@@ -248,6 +248,7 @@ OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (
248248OPENSSL2_HAS_TLS_1_3=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true
249249OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # If you don't want automagically switch from $OPENSSL to $OPENSSL2 for TLS 1.3-only hosts, set this to false
250250OPENSSL_LOCATION=""
251+ OPENSSL_NOTIMEOUT="" # Needed for renegotiation tests
251252IKNOW_FNAME=false
252253FIRST_FINDING=true # is this the first finding we are outputting to file?
253254JSONHEADER=true # include JSON headers and footers in HTML file, if one is being created
@@ -17159,7 +17160,7 @@ run_ticketbleed() {
1715917160#
1716017161run_renego() {
1716117162 local legacycmd="" proto="$OPTIMAL_PROTO"
17162- local sec_renego sec_client_renego
17163+ local sec_renego
1716317164 local -i ret=0
1716417165 local cve=""
1716517166 local cwe="CWE-310"
@@ -17251,110 +17252,113 @@ run_renego() {
1725117252 elif [[ "$CLIENT_AUTH" == required ]] && [[ -z "$MTLS" ]]; then
1725217253 prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
1725317254 fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
17254- sec_client_renego=1
1725517255 else
1725617256 # We will need $ERRFILE for mitigation detection
1725717257 if [[ $ERRFILE =~ dev.null ]]; then
1725817258 ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
17259- # cleanup previous run if any (multiple IP)
17260- rm -f $ERRFILE
1726117259 restore_errfile=1
1726217260 else
1726317261 restore_errfile=0
1726417262 fi
17265- # We need up to two tries here, as some LiteSpeed servers don't answer on "R" and block. Thus first try in the background
17266- # msg enables us to look deeper into it while debugging
17267- echo R | $OPENSSL s_client $(s_client_options "$proto $BUGS $legacycmd $STARTTLS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
17268- wait_kill $! $HEADER_MAXSLEEP
17269- if [[ $? -eq 3 ]]; then
17270- pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out" # it hung
17271- fileout "$jsonID" "OK" "likely not vulnerable (timed out)" "$cve" "$cwe"
17272- sec_client_renego=1
17263+ [[ "$SERVICE" != HTTP ]] && ssl_reneg_attempts=1
17264+ # We try again if server is HTTP. This could be either a node.js server or something else.
17265+ # Mitigations (default values) for:
17266+ # - node.js allows 3x R and then blocks. So then 4x should be tested.
17267+ # - F5 BIG-IP ADS allows 5x R and then blocks. So then 6x should be tested.
17268+ # - Stormshield allows 9x and then blocks. So then 10x should be tested.
17269+ # This way we save a couple seconds as we weeded out the ones which are more robust
17270+ # Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS.
17271+
17272+ # Clear the log to not get the content of previous run before the execution of the new one.
17273+ # (Used in the loop tests before s_client invocation)
17274+ echo -n > $TMPFILE
17275+ echo -n > $ERRFILE
17276+ # RENEGOTIATING wait loop watchdog file
17277+ touch $TEMPDIR/allowed_to_loop
17278+ # If we dont wait for the session to be established on slow server, we will try to re-negotiate
17279+ # too early losing all the attempts before the session establishment as OpenSSL will not buffer them
17280+ # (only the first will be till the establishement of the session).
17281+ (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; ((j++)); done; \
17282+ # Connection could be closed by the server with 0 return value. We do one more iteration to not close
17283+ # s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
17284+ # See https://github.com/drwetter/testssl.sh/issues/2590
17285+ # In this case the added iteration is harmless as it will just spin in backgroup
17286+ for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R 2>/dev/null; k=0; \
17287+ # 0 means client is renegotiating & doesn't return an error --> vuln!
