Esempio n. 1
0
    /*
     * Encode the report as JSON.
     */
    internal void Print(JSON js)
    {
        js.OpenInit(false);
        js.AddPair("connectionName", connName);
        js.AddPair("connectionPort", connPort);
        js.AddPair("SNI", sni);
        if (ssl2Suites != null && ssl2Suites.Length > 0)
        {
            js.OpenPairObject("SSLv2");
            js.OpenPairArray("suites");
            foreach (int s in ssl2Suites)
            {
                js.OpenElementObject();
                js.AddPair("id", s);
                js.AddPair("name", CipherSuite.ToNameV2(s));
                js.Close();
            }
            js.Close();
            js.Close();
        }

        foreach (int v in suites.Keys)
        {
            js.OpenPairObject(M.VersionString(v));
            SupportedCipherSuites scs = suites[v];
            string sel;
            if (scs.PrefClient)
            {
                sel = "client";
            }
            else if (scs.PrefServer)
            {
                sel = "server";
            }
            else
            {
                sel = "complex";
            }
            js.AddPair("suiteSelection", sel);
            js.OpenPairArray("suites");
            foreach (int s in scs.Suites)
            {
                js.OpenElementObject();
                js.AddPair("id", s);
                js.AddPair("name", CipherSuite.ToName(s));
                CipherSuite cs;
                if (CipherSuite.ALL.TryGetValue(s, out cs))
                {
                    js.AddPair("strength", cs.Strength);
                    js.AddPair("forwardSecrecy",
                               cs.HasForwardSecrecy);
                    js.AddPair("anonymous",
                               cs.IsAnonymous);
                    js.AddPair("serverKeyType",
                               cs.ServerKeyType);
                }
                js.Close();
            }
            js.Close();
            js.Close();
        }

        if (ssl2Chain != null)
        {
            js.OpenPairObject("ssl2Cert");
            PrintCert(js, ssl2Chain, 0);
            js.Close();
        }

        js.OpenPairArray("ssl3Chains");
        foreach (X509Chain xchain in chains.Values)
        {
            js.OpenElementObject();
            int n = xchain.Elements.Length;
            js.AddPair("length", n);
            js.AddPair("decoded", xchain.Decodable);
            if (xchain.Decodable)
            {
                js.AddPair("namesMatch", xchain.NamesMatch);
                js.AddPair("includesRoot", xchain.IncludesRoot);
                js.OpenPairArray("signHashes");
                foreach (string name in xchain.SignHashes)
                {
                    js.AddElement(name);
                }
                js.Close();
            }
            js.OpenPairArray("certificates");
            for (int i = 0; i < n; i++)
            {
                js.OpenElementObject();
                PrintCert(js, xchain, i);
                js.Close();
            }
            js.Close();
            js.Close();
        }
        js.Close();

        js.AddPair("deflateCompress", DeflateCompress);
        if (serverTimeOffset == Int64.MinValue)
        {
            js.AddPair("serverTime", "none");
        }
        else if (serverTimeOffset == Int64.MaxValue)
        {
            js.AddPair("serverTime", "random");
        }
        else
        {
            DateTime dt = DateTime.UtcNow;
            dt = dt.AddMilliseconds((double)serverTimeOffset);
            js.AddPair("serverTime", string.Format(
                           "{0:yyyy-MM-dd HH:mm:ss} UTC", dt));
            js.AddPair("serverTimeOffsetMillis",
                       serverTimeOffset);
        }
        js.AddPair("secureRenegotiation", doesRenego);
        js.AddPair("rfc7366EtM", doesEtM);
        js.AddPair("ssl2HelloFormat", helloV2);
        if (minDHSize > 0)
        {
            js.AddPair("minDHSize", minDHSize);
            js.AddPair("kxReuseDH", kxReuseDH);
        }
        if (minECSize > 0)
        {
            js.AddPair("minECSize", minECSize);
        }
        if (minECSizeExt > 0)
        {
            js.AddPair("minECSizeExt", minECSizeExt);
        }
        if (minECSize > 0 || minECSizeExt > 0)
        {
            js.AddPair("kxReuseECDH", kxReuseECDH);
        }

        if ((namedCurves != null && namedCurves.Length > 0) ||
            curveExplicitPrime > 0 || curveExplicitChar2 > 0)
        {
            js.OpenPairArray("namedCurves");
            foreach (SSLCurve nc in namedCurves)
            {
                js.OpenElementObject();
                js.AddPair("name", nc.Name);
                js.AddPair("size", nc.Size);
                js.AddPair("spontaneous", IsSpontaneous(nc));
                js.Close();
            }
            if (curveExplicitPrime > 0)
            {
                js.OpenElementObject();
                js.AddPair("name", "explicitPrime");
                js.AddPair("size", curveExplicitPrime);
                js.Close();
            }
            if (curveExplicitChar2 > 0)
            {
                js.OpenElementObject();
                js.AddPair("name", "explicitChar2");
                js.AddPair("size", curveExplicitChar2);
                js.Close();
            }
            js.Close();
        }

