search

zmap / zcrypto

Liberal Go TLS + X.509 Library for Research
Other
134 stars 83 forks source link

Chrome cipher list is out of date #136

Open dadrian opened 6 years ago

dadrian commented 6 years ago

See https://github.com/zmap/zgrab/issues/309

I'm not sure how far out of sync we are---I know Chrome's using all the fancy DJB crypto (X25519, ChaCha, etc) and I'm not sure what we support. We'll need to grab a cipherlist from Chrome and see what they send, then figure out which of those ciphers we can even speak.

dadrian commented 6 years ago 
Cipher Suites (17 suites)
    Cipher Suite: Reserved (GREASE) (0x3a3a)
    Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
    Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
    Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
    Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
    Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Latest Chrome on OS X

zakird commented 6 years ago

Note that the first several are 1.3 ciphers, which really threw me off for a moment:

Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)

On Mon, Jun 25, 2018 at 10:18 AM David Adrian notifications@github.com wrote:

Cipher Suites (17 suites) Cipher Suite: Reserved (GREASE) (0x3a3a) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Latest Chrome on OS X

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zmap/zcrypto/issues/136#issuecomment-399968253, or mute the thread https://github.com/notifications/unsubscribe-auth/AAMSUPHEeIQ-qha76QrUl8_VlT1Q-ardks5uAPE9gaJpZM4U2MmV .

justinbastress commented 6 years ago

Confirmed that Windows Chrome has the same 17 (or 16 + GREASE; might be interesting to add something like that to zgrab)

ealashwali commented 6 years ago

Hi, I find that Censys Chrome's list still supports RC4 which affect the selected ciphersuite and the reports out of that. I looked at Chrome's list in your code and it is outdated.

Can you please let me know: 1) when can I expect to get Censys client hello similar to Chrome's latest update as the list below? or is there any specific reason you want to keep Chrome's outdated including RC4 and some unsupported ciphers? 2) There are many lists in:https://github.com/zmap/zcrypto/blob/master/tls/cipher_suites.go Does Censys rely on Chrome's list in producing the ciphersuites names reports?

I hope to hear from you soon. Thanks in advance.

This is the ciphers list in 

Reserved (GREASE) (0xcaca)
TLS_AES_128_GCM_SHA256 (0x1301)
TLS_AES_256_GCM_SHA384 (0x1302)
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

This is the outdated list in zcrypto (https://github.com/zmap/zcrypto/blob/master/tls/cipher_suites.go):

var ChromeCiphers []uint16 = []uint16{
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
    TLS_RSA_WITH_AES_128_GCM_SHA256,
    TLS_RSA_WITH_AES_256_CBC_SHA,
    TLS_RSA_WITH_AES_128_CBC_SHA,
    TLS_RSA_WITH_RC4_128_SHA,
    TLS_RSA_WITH_RC4_128_MD5,
    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
}
zakird commented 6 years ago

We don't have an exact time line when this will be resolved. If this is important to you, please consider submitting a pull request. On Mon, Jul 9, 2018 at 6:02 AM ealashwali notifications@github.com wrote:

Hi, I find that Censys Chrome's list still supports RC4 which affect the selected ciphersuite and the reports out of that. I looked at Chrome's list in your code and it is outdated.

Can you please let me know:

  1. when can I expect to get Censys client hello similar to Chrome's latest update as the list below? or is there any specific reason you want to keep Chrome's outdated including RC4 and some unsupported ciphers?
  2. There are many lists in: https://github.com/zmap/zcrypto/blob/master/tls/cipher_suites.go Does Censys rely on Chrome's list in producing the ciphersuites names reports?

I hope to hear from you soon. Thanks in advance.

This is the ciphers list in

Reserved (GREASE) (0xcaca) TLS_AES_128_GCM_SHA256 (0x1301) TLS_AES_256_GCM_SHA384 (0x1302) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

This is the outdated list in zcrypto ( https://github.com/zmap/zcrypto/blob/master/tls/cipher_suites.go):

var ChromeCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zmap/zcrypto/issues/136#issuecomment-403441768, or mute the thread https://github.com/notifications/unsubscribe-auth/AAMSUECid7tuCTbpdjuiClvISV_vyK7Zks5uEzhZgaJpZM4U2MmV .

ealashwali commented 6 years ago

I added a pull request. Please can you confirm to me it is received correctly? Please, when can it be integrated with the actual Censys search engine? Also, does Censys handshake (that produces the cipher names report) rely on Chrome ciphers, namely, "var ChromeCiphers" only that I edit? I will be very thankful for your collaboration as I want to use some Censys data for my research.

zakird commented 6 years ago

Thanks. Unfortunately, the PR doesn't quite hit the meat of the issue---these ciphers are going to need to be implemented and/or back ported from mainline Go in order for us to complete any handshakes. If you run tests on the project, it should help guide you in the right direction.