SSL Service testing

Postby **Bali** » Tue Aug 21, 2018 12:49 pm

The different implementations of SSL / TLS may contain vulnerabilities.

To verify this kind of services, I use sslyze (https://github.com/nabla-c0d3/sslyze). And for the presentation of possible vulnerabilities I use openssl, here's the cheatsheet: http://www.exploresecurity.com/wp-conte ... sheet.html

Here's what my dump/screenshot includes on my report:

Code: Select all

┌─╼[~] 
└╼  openssl s_client -connect google.com:443
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4800 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 0FC2117E85EF5A6E956EF6DE8300C5EDB2B83779DC67674904DB7FD5EB8D007D
    Session-ID-ctx: 
    Master-Key: D7EF320C36CBBBBBEB9EC14C8CD897DF6779C493921A792491A19A0BE4A6E06BEC074507876131FAF69EE5DD4416F3FA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 fe 59 44 84 61 dd ff-68 89 ff c5 5f c6 97 43   ..YD.a..h..._..C
    0010 - 75 bd 47 a4 2f b3 d4 e1-2a f9 d8 93 e9 35 1a 90   u.G./...*....5..
    0020 - 27 89 d8 e6 2d 24 29 33-32 36 a0 b1 93 a8 0a 0f   '...-$)326......
    0030 - fd 4f 40 ba 48 d5 42 7a-71 03 1e 0f 7b 87 34 ea   .O@.H.Bzq...{.4.
    0040 - 09 05 9b 94 4d dd ad c9-7b 5e 9b 28 78 e7 9c 5c   ....M...{^.(x..\
    0050 - 4d 23 65 d2 10 f5 e5 58-cf d2 da ef ca fa 83 40   M#e....X.......@
    0060 - 1c 8f b5 66 05 83 85 a2-5e 67 4c ed a5 c9 a8 96   ...f....^gL.....
    0070 - 14 03 90 78 a3 ce 2b de-2d 7d f1 68 76 50 8d 6e   ...x..+.-}.hvP.n
    0080 - 92 8d 39 41 27 37 80 4b-9c 5d ba 7d ec 7f a1 3a   ..9A'7.K.].}...:
    0090 - e4 4b f3 6e 4a d1 96 d2-ab 6d b8 df 5a db 2d 04   .K.nJ....m..Z.-.
    00a0 - d7 72 45 6d 78 38 a0 19-2a 86 68 72 02 b1 63 5c   .rEmx8..*.hr..c\
    00b0 - af 1c a6 1f 6d 8e cd 47-ae 72 22 ba ae a9 26 c1   ....m..G.r"...&.
    00c0 - d8 5a 9a 03 97 e1 99 12-47 4c 26 1d ab f8 41 2d   .Z......GL&...A-
    00d0 - ac fe 5d 20 92                                    ..] .

    Start Time: 1500452020
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=0

Marking the vulnerabilities accordingly.