLS version.
can you provide example of such server?
I'm afraid that this is because you're looking at SSLv3 and you're getting a default host certificate instead of the SNI host certificate
I cannot at this time, but will do so when permitted to share that information publicly.
It is not due to SNI, but is instead the result of an intentionally designed implementation.
On Sep 19, 2015, at 02:13, Hubert Kario notifications@github.com wrote:
can you provide example of such server?
I'm afraid that this is because you're looking at SSLv3 and you're getting a default host certificate instead of the SNI host certificate
— Reply to this email directly or view it on GitHub.
And this is what the output currently looks like:
$ ./cipherscan jve.linuxwall.info
............................
Target: jve.linuxwall.info:443
prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple pfs curves curves_ordering
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
3 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
6 ECDHE-RSA-AES128-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
8 ECDHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
9 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
10 DHE-RSA-AES128-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
11 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
12 DHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
13 ECDHE-RSA-DES-CBC3-SHA SSLv3 2048 sha1WithRSAEncryption True None False ECDH,P-256,256bits server
14 AES128-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
15 AES256-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
16 DES-CBC3-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
17 DHE-RSA-CAMELLIA256-SHA SSLv3 2048 sha1WithRSAEncryption True None False DH,1024bits None server
18 CAMELLIA256-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
19 DHE-RSA-CAMELLIA128-SHA SSLv3 2048 sha1WithRSAEncryption True None False DH,1024bits None server
20 CAMELLIA128-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
TLS Tolerance: yes
Which is wrong, because based on my setup, SSLv3 will use a sha1WithRSAEncryption signature, not sha256 as is currently announced.
Julien fixed the server configuration and this code now reports for me the 'correct' result, insofar as it accurately represents my intentions at the time of the patch:
Target: jve.linuxwall.info:443
prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple pfs curves curves_ordering
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
3 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
6 ECDHE-RSA-AES128-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption True None,300,300 False ECDH,P-256,256bits prime256v1 server
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 300 False ECDH,P-256,256bits prime256v1 server
8 ECDHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption True None,300,300 False ECDH,P-256,256bits prime256v1 server
9 DHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
10 DHE-RSA-AES128-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption True None,300,300 False DH,1024bits;DH,2048bits;DH,2048bits None server
11 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 300 False DH,2048bits None server
12 DHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption True None,300,300 False DH,1024bits;DH,2048bits;DH,2048bits None server
13 ECDHE-RSA-DES-CBC3-SHA SSLv3 2048 sha1WithRSAEncryption True None False ECDH,P-256,256bits server
14 AES128-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
15 AES256-SHA SSLv3 2048 sha1WithRSAEncryption True None False None None server
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
TLS Tolerance: yes
I'm not sure where CAMELLIA went, though.
For comparison, here's the baseline cipherscan output, reporting sha256 for all protocols and failing entirely to report the SSLv3-only protocols:
Target: jve.linuxwall.info:443
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
3 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,2048bits None
4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,2048bits None
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
6 ECDHE-RSA-AES128-SHA SSLv3,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
8 ECDHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,2048bits None
10 DHE-RSA-AES128-SHA TLSv1.1,TLSv1.2 DH,2048bits None
11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,2048bits None
12 DHE-RSA-AES256-SHA SSLv3,TLSv1.1,TLSv1.2 DH,2048bits None
Currently in the non-JSON output, we summarize at the end of the results the "most recently witnessed" signature algorithm. We need an option to view the signature algorithm for each cipher tested, to handle circumstances where the presented certificate varies based on the selected cipher.