        if (warnings == null)
        {
            Analyse();
        }
        js.OpenPairArray("warnings");
        foreach (string k in warnings.Keys)
        {
            js.OpenElementObject();
            js.AddPair("id", k);
            js.AddPair("text", warnings[k]);
            js.Close();
        }
        js.Close();
        js.Close();
    }
Esempio n. 2
0
    public static void UpdateReportAggregator(ReportAggregator aggregator, Report report)
    {
        String serverUnderTest = $"{report.ConnName}:{report.ConnPort}";

        if (report.SSLv2Chain != null)
        {
            aggregator.AddSsl2Cert(serverUnderTest, report.SSLv2Chain);
            X509Cert xc = report.SSLv2Chain.ElementsRev[0];
            if (xc != null && xc.ValidTo.CompareTo(DateTime.Now) < 0)
            {
                aggregator.AddOverduedCertificate(serverUnderTest, xc.ValidTo);
            }
        }

        if (report.ssl2Suites != null && report.ssl2Suites.Length > 0)
        {
            aggregator.AddSuportedSslVersion(M.VersionString(M.SSLv20));
            foreach (int s in report.ssl2Suites)
            {
                aggregator.AddSupportedCipherSuite(CipherSuite.ToNameV2(s));
            }
        }

        aggregator.AddSsl3Certs(serverUnderTest, report.chains.Values);
        InspectCerts(aggregator, report, serverUnderTest);

        foreach (int v in report.suites.Keys)
        {
            aggregator.AddSuportedSslVersion(M.VersionString(v));
            SupportedCipherSuites scs = report.suites[v];
            if (scs.PrefClient)
            {
                aggregator.AddCipherSuiteSelectionMode("uses client preferences");
            }
            else if (scs.PrefServer)
            {
                aggregator.AddCipherSuiteSelectionMode("enforce server preferences");
            }
            else
            {
                aggregator.AddCipherSuiteSelectionMode("complex");
            }
            foreach (int s in scs.Suites)
            {
                CipherSuite cs;
                string      strength;
                string      fsf;
                string      anon;
                string      kt;
                if (CipherSuite.ALL.TryGetValue(s, out cs))
                {
                    strength = cs.Strength.ToString();
                    fsf      = cs.HasForwardSecrecy ? "f" : "-";
                    anon     = cs.IsAnonymous ? "A" : "-";
                    kt       = cs.ServerKeyType;
                }
                else
                {
                    strength = "?";
                    fsf      = "?";
                    anon     = "?";
                    kt       = "?";
                }
                aggregator.AddSupportedCipherSuite($"{strength}{fsf}{anon} (key: {kt,4})  {CipherSuite.ToName(s)}");
            }
        }

        foreach (var warning in report.Warnings)
        {
            aggregator.AddWarning(warning.Value);
        }
    }
Esempio n. 3
0
    /*
     * Print the report on the provided writer (text version for
     * humans).
     */
    internal void Print(TextWriter w)
    {
        w.WriteLine("Connection: {0}:{1}", connName, connPort);
        if (sni == null)
        {
            w.WriteLine("No SNI sent");
        }
        else
        {
            w.WriteLine("SNI: {0}", sni);
        }
        if (ssl2Suites != null && ssl2Suites.Length > 0)
        {
            w.WriteLine("  {0}", M.VersionString(M.SSLv20));
            foreach (int s in ssl2Suites)
            {
                w.WriteLine("     {0}",
                            CipherSuite.ToNameV2(s));
            }
        }
        SupportedCipherSuites last = null;

