Testing TLSv1.3 and supported ciphers

Published: 2019-10-22
Last Updated: 2019-10-22 19:36:18 UTC
by Bojan Zdrnja (Version: 1)
1 comment(s)

Few months ago I posted a series (well, actually 2) diaries about testing SSL/TLS configuration – if you missed them, the diaries are available here and here.
Recently I needed to test several brand new servers which were running TLSv1.3 (among the other protocols). As I use nmap as my main SSL/TLS configuration verification tool, I quickly found out that the scripts I described in previous diaries do not yet support TLSv1.3. This made me look for other options.

Since the TLSv1.3 standard has been published as a RFC, and is available at https://tools.ietf.org/html/rfc8446 we can expect that this protocol will be used more and more. However, things are not that simple: since the TLS Working Group published various draft versions, there have been different implementations published as well. In other words, these implementations, which are based on different draft versions do not work with each other!
While the nmap scripts do not work yet, there are several other options, let’s take a look at them.

1) OpenSSL

OpenSSL version 1.1.1 includes support for TLSv1.3 – the easiest way is to check s_client options of your openssl binary, if the -tls1_3 option is there, you are good to go and can test if it works ok with Cloudflare, as shown below:

$ openssl s_client -tls1_3 -connect www.cloudflare.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert ECC Extended Validation Server CA

---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
--- 

Looking good, however we still need to somehow check which ciphers are supported. Luckily for us, the TLSv1.3 RFC supports only 5 cipher suites that you can see below:

+------------------------------+-------------+
| Description                  | Value       |
+------------------------------+-------------+
| TLS_AES_128_GCM_SHA256       | {0x13,0x01} |
| TLS_AES_256_GCM_SHA384       | {0x13,0x02} |
| TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} |
| TLS_AES_128_CCM_SHA256       | {0x13,0x04} |
| TLS_AES_128_CCM_8_SHA256     | {0x13,0x05} |
+------------------------------+-------------+    

As you can see above, these are all strong ciphers, but our job should be still to check which ones are supported. We can do that with a little bit of scripting and by using the openssl binary, this time with the -ciphersuites option that allows us to define that cipher suite(s) which will be used for connection. Those of you using openssl already probably noticed that this option is different from the commonly used one, -cipher. The -ciphersuites option must be used with TLSv1.3, while -cipher can be used with any other SSL/TLS protocol.

Here is our script:

$ for cipher in TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 ; do openssl s_client -tls1_3 -ciphersuites $cipher -connect www.cloudflare.com:443 < /dev/null > /dev/null 2>&1 && echo "$cipher" ; done

This script will loop through all 5 supported TLSv1.3 ciphersuites and will try to connect to the target server (I’m using Cloudflare for testing here). If the connection was successfully established, the first command (openssl) will result in true and the echo will print the cipher that worked. These are results from Cloudflare:

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

2)    Testssl.sh

Our other option is to use the amazing testssl.sh script that I already wrote about before as well. You will need the very latest version of testssl.sh for TLSv1.3 support, so the best way to get it is to clone the repository from git:

$ git clone --depth 1 https://github.com/drwetter/testssl.sh.git

Once you’ve done that, you can test supported ciphers per protocol with the -E option, as shown in the figure below:

Time to go test support for TLSv1.3!

--
Bojan
@bojanz
INFIGO IS

1 comment(s)
ISC Stormcast For Tuesday, October 22nd 2019 https://isc.sans.edu/podcastdetail.html?id=6718

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives