SSL/TLS深度解析--测试TLS/SSL加密
本文共 15983 字,大约阅读时间需要 53 分钟。
- 项目地址
testssl.sh 是一个免费且开源的功能丰富的命令行工具,用于在 Linux/BSD 服务器上检查支持加密,协议和一些加密缺陷的支持 TLS/SSL 加密的服务。
git clone --depth 1 --branch 2.9.5 https://github.com/drwetter/testssl.sh.git
- 错误
Fatal error: Neither "dig", "host", "drill" or "nslookup" is present
- 解决方法
[root@localhost testssl.sh]# yum install bind-utils -y
- 常用参数
-b,-v:这2个是显示版本的testssl自身的信息
-V:输出现有的本机密码套件列表 -t(--startssl):指明要测试的协议:https ,ftp,smtp,pop3,imap,xmpp,telnet,ldap,postgres,mysql,其中 telnet,ldap,postgres ,mysql 这4个协议要指定openssl --mode < serial| parallel> 模式,默认是串行模式,若多核CPU大规模测试可选并行 --parallel:选项启用并行测试 (默认是串行),等同于 --mode parallel -e:测试每个密码套件 -E:测试每个协议(SSL2 SSL3 TLS1 TLS1.1 TLS1.2) -s (--std):测试加密强度很高的一些密码套件 -p(--protocols ) :测试每个TLS与SSL协议 并且检测 spdy 与 http2 -S:测试并显示服务器端证书信息 -P:测试并显示服务器偏好(也就是服务器优先配置的TLS协议和密码套件) -x( --single-cipher <pattern> ): 指定一个密码套件,也就是测试一下是否支持指定的这个套件 -c:测试客户端支持情况 -h (--header):测试是否支持 HSTS, HPKP, cookie ,ipv4 ,代理 ,安全头部等 -U:测试所有的漏洞
所有漏洞
-H, --heartbleed:tests for Heartbleed vulnerability -I, --ccs, --ccs-injection:tests for CCS injection vulnerability -T, --ticketbleed:tests for Ticketbleed vulnerability in BigIP loadbalancers -R, --renegotiation:tests for renegotiation vulnerabilities -C, --compression, --crime:tests for CRIME vulnerability (TLS compression issue) -B, --breach:tests for BREACH vulnerability (HTTP compression issue) -O, --poodle:tests for POODLE (SSL) vulnerability-Z, --tls-fallback:checks TLS_FALLBACK_SCSV mitigation -W, --sweet32:tests 64 bit block ciphers (3DES, RC2 and IDEA): SWEET32 vulnerability -A, --beast:tests for BEAST vulnerability -L, --lucky13:tests for LUCKY13 -F, --freak:tests for FREAK vulnerability -J, --logjam:tests for LOGJAM vulnerability -D, --drown:tests for DROWN vulnerability -f, --pfs, --fs, --nsa:checks (perfect) forward secrecy settings -4, --rc4, --appelbaum:which RC4 ciphers are being offered?-6:支持ipv6
--ip [one]: 直接测试ip所指向的地址,不使用DNS解析出来的ip地址; 参数one 是指使用NDS解析返回的第一个IP地址,因为很多站点会有多个IP,那么会重复测试多次。 -n (--nodns) :不使用DNS --sneaky:在服务器端少留痕迹 --quiet:不输出banner --fast:只显示第一个密码套件 与-P 合用 --log:输出文档(有默认名称) --logfile:指定一个输出文档 --json:json格式的文档 (有默认名称) --jsonfile:指定一个json格式文档 --csv:csv格式的文档 (有默认名称) --csvfile:指定一个csv 格式文档 --html:html 格式文档 (有默认名) --htmlfile:指定一个html文档 --append:允许追加
- 测试
[root@localhost testssl.sh]# ./testssl.sh --quiet 172.16.216.188 Start 2018-11-10 23:08:40 -->> 172.16.216.188:443 (172.16.216.188) <<-- rDNS (172.16.216.188): -- Service detected: HTTP Testing protocols via sockets except SPDY+HTTP2 SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) SPDY/NPN http/1.1 (advertised) HTTP2/ALPN http/1.1 (offered) Testing ~standard cipher categories NULL ciphers (no encryption) not offered (OK) Anonymous NULL Ciphers (no authentication) not offered (OK) Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES encryption (w/o export) not offered (OK) Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK) Triple DES Ciphers (Medium) not offered (OK) High encryption (AES+Camellia, no AEAD) offered (OK) Strong encryption (AEAD ciphers) offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 Testing server preferences Has server cipher order? yes (OK) Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Cipher order TLSv1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA TLSv1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA Testing server defaults (Server Hello) TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "next protocol/#13172" "max fragment length/#1" "application layer protocol negotiation/#16" "encrypt-then-mac/#22" "extended master secret/#23" Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily SSL Session ID support yes Session Resumption Tickets: yes, ID: no TLS clock skew Random values, no fingerprinting possible Server Certificate #1 (in response to request w/o SNI) Signature Algorithm ECDSA with SHA384 Server key size RSA 2048 bits Fingerprint / Serial SHA1 126CAC24E8D08ED4BB90B330D166929C57D39A0D / 92F43BDFF9AC3B5CAA3189D661C69AFA SHA256 5C9AD396AE017DC395BF9720D3D00BAC6C5C28CBF1AA2D921F32930B125F9336 Common Name (CN) www.linuxplus.com subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining Issuer root_ca (CAdevops from CN) Trust (hostname) certificate does not match supplied URI Chain of trust NOT ok (chain incomplete) EV cert (experimental) no Certificate Expiration 294 >= 60 days (UTC: 2018-11-05 21:27 --> 2019-09-01 21:27) # of certificates provided 1 