[SOLVED] openssl client test help please

aus9 · 11-23-2015, 05:12 PM

Hi

I don't run a server and am aware there a lots of server tests as some show up by searching here.

I have re-compiled openssl v 1.0.2d with configure that included

Code:

./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
shared zlib no-ssl2 no-ssl3

I used the internet to find a client test and changed the domain to
---snipped to show what I hope is relevant info

Code:

openssl s_client -connect google.com:443 -ssl3
CONNECTED(00000003)
snip
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 10620 bytes and written 305 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: CDA1D2D20450896150CB6958A79956AF6A78F9AA1754A9E82BAA8EBD4D6E1395
    Session-ID-ctx: 
Master-Key: 7BDE9F683FD9E3456E6AB300BC782E2476874D2616C57678289C91DE32AFA26999CB8F3B52328B2E478F39CA7D927DF5
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1448155249
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

My reference was/is
http://chrisburgess.com.au/how-to-te...vulnerability/

which claims

Quote:

SSLv3 Test Using the OpenSSL Client
openssl s_client -connect example.com:443 -ssl3

If it connects you are most likely vulnerable, if it fails it is most likely disabled

####################################
questions if I may?
1) Is this a reasonable client test for openssl?

2) As I attempted to connect using sslv3 why does the output show
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA

3) Does the presence of the cipher show it truly connected using sslv3?

Quote:

Protocol : SSLv3
Cipher : ECDHE-RSA-RC4-SHA

Comments. What I am hoping although I accept I may have failed, is some kind soul might suggest that the connection attempted sslv3 and then decided to use TLSv1

Thanks for reading

gordon

Habitual · 11-24-2015, 09:48 AM

Perhaps this can shed some light?

I get little resemblance from your query of google.com:443 -ssl3

Code:

echo | openssl s_client -connect google.com:443  -ssl3

Output at http://pastie.org/private/hkbc8ugdshilowopgwokg

aus9 · 11-24-2015, 06:11 PM

Habitual

True but yours still shows.....I snipped out the certificate stuff

Quote:

Protocol : SSLv3
Cipher : ECDHE-RSA-RC4-SHA

Thankyou for your link as it has other links of which I post just one
https://www.rfc-editor.org/rfc/rfc7525.txt

and the text link makes numerous references to ciphers to disable/recommend etc

It appears to be a server rather than a client reference but 4.2. Recommended Cipher Suites looks like I can re-compile to use those ciphers and test later

Quote:

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

These cipher suites are supported only in TLS 1.2 because they are
authenticated encryption (AEAD) algorithms [RFC5116].

Typically, in order to prefer these suites, the order of suites needs
to be explicitly configured in server software. (See [BETTERCRYPTO]
for helpful deployment guidelines, but note that its recommendations
differ from the current document in some details.) It would be ideal
if server software implementations were to prefer these suites by
default.

thanks again....post is still not solved as I still don't have an answer to my questions

aus9 · 11-24-2015, 06:43 PM

To anyone

I found a new command to try out as per https://wiki.openssl.org/index.php/M...Ciphers%281%29

Code:

openssl ciphers -ssl3
Error in cipher list
140649614739096:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1372:

If I go back to the old build which was compiled without the no-ssl2 no-ssl3 config I get

Code:

openssl ciphers -ssl3
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA

So does this mean that I don't have a cipher for sslv3 and therefore my attempt to connect to a server re-negotiated to TLS?

aus9 · 11-25-2015, 04:23 AM

drat can not delete. sorry

unSpawn · 11-29-2015, 06:01 PM

Try

Code:

true|openssl s_client -tls1_2 -servername www.bing.com -connect www.bing.com:443

? Using "ssl3" instead of "-tls1_2" should then result in something like:

Code:

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
(..)

meaning it doesn't do SSLv3 connections.

aus9 · 11-30-2015, 12:18 AM

Hi

Thanks for helping me out. Handshake and cipher seen for TLS command as expected

Code:

true|openssl s_client -tls1_2 -servername www.bing.com -connect www.bing.com:443
snip
SSL handshake has read 4151 bytes and written 553 bytes
snip
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384

########################################################################
# now try out sslv3

true|openssl s_client -ssl3 -servername www.bing.com -connect www.bing.com:443
# no snip for full test
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1448863735
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

to my eyesight.....I was mislead by the link in the first post claiming if you connect you are likely to be vulnerable

Instead if handshake shows zero bytes and no cipher shows up for sslv3 then that is a good result for my client test.

I will mark this as solved unless I have over looked something.

unSpawn no need to reply now unless you feel I am wrong again

No matter what, thankyou very much for taking time out to help me out