sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard
verified publisher icon rbsec

Missing protocol and ciphers

Open shemsargent-ch opened this issue 2 years ago • 5 comments

I can connect to this server using TLS 1.0, but sslscan reports that protocol is not enabled. Nmap (report below) and Qualys SSL Labs show TLS 1.0 is enabled and return the same list of available ciphers. I can provide target server info privately on request.

kali@kali:~$ sslscan https://[redacted]
Version: 2.1.0-static
OpenSSL 3.0.10 1 Aug 2023

Connected to [redacted]

Testing SSL server [redacted] on port 443 using SNI name [redacted]

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     enabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   disabled
TLSv1.3   disabled

  TLS Fallback SCSV:
Server does not support TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:

  Supported Server Cipher(s):

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  *.[redacted]
Altnames: DNS:*.[redacted], DNS:[redacted]
Issuer:   DigiCert Global G2 TLS RSA SHA256 2020 CA1

Not valid before: May 30 00:00:00 2023 GMT
Not valid after:  Jun 16 23:59:59 2024 GMT

Compare to

kali@kali:~$ nmap -sV --script ssl-enum-ciphers -p 443 [redacted]
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-19 09:08 EDT
Nmap scan report for [redacted] ([redacted])
Host is up (0.017s latency).

PORT    STATE SERVICE    VERSION
443/tcp open  ssl/https?
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       CBC-mode cipher in SSLv3 (CVE-2014-3566)
|       Ciphersuite uses MD5 for message integrity
|       Forward Secrecy not supported by any cipher
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Forward Secrecy not supported by any cipher
|_  least strength: C

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.13 seconds

shemsargent-ch avatar Sep 19 '23 13:09 shemsargent-ch

Thanks for reporting this. If you can provide the target host to me, then I can probably debug this quickly. My e-mail address is jtesta at-sign positronsecurity dot com. Thanks!

jtesta avatar Sep 19 '23 13:09 jtesta

@shemsargent-ch : I submitted PR #295 to address this problem. Thanks for getting me the target host, and thanks for reporting!

jtesta avatar Sep 19 '23 15:09 jtesta

Interesting that the server is detecting and rejecting this - which I suppose is fairly sensible behaviour on their part.

Thanks as always.

rbsec avatar Sep 19 '23 17:09 rbsec

I suppose I'm surprised that most implementations didn't mind a ClientHello with no session ID. I would have thought that is a required field...

jtesta avatar Sep 19 '23 18:09 jtesta

The word "required" seems to have a fairly loose meaning to most of the people who write TLS stacks. As does the word "standard"...

rbsec avatar Sep 19 '23 18:09 rbsec