noxxi / p5-ssl-tools Goto Github PK

The following execution reports no starttls supported:

$ current/bin/check-ssl-heartbleed.pl --starttls smtp mx00.emig.gmx.net:25
...reply to starttls: 503
no starttls supported

Ideed the server supports STARTTLS:

$ echo QUIT | openssl s_client -starttls smtp -connect mx00.emig.gmx.net:25
CONNECTED(00000003)
depth=2 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
...
250 STARTTLS
DONE

Hi. I am running the analyze-ssl.pl script with the --all-ciphers option and it's taking ages. I can see it's doing something in Wireshark but otherwise I would just have been staring at an unresponsive prompt for hours. Even knowing it's doing something doesn't tell me how far there is to go. Some kind of "testing cipher number x out of y" indicator would be most appreicated.

When I run the script on a endpoint im trying to connect to I get:

supported ciphers with SSLv23 handshake
   * TLSv1_2 AES128-GCM-SHA256
   * TLSv1_2 AES256-GCM-SHA384
   * TLSv1_2 AES128-SHA256
   * TLSv1_2 AES256-SHA256
   * TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256
   * TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384
   * TLSv1_2 ECDHE-RSA-AES128-SHA256
   * TLSv1_2 ECDHE-RSA-AES256-SHA384

These cipher suite names don't match the standard exactly. I don't know enough to say which of the cipher suites supports my client. How am I suppose to know which ones I can use?

These are the ciphers my client (Websphere 8.5) supports:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_RC4_128_SHA
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
SSL_ECDHE_ECDSA_WITH_RC4_128_SHA
SSL_ECDHE_RSA_WITH_RC4_128_SHA
SSL_ECDH_ECDSA_WITH_RC4_128_SHA
SSL_ECDH_RSA_WITH_RC4_128_SHA
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

These names aren't exactly right either should start with TLS instead of SSL.

The standard cipher suite names are defined here:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

analyze.pl -> analyze-ssl.pl

And to keep it consistent the other script names should also end in '.pl'.

The usage says that "--dump_chain" should be used to dump the certificate chain, but the correct spelling is "--dump-chain".

I need to be able to run this script using a specific proxy script. How can that be done...or can it?

Not this scripts fault ... google search ' c04249852 site:hp.com'

However, the first-generation iLO and iLO 2 products use the RSA SSL libraries and there is a bug in these libraries that will cause first-generation iLO and iLO 2 devices to enter a live lockup situation when a vulnerability scanner runs to check for the Heartbleed vulnerability. Although the server's operating system will continue to function normally, first-generation iLO and iLO 2 will no longer be responsive over the management network.

I came across this through https://stackoverflow.com/questions/31684855/java-ssl-exception-protocol-version-when-trying-to-use-httpclient-to-log-into-a/37425048, and the analyze-ssl.pl script helped me solve my problem, too. I just noted a minor quirk that I wanted to report (I have to mask the real IP):

Use of uninitialized value $sni in concatenation (.) or string at analyze-ssl.pl line 304.
-- #.###.###.## port 8443
 ! using SNI (default)

I've been testing this script and it works great but i'm come across some machines which have SMTP port 25 open and when trying to exploit the vulnerability using STARTTLS, the script returns a timeout error.
However, testing it with other implementations like https://github.com/sensepost/heartbleed-poc work fine.
The issue is probably related to the case when the server dumps the memory through heartbleed but doesn't close the connection and makes the script time out. There have been reports of the same false negative on other scritps.
On the _readframe function, If you print the buffer before returning you will see some garbage followed by the bleed:

if ( ! select( my $rout = $rin,undef,undef,$timeout )) {
    $$rerr = 'timeout';
    print Dumper $buf ."\n";    ---> added this line - It dumps the server bleed (i used the module Data::Dumper)
    return;
};