17288+ # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
17289+ # Exemption from above: server closed the connection but return value was zero
17290+ # See https://github.com/drwetter/testssl.sh/issues/1725 and referenced issue @haproxy
17291+ while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $((i+1)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] \
17292+ && [[ $(tail -1 $ERRFILE | grep -acE '^(RENEGOTIATING|depth|verify|notAfter)') -eq 1 ]] \
17293+ && [[ $k -lt 120 ]]; \
17294+ do sleep $ssl_reneg_wait; ((k++)); if (tail -5 $TMPFILE| grep -qa '^closed'); then break; fi; done; \
17295+ done) | \
17296+ $OPENSSL_NOTIMEOUT s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE &
17297+ pid=$!
17298+ ( sleep $((ssl_reneg_attempts*3+3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
17299+ watcher=$!
17300+ # Trick to get the return value of the openssl command, output redirection and a timeout.
17301+ # Yes, some target hang/block after some tries (some LiteSpeed servers don't answer at all on "R" and block).
17302+ wait $pid
17303+ tmp_result=$?
17304+ pkill -HUP -P $watcher
17305+ wait $watcher
17306+ # Stop any background wait loop
17307+ rm -f $TEMPDIR/allowed_to_loop
17308+ # If we are here, we have done the loop. Count the effective renego attempts.
17309+ # It could be less than the numbers of "for" iterations (minus one) in case of late server close.
17310+ loop_reneg=$(grep -ac '^RENEGOTIATING' $ERRFILE)
17311+ # As above, some servers close the connection and return value is zero
17312+ if (tail -5 $TMPFILE | grep -qa '^closed'); then
17313+ tmp_result=1
17314+ fi
17315+ # timeout reached ?
17316+ if [[ -f $TEMPDIR/was_killed ]]; then
17317+ tmp_result=2
17318+ rm -f $TEMPDIR/was_killed
17319+ fi
17320+ if [[ $tmp_result -eq 1 ]] && [[ loop_reneg -eq 1 ]]; then
17321+ tmp_result=3
17322+ fi
17323+ if [[ $SERVICE != HTTP ]]; then
17324+ # theoretic possible case
17325+ if [[ $loop_reneg -eq 2 ]]; then
17326+ tmp_result=0
17327+ fi
17328+ case $tmp_result in
17329+ 0) pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
17330+ fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
17331+ ;;
17332+ 1|3) prln_svrty_good "not vulnerable (OK)"
17333+ fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
17334+ ;;
17335+ 2) pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out ($((${ssl_reneg_attempts}*3+3))s)" # it hung
17336+ fileout "$jsonID" "OK" "likely not vulnerable (timed out)" "$cve" "$cwe"
17337+ ;;
17338+ *) prln_warning "FIXME (bug): $sec_client_renego"
17339+ fileout "$jsonID" "DEBUG" "FIXME (bug) $sec_client_renego - Please report" "$cve" "$cwe"
17340+ ret=1
17341+ ;;
17342+ esac
1727317343 else
17274- # second try in the foreground as we are sure now it won't hang
17275- (echo R; sleep 1) | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
17276- sec_client_renego=$?
17277- # 0 means client is renegotiating & doesn't return an error --> vuln!
17278- # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
17279- if tail -5 $TMPFILE| grep -qa '^closed'; then
17280- # Exemption from above: server closed the connection but return value was zero
17281- # See https://github.com/testssl/testssl.sh/issues/1725 and referenced issue @haproxy
17282- sec_client_renego=1
17283- fi
17284- case "$sec_client_renego" in
17285- 0) # We try again if server is HTTP. This could be either a node.js server or something else.
17286- # Mitigations (default values) for:
17287- # - node.js allows 3x R and then blocks. So then 4x should be tested.
17288- # - F5 BIG-IP ADS allows 5x R and then blocks. So then 6x should be tested.
17289- # - Stormshield allows 9x and then blocks. So then 10x should be tested.
17290- # This way we save a couple seconds as we weeded out the ones which are more robust
17291- # Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS.
17292- if [[ $SERVICE != HTTP ]]; then
17293- pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
17294- fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
17295- else
17296- # Clear the log to not get the content of previous run before the execution of the new one.
17297- echo -n > $TMPFILE
17298- #RENEGOTIATING wait loop watchdog file
17299- touch $TEMPDIR/allowed_to_loop
17300- # If we dont wait for the session to be established on slow server, we will try to re-negotiate
17301- # too early losing all the attempts before the session establishment as OpenSSL will not buffer them
17302- # (only the first will be till the establishement of the session).
