mozilla / cipherscan

A very simple way to find out which SSL ciphersuites are supported by a target.
Mozilla Public License 2.0
1.97k stars 266 forks source link

Show signature algorithm for each cipher #84

Open floatingatoll opened 9 years ago

floatingatoll commented 9 years ago

Currently in the non-JSON output, we summarize at the end of the results the "most recently witnessed" signature algorithm. We need an option to view the signature algorithm for each cipher tested, to handle circumstances where the presented certificate varies based on the selected cipher.

tomato42 commented 9 years ago

that basically should be handled as another column in the text output - if it is the same for all ciphers, put it below on a single line, otherwise leave in

floatingatoll commented 9 years ago

This can't be done simply per-cipher because some servers emit different certificates based not ONLY on cipher, but ALSO on TLS version.

tomato42 commented 9 years ago

can you provide example of such server?

I'm afraid that this is because you're looking at SSLv3 and you're getting a default host certificate instead of the SNI host certificate

floatingatoll commented 9 years ago

I cannot at this time, but will do so when permitted to share that information publicly.

It is not due to SNI, but is instead the result of an intentionally designed implementation.

On Sep 19, 2015, at 02:13, Hubert Kario notifications@github.com wrote:

can you provide example of such server?

I'm afraid that this is because you're looking at SSLv3 and you're getting a default host certificate instead of the SNI host certificate

— Reply to this email directly or view it on GitHub.

jvehent commented 9 years ago

https://jve.linuxwall.info/blog/index.php?post/2015/10/04/SHA1/SHA256-certificate-switching-with-HAProxy

jvehent commented 9 years ago

And this is what the output currently looks like:

$ ./cipherscan jve.linuxwall.info
............................
Target: jve.linuxwall.info:443

prio  ciphersuite                  protocols              pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  pfs                 curves      curves_ordering
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server
4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server
5     ECDHE-RSA-AES128-SHA256      TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
6     ECDHE-RSA-AES128-SHA         SSLv3,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
7     ECDHE-RSA-AES256-SHA384      TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
8     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     300          False        ECDH,P-256,256bits  prime256v1  server
9     DHE-RSA-AES128-SHA256        TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server
10    DHE-RSA-AES128-SHA           SSLv3,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server
11    DHE-RSA-AES256-SHA256        TLSv1.2                2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server                                                                                      
12    DHE-RSA-AES256-SHA           SSLv3,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     300          False        DH,2048bits         None        server                                                                                      
13    ECDHE-RSA-DES-CBC3-SHA       SSLv3                  2048         sha1WithRSAEncryption    True     None         False        ECDH,P-256,256bits  server                                                                                                  
14    AES128-SHA                   SSLv3                  2048         sha1WithRSAEncryption    True     None         False        None                None        server                                                                                      
15    AES256-SHA                   SSLv3                  2048         sha1WithRSAEncryption    True     None         False        None                None        server                                                                                      
16    DES-CBC3-SHA                 SSLv3                  2048         sha1WithRSAEncryption    True     None         False        None                None        server                                                                                      
17    DHE-RSA-CAMELLIA256-SHA      SSLv3                  2048         sha1WithRSAEncryption    True     None         False        DH,1024bits         None        server                                                                                      
18    CAMELLIA256-SHA              SSLv3                  2048         sha1WithRSAEncryption    True     None         False        None                None        server                                                                                      
19    DHE-RSA-CAMELLIA128-SHA      SSLv3                  2048         sha1WithRSAEncryption    True     None         False        DH,1024bits         None        server                                                                                      
20    CAMELLIA128-SHA              SSLv3                  2048         sha1WithRSAEncryption    True     None         False        None                None        server                                                                                      

OCSP stapling: not supported                                                                                                                                                                                                                                   
Cipher ordering: server                                                                                                                                                                                                                                        
Curves ordering: server - fallback: no                                                                                                                                                                                                                         
TLS Tolerance: yes

Which is wrong, because based on my setup, SSLv3 will use a sha1WithRSAEncryption signature, not sha256 as is currently announced.

floatingatoll commented 9 years ago

Julien fixed the server configuration and this code now reports for me the 'correct' result, insofar as it accurately represents my intentions at the time of the patch:

Target: jve.linuxwall.info:443

prio  ciphersuite                  protocols              pubkey_size  signature_algoritm                                                     trusted  ticket_hint   ocsp_staple  pfs                                  curves      curves_ordering
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        ECDH,P-256,256bits                   prime256v1  server
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        ECDH,P-256,256bits                   prime256v1  server
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        DH,2048bits                          None        server
4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        DH,2048bits                          None        server
5     ECDHE-RSA-AES128-SHA256      TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        ECDH,P-256,256bits                   prime256v1  server
6     ECDHE-RSA-AES128-SHA         SSLv3,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption  True     None,300,300  False        ECDH,P-256,256bits                   prime256v1  server
7     ECDHE-RSA-AES256-SHA384      TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        ECDH,P-256,256bits                   prime256v1  server
8     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption  True     None,300,300  False        ECDH,P-256,256bits                   prime256v1  server
9     DHE-RSA-AES128-SHA256        TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        DH,2048bits                          None        server
10    DHE-RSA-AES128-SHA           SSLv3,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption  True     None,300,300  False        DH,1024bits;DH,2048bits;DH,2048bits  None        server
11    DHE-RSA-AES256-SHA256        TLSv1.2                2048         sha256WithRSAEncryption                                                True     300           False        DH,2048bits                          None        server
12    DHE-RSA-AES256-SHA           SSLv3,TLSv1.1,TLSv1.2  2048         sha1WithRSAEncryption,sha256WithRSAEncryption,sha256WithRSAEncryption  True     None,300,300  False        DH,1024bits;DH,2048bits;DH,2048bits  None        server
13    ECDHE-RSA-DES-CBC3-SHA       SSLv3                  2048         sha1WithRSAEncryption                                                  True     None          False        ECDH,P-256,256bits                   server
14    AES128-SHA                   SSLv3                  2048         sha1WithRSAEncryption                                                  True     None          False        None                                 None        server
15    AES256-SHA                   SSLv3                  2048         sha1WithRSAEncryption                                                  True     None          False        None                                 None        server

OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
TLS Tolerance: yes
floatingatoll commented 9 years ago

I'm not sure where CAMELLIA went, though.

floatingatoll commented 9 years ago

For comparison, here's the baseline cipherscan output, reporting sha256 for all protocols and failing entirely to report the SSLv3-only protocols:

Target: jve.linuxwall.info:443

prio  ciphersuite                  protocols              pfs                 curves
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits         None
4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits         None
5     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
6     ECDHE-RSA-AES128-SHA         SSLv3,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
7     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
8     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
9     DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits         None
10    DHE-RSA-AES128-SHA           TLSv1.1,TLSv1.2        DH,2048bits         None
11    DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits         None
12    DHE-RSA-AES256-SHA           SSLv3,TLSv1.1,TLSv1.2  DH,2048bits         None