        foreach (int v in suites.Keys)
        {
            w.Write("  {0}:", M.VersionString(v));
            SupportedCipherSuites scs = suites[v];
            if (scs.Equals(last))
            {
                w.WriteLine(" idem");
                continue;
            }
            last = scs;
            w.WriteLine();
            w.Write("     server selection: ");
            if (scs.PrefClient)
            {
                w.WriteLine("uses client preferences");
            }
            else if (scs.PrefServer)
            {
                w.WriteLine("enforce server preferences");
            }
            else
            {
                w.WriteLine("complex");
            }
            foreach (int s in scs.Suites)
            {
                CipherSuite cs;
                string      strength;
                string      fsf;
                string      anon;
                string      kt;
                if (CipherSuite.ALL.TryGetValue(s, out cs))
                {
                    strength = cs.Strength.ToString();
                    fsf      = cs.HasForwardSecrecy ? "f" : "-";
                    anon     = cs.IsAnonymous ? "A" : "-";
                    kt       = cs.ServerKeyType;
                }
                else
                {
                    strength = "?";
                    fsf      = "?";
                    anon     = "?";
                    kt       = "?";
                }
                w.WriteLine("     {0}{1}{2} (key: {3,4})  {4}",
                            strength, fsf, anon, kt,
                            CipherSuite.ToName(s));
            }
        }
        w.WriteLine("=========================================");
        if (ssl2Chain != null)
        {
            w.WriteLine("+++++ SSLv2 certificate");
            PrintCert(w, ssl2Chain, 0);
        }
        w.WriteLine("+++++ SSLv3/TLS: {0} certificate chain(s)",
                    chains.Count);
        foreach (X509Chain xchain in chains.Values)
        {
            int n = xchain.Elements.Length;
            w.WriteLine("+++ chain: length={0}", n);
            if (xchain.Decodable)
            {
                w.WriteLine("names match:        {0}",
                            xchain.NamesMatch ? "yes" : "no");
                w.WriteLine("includes root:      {0}",
                            xchain.IncludesRoot ? "yes" : "no");
                w.Write("signature hash(es):");
                foreach (string name in xchain.SignHashes)
                {
                    w.Write(" {0}", name);
                }
                w.WriteLine();
            }
            else if (n == 0)
            {
                w.WriteLine("CHAIN IS EMPTY");
            }
            else
            {
                w.WriteLine("CHAIN PROCESSING ERROR");
            }
            for (int i = 0; i < n; i++)
            {
                w.WriteLine("+ certificate order: {0}", i);
                PrintCert(w, xchain, i);
            }
        }
        w.WriteLine("=========================================");
        w.WriteLine("Server compression support: {0}",
                    DeflateCompress ? "yes" : "no");
        if (serverTimeOffset == Int64.MinValue)
        {
            w.WriteLine("Server does not send its system time.");
        }
        else if (serverTimeOffset == Int64.MaxValue)
        {
            w.WriteLine("Server sends a random system time.");
        }
        else
        {
            DateTime dt = DateTime.UtcNow;
            dt = dt.AddMilliseconds((double)serverTimeOffset);
            w.WriteLine("Server time: {0:yyyy-MM-dd HH:mm:ss} UTC"
                        + " (offset: {1} ms)", dt, serverTimeOffset);
        }
        w.WriteLine("Secure renegotiation support: {0}",
                    doesRenego ? "yes" : "no");
        w.WriteLine("Encrypt-then-MAC support (RFC 7366): {0}",
                    doesEtM ? "yes" : "no");
        w.WriteLine("SSLv2 ClientHello format (for SSLv3+): {0}",
                    helloV2 ? "yes" : "no");
        if (minDHSize > 0)
        {
            w.WriteLine("Minimum DH size: {0}", minDHSize);
            w.WriteLine("DH parameter reuse: {0}",
                        kxReuseDH ? "yes" : " no");
        }
        if (minECSize > 0)
        {
            w.WriteLine("Minimum EC size (no extension):   {0}",
                        minECSize);
        }
        if (minECSizeExt > 0)
        {
            w.WriteLine("Minimum EC size (with extension): {0}",
                        minECSizeExt);
            if (minECSize == 0)
            {
                w.WriteLine("Server does not use EC without"
                            + " the client extension");
            }
        }
        if (minECSize > 0 || minECSizeExt > 0)
        {
            w.WriteLine("ECDH parameter reuse: {0}",
                        kxReuseECDH ? "yes" : " no");
        }
        if (namedCurves != null && namedCurves.Length > 0)
        {
            w.WriteLine("Supported curves (size and name)"
                        + " ('*' = selected by server):");
            foreach (SSLCurve nc in namedCurves)
            {
                w.WriteLine("  {0} {1,3}  {2}",
                            IsSpontaneous(nc) ? "*" : " ",
                            nc.Size, nc.Name);
            }
            if (curveExplicitPrime > 0)
            {
                w.WriteLine("  explicit prime, size = {0}",
                            curveExplicitPrime);
            }
            if (curveExplicitChar2 > 0)
            {
                w.WriteLine("  explicit char2, size = {0}",
                            curveExplicitChar2);
            }
        }