Certificate Revocation List NOT ok -- neither CRL nor OCSP URI provided OCSP URI -- OCSP stapling -- OCSP must staple no DNS CAA RR (experimental) -- Certificate Transparency no Server Certificate #2 (in response to request w/o SNI) Signature Algorithm ECDSA with SHA256 Server key size ECDSA 256 bits Fingerprint / Serial SHA1 F8DBD1BC27D744AC23C31C505C58FB55B33C7085 / 92F43BDFF9AC3B5CAA3189D661C69AFC SHA256 5C7FAD30072D151AD5D6EA1EC0CCA669C6C7A1E8CB66E3AC2341502763723409 Common Name (CN) www.linuxplus.com subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining Issuer root_ca (CAdevops from CN) Trust (hostname) certificate does not match supplied URI Chain of trust NOT ok (chain incomplete) EV cert (experimental) no Certificate Expiration 364 >= 60 days (UTC: 2018-11-10 22:32 --> 2019-11-10 22:32) # of certificates provided 1 Certificate Revocation List NOT ok -- neither CRL nor OCSP URI provided OCSP URI -- OCSP stapling -- OCSP must staple no DNS CAA RR (experimental) -- Certificate Transparency no Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew 0 sec from localtime Strict Transport Security -- Public Key Pinning -- Server banner nginx/1.15.5 Application banner -- Cookie(s) (none issued at "/") Security headers -- Reverse Proxy banner -- Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK) SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=5C9AD396AE017DC395BF9720D3D00BAC6C5C28CBF1AA2D921F32930B125F9336 could help you to find out LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected BEAST (CVE-2011-3389) TLS1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)----------------------------------------------------------------------------------------------------------------------------- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA Running client simulations via sockets Android 2.3.7 TLSv1.0 AES128-SHA Android 4.1.1 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) Android 4.3 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Android 7.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) Chrome 51 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) Chrome 57 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) Firefox 49 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Firefox 53 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519) IE 6 XP No connection IE 7 Vista TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) IE 8 XP No connection IE 8 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Edge 13 Win 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Edge 13 Win Phone 10 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Tor 17.0.9 Win 7 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) Java 6u45 TLSv1.0 AES128-SHA Java 7u25 TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256) Java 8u31 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Done 2018-11-10 23:10:25 [ 107s] -->> 172.16.216.188:443 (172.16.216.188) <<--
[root@www testssl.sh]# ./testssl.sh -c --quiet --html 172.16.216.188[root@www testssl.sh]# ll *.html-rw-r--r--. 1 root root 5687 11月 24 15:59 172.16.216.188_p443-20181124-1558.html[root@www testssl.sh]# ./testssl.sh -c --quiet --log 172.16.216.188[root@www testssl.sh]# ll *.log-rw-r--r--. 1 root root 985 11月 24 16:04 172.16.216.188_p443-20181124-1604.log
[root@www testssl.sh]# ./testssl.sh --quiet -U 172.16.216.188 Start 2018-11-24 16:06:40 -->> 172.16.216.188:443 (172.16.216.188) <<-- rDNS (172.16.216.188): -- Service detected: HTTP Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK) SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=5C9AD396AE017DC395BF9720D3D00BAC6C5C28CBF1AA2D921F32930B125F9336 could help you to find out LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected BEAST (CVE-2011-3389) TLS1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
转载于:https://blog.51cto.com/stuart/2321969
你可能感兴趣的文章
Android自定义属性
查看>>
Visual C#之核心语言
查看>>
代码重构(五):继承关系重构规则
查看>>
Windows App开发之集合控件与数据绑定
查看>>
中大型网站技术架构演变过程
查看>>
ARTS训练第三周
查看>>
vue中v-for循环如何将变量带入class的属性名中
查看>>
phpstorm xdebug remote配置
查看>>
引用与指针的区别
查看>>
pygtk笔记--2.1:布局容器,VBox、Hbox、Alignment
查看>>
dtree.js树的使用
查看>>
Springboot2.1.3 + redis 实现 cache序列化乱码问题
查看>>
线程什么时候需要同步,什么时候不需要同步?
查看>>
Struts2 自定义拦截器(方法拦截器)
查看>>
Linux服务器的那些性能参数指标
查看>>
BZOJ 2302: [HAOI2011]Problem c [DP 组合计数]
查看>>
c++ 11开始语言本身和标准库支持并发编程
查看>>
.NET Core 之 MSBuild 介绍
查看>>
iOS:即时通讯之<了解篇 SocKet>
查看>>
《JavaScript高级程序设计》读书笔记(十):本地对象Date
查看>>