17303- (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; ((j++)); done; \
17304- for ((i=0; i < ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
17305- while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $((i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] \
17306- && [[ $(tail -n1 $ERRFILE |grep -acE '^(RENEGOTIATING|depth|verify|notAfter)') -eq 1 ]] \
17307- && [[ $k -lt 120 ]]; \
17308- do sleep $ssl_reneg_wait; ((k++)); if (tail -5 $TMPFILE| grep -qa '^closed'); then sleep 1; break; fi; done; \
17309- done) | \
17310- $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
17311- pid=$!
17312- ( sleep $((ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
17313- watcher=$!
17314- # Trick to get the return value of the openssl command, output redirection and a timeout.
17315- # Yes, some target hang/block after some tries.
17316- wait $pid
17317- tmp_result=$?
17318- pkill -HUP -P $watcher
17319- wait $watcher
17320- rm -f $TEMPDIR/allowed_to_loop
17321- # If we are here, we have done two successful renegotiation (-2) and do the loop
17322- loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE)-2))
17323- # As above, some servers close the connection and return value is zero
17324- if (tail -5 $TMPFILE| grep -qa '^closed'); then
17325- tmp_result=1
17326- fi
17327- if [[ -f $TEMPDIR/was_killed ]]; then
17328- tmp_result=2
17329- rm -f $TEMPDIR/was_killed
17330- fi
17331- case $tmp_result in
17332- 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
17333- fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
17334- ;;
17335- 1) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated (disconnect after $loop_reneg/$ssl_reneg_attempts attempts)"
17336- fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
17337- ;;
17338- 2) pr_svrty_good "not vulnerable (OK)"; \
17339- outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in $((${ssl_reneg_attempts}*3))s(timeout))"
17340- fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
17341- ;;
17342- *) prln_warning "FIXME (bug): $sec_client_renego ($ssl_reneg_attempts tries)"
17343- fileout "$jsonID" "DEBUG" "FIXME (bug $ssl_reneg_attempts tries) $sec_client_renego" "$cve" "$cwe"
17344- ret=1
17345- ;;
17346- esac
17347- fi
17348- ;;
17349- 1)
17350- prln_svrty_good "not vulnerable (OK)"
17351- fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
17352- ;;
17353- *)
17354- prln_warning "FIXME (bug): $sec_client_renego"
17355- fileout "$jsonID" "DEBUG" "FIXME (bug) $sec_client_renego - Please report" "$cve" "$cwe"
17356- ret=1
17357- ;;
17344+ case $tmp_result in
17345+ 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
17346+ fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
17347+ ;;
17348+ 1) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated (disconnect after $loop_reneg/$ssl_reneg_attempts attempts)"
17349+ fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
17350+ ;;
17351+ 3) prln_svrty_good "not vulnerable (OK)"
17352+ fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
17353+ ;;
17354+ 2) pr_svrty_good "not vulnerable (OK)"; \
17355+ outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in $((${ssl_reneg_attempts}*3+3))s(timeout))"
17356+ fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
17357+ ;;
17358+ *) prln_warning "FIXME (bug): $sec_client_renego ($ssl_reneg_attempts tries)"
17359+ fileout "$jsonID" "DEBUG" "FIXME (bug $ssl_reneg_attempts tries) $sec_client_renego" "$cve" "$cwe"
17360+ ret=1
17361+ ;;
1735817362 esac
1735917363 fi
1736017364 fi
@@ -20530,6 +20534,8 @@ find_openssl_binary() {
2053020534 fi
2053120535 fi
2053220536
20537+ OPENSSL_NOTIMEOUT=$OPENSSL
20538+
2053320539 if ! "$do_mass_testing"; then
2053420540 if [[ -n $OPENSSL_TIMEOUT ]]; then
2053520541 OPENSSL="$TIMEOUT_CMD $OPENSSL_TIMEOUT $OPENSSL"
0 commit comments