Issue in TLS 1.3 custom ciphersuites order

prbinu / tls-scan

An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

https://prbinu.github.io/tls-scan

Other

283 stars 54 forks source link

Issue in TLS 1.3 custom ciphersuites order #21

Closed ealashwali closed 5 years ago

ealashwali commented 5 years ago

I noticed that in TLS 1.3,tls-scan has issue in the ciphersuites order. It is not sent in the same order as I make it in the command. The ciphersuites order matters in TLS and I need the ciphersuites to be sent on the wire in the same order I make in the command. I hope there is a fix for the issue.

The command ./tls-scan --infile=input.csv --port=443 --cacert=../../../../../etc/ssl/certs/ca-certificates.crt --ciphers="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" --outfile=output.json

The issue: What is actually sent in the client hello (using packet analyser) is the following order:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

The swapped ciphersuites positions are not fixed. In another example, I tried another longer list and the first ciphersuites was in the right position, but it just swapped the second and third. This behaviour is newly introduced with the TLS 1.3 supporting version. The old one was sent in the right order.

prbinu commented 5 years ago

I did not make any change to the existing behavior, so it should be same.

BTW, see this from the ./tls-scan --help:

 -C  --ciphers=<arg>      Ciphers to use; try 'openssl ciphers' to see all.
                           NOTE: overwritten by --ssl2, --ssl3, --tls1
                           --tls1_1, --tls1_2, --tls1_3 options (if provided)
                           https://www.openssl.org/docs/man1.0.1/apps/ciphers.html

To change the current model, you may modify this code: https://github.com/prbinu/tls-scan/commit/ed2b34f4a5b3cfcf2ad719fa4bb2f65922eece41#diff-2045016cb90d1e65d71c2407a2570927R1305

ealashwali commented 5 years ago

Thanks. I can not use the --tls1_3 as it does not serve my purpose. None of these options provide the list of ciphers and the order I need. I need a custom list that is not in these options.

What do you mean by change the current model? Do you mean change the --tls1_3 list to my custom list? If I changed the code, how to change the compilation file to compile my local code instead of pulling your code? Can you point to me in the .sh file?

I prefer to use the --ciphers to specify the list of ciphersuites as this is what it is designed for (I do not add any other options like --tls1_3, etc. that will overwrite the custom ciphers.

In TLS 1.3 tls-scan does not send the order correctly.

ealashwali commented 5 years ago

My system's openssl is OpenSSL 1.1.0g. so when I type openssl ciphers it shows me the available ciphers of this version I think. How can I list the versions of the OpenSSL1.1.1a that is linked to tls-scan?

mattcaswell commented 5 years ago

TLSv1.3 ciphersuites work differently to ciphersuites in TLSv1.2. OpenSSL has a new API for managing them in version 1.1.1. You cannot use SSL_CTX_set_cipher_list() to set TLSv1.3 ciphersuites which - as far as I can tell - tls-scan is doing.

See the documentation here:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html

TLSv1.3 ciphersuites are set using SSL_CTX_set_ciphersuites().

ealashwali commented 5 years ago

@mattcaswell Is SSL_CTX_set_ciphersuites() backward compatible with TLSv1.2 and below ciphersuites? Because I need a custom list that (like browsers) have a mixture of TLSv1.3 and TLSv1.2 and DES ciphersuites.

mattcaswell commented 5 years ago

SSL_CTX_set_ciphersuites() is only for setting TLSv1.3 ciphersuites. It can be used in conjunction with SSL_CTX_set_cipher_list() which can be used for setting the TLSv1.2 ciphersuites. Note that you cannot specify the relative orderings of TLSv1.3 vs TLSv1.2 ciphersuites, i.e. TLSv1.3 ciphersuties always come before the TLSv1.2 ciphersuites. In practice this should make no difference at all since the two lists are mutually exclusive (TLSv1.3 ciphersuites can't be used in TLSv1.2 and below, and TLSv1.2 ciphersuites can't be used in TLSv1.3 and above).

ealashwali commented 5 years ago

@mattcaswell thanks. Yes I put TLSv1.3 ciphers before TLSv1.2. But TLSv1.3 ciphers themselves (I have about 3 or 4 TLSv1.3 ciphersuites) have orders and priorities. tls-scan doe not sent the TLSv1.3 ciphers in the order I specify in the command.

prbinu commented 5 years ago

@mattcaswell thank you for pointing out the issue. I was not aware of the new OpenSSL API.

@ealashwali I can try with the new API and hopefully that works for you.

ealashwali commented 5 years ago

@prbinu thanks. hopefully it solves the issue. Just ping me plz when this is done.

ealashwali commented 5 years ago

@prbinu Is there any update?

prbinu commented 5 years ago

build and try now.

ealashwali commented 5 years ago

Thanks. The ciphersuites order in the wire is now similar to the one in the command.