        w.WriteLine("=========================================");
        if (warnings == null)
        {
            Analyse();
        }
        if (warnings.Count == 0)
        {
            w.WriteLine("No warning.");
        }
        else
        {
            foreach (string k in warnings.Keys)
            {
                w.WriteLine("WARN[{0}]: {1}", k, warnings[k]);
            }
        }
    }
Esempio n. 4
0
    /*
     * Print the report on the provided writer (text version for
     * humans).
     */
    internal void Print(TextWriter w)
    {
        w.WriteLine("Connection: {0}:{1}", connName, connPort);
        if (sni == null)
        {
            w.WriteLine("No SNI sent");
        }
        else
        {
            w.WriteLine("SNI: {0}", sni);
        }
        if (ssl2Suites != null && ssl2Suites.Length > 0)
        {
            w.WriteLine("  {0}", M.VersionString(M.SSLv20));
            foreach (int s in ssl2Suites)
            {
                w.WriteLine("     {0}",
                            CipherSuite.ToNameV2(s));
            }
        }
        SupportedCipherSuites last = null;

        foreach (int v in suites.Keys)
        {
            w.Write("  {0}:", M.VersionString(v));
            SupportedCipherSuites scs = suites[v];
            if (scs.Equals(last))
            {
                w.WriteLine(" idem");
                continue;
            }
            last = scs;
            w.WriteLine();
            w.Write("     server selection: ");
            if (scs.PrefClient)
            {
                w.WriteLine("uses client preferences");
            }
            else if (scs.PrefServer)
            {
                w.WriteLine("enforce server preferences");
            }
            else
            {
                w.WriteLine("complex");
            }
            foreach (int s in scs.Suites)
            {
                CipherSuite cs;
                string      strength;
                string      fsf;
                string      anon;
                string      kt;
                if (CipherSuite.ALL.TryGetValue(s, out cs))
                {
                    strength = cs.Strength.ToString();
                    fsf      = cs.HasForwardSecrecy ? "f" : "-";
                    anon     = cs.IsAnonymous ? "A" : "-";
                    kt       = cs.ServerKeyType;
                }
                else
                {
                    strength = "?";
                    fsf      = "?";
                    anon     = "?";
                    kt       = "?";
                }
                w.WriteLine("     {0}{1}{2} (key: {3,4})  {4}",
                            strength, fsf, anon, kt,
                            CipherSuite.ToName(s));
            }
        }
        w.WriteLine("=========================================");
        if (ssl2Chain != null)
        {
            w.WriteLine("+++++ SSLv2 certificate");
            PrintCert(w, ssl2Chain, 0, withPEM);
        }
        w.WriteLine("+++++ SSLv3/TLS: {0} certificate chain(s)",
                    chains.Count);
        foreach (X509Chain xchain in chains.Values)
        {
            PrintChain(w, xchain, withPEM);
        }
        w.WriteLine("=========================================");
        w.WriteLine("Server compression support: {0}",
                    DeflateCompress ? "yes" : "no");
        if (serverTimeOffset == Int64.MinValue)
        {
            w.WriteLine("Server does not send its system time.");
        }
        else if (serverTimeOffset == Int64.MaxValue)
        {
            w.WriteLine("Server sends a random system time.");
        }
        else
        {
            DateTime dt = DateTime.UtcNow;
            dt = dt.AddMilliseconds((double)serverTimeOffset);
            w.WriteLine("Server time: {0:yyyy-MM-dd HH:mm:ss} UTC"
                        + " (offset: {1} ms)", dt, serverTimeOffset);
        }
        w.WriteLine("Secure renegotiation support: {0}",
                    doesRenego ? "yes" : "no");
        if (minDHSize > 0)
        {
            w.WriteLine("Minimum DH size: {0}", minDHSize);
        }
        if (minECSize > 0)
        {
            w.WriteLine("Minimum EC size (no extension):   {0}",
                        minECSize);
        }
        if (minECSizeExt > 0)
        {
            w.WriteLine("Minimum EC size (with extension): {0}",
                        minECSizeExt);
        }
        if (namedCurves != null && namedCurves.Length > 0)
        {
            w.WriteLine("Supported curves (size and name)"
                        + " ('*' = selected by server):");
            foreach (SSLCurve nc in namedCurves)
            {
                w.WriteLine("  {0} {1,3}  {2}",
                            IsSpontaneous(nc) ? "*" : " ",
                            nc.Size, nc.Name);
            }
            if (curveExplicitPrime > 0)
            {
                w.WriteLine("  explicit prime, size = {0}",
                            curveExplicitPrime);
            }
            if (curveExplicitChar2 > 0)
            {
                w.WriteLine("  explicit char2, size = {0}",
                            curveExplicitChar2);
            }
        }

        w.WriteLine("=========================================");
        if (warnings == null)
        {
            Analyse();
        }
        if (warnings.Count == 0)
        {
            w.WriteLine("No warning.");
        }
        else
        {
            foreach (string k in warnings.Keys)
            {
                w.WriteLine("WARN[{0}]: {1}", k, warnings[k]);
            }
        }
    }