Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Versions and Ciphers enumeration support #20

Closed
ehsandeep opened this issue Jun 17, 2022 · 4 comments · Fixed by #69 or #75
Closed

TLS Versions and Ciphers enumeration support #20

ehsandeep opened this issue Jun 17, 2022 · 4 comments · Fixed by #69 or #75
Assignees
@Mzack9999
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@ehsandeep
Copy link
Member

Flag description:

   -ve -version-enum	enumerate and display supported tls versions (false)
   -ce -cipher-enum	enumerate and display supported cipher (false)

CLI Output:

echo tls-v1-0.badssl.com | tlsx -port 1010 -ve 

tls-v1-0.badssl.com:1010 [TLS1.0,TLS1.1,TLS1.2]

JSON Output:

{
   "version-enum":[
      "TLS1.0",
      "TLS1.1",
      "TLS1.2"
   ],
   "cipher-enum": [
      "ECDHE-RSA-AES256-GCM-SHA384",
      "ECDHE-RSA-AES256-SHA384",
      "ECDHE-RSA-AES256-SHA",
      "DHE-RSA-AES256-GCM-SHA384",
      "DHE-RSA-AES256-SHA256",
      "DHE-RSA-AES256-SHA",
      "DHE-RSA-CAMELLIA256-SHA",
      "AES256-GCM-SHA384",
      "AES256-SHA256",
      "AES256-SHA",
      "CAMELLIA256-SHA",
      "ECDHE-RSA-AES128-GCM-SHA256",
      "ECDHE-RSA-AES128-SHA256",
      "ECDHE-RSA-AES128-SHA",
      "DHE-RSA-AES128-GCM-SHA256",
      "DHE-RSA-AES128-SHA256",
      "DHE-RSA-AES128-SHA",
      "DHE-RSA-CAMELLIA128-SHA",
      "AES128-GCM-SHA256",
      "AES128-SHA256",
      "AES128-SHA",
      "CAMELLIA128-SHA",
      "ECDHE-RSA-DES-CBC3-SHA",
      "DES-CBC3-SHA"
    ]
}
@ehsandeep ehsandeep added Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Type: Enhancement Most issues will probably ask for additions or changes. labels Jun 17, 2022
@Mzack9999
Copy link
Member

Mzack9999 commented Jun 17, 2022
edited
Loading

Notes:

@ehsandeep
Copy link
Member Author

Note: TLS1.3 doesn't support ciphers customization and the selection is automatic (ref. golang/go#29349)

@Mzack9999 I could be wrong, but do you mean to post this on #16?

@Mzack9999
Copy link
Member

I think it's relevant also here, as in order to check which cipher are supported by the server we need to perform multiple connections offering only one cipher-suite at a time. In the exposed go tls struct, we know only which one was selected by the server

@dogasantos
Copy link

dogasantos commented Jul 21, 2022
edited
Loading

+1 on this.

note: testing with available go libraries require to loop through each hex code that represents the cipher and test via brute-force. However, it may give false negative as I was able to test, so you'll need to add an error handling process that account for that

note2: a to-do test for me, is to research if it is possible to keep the tls channel open and offer each cipher with a single negotiation phase (or less). This would speed up the enumeration and also reduce the number of sockets.

@ehsandeep ehsandeep mentioned this issue Aug 1, 2022
Open
@Mzack9999 Mzack9999 self-assigned this Aug 3, 2022
@Mzack9999 Mzack9999 added the Status: In Progress This issue is being worked on, and has someone assigned. label Aug 3, 2022
@Mzack9999 Mzack9999 mentioned this issue Aug 4, 2022
Merged
2 tasks
@Mzack9999 Mzack9999 linked a pull request Aug 4, 2022 that will close this issue
Adding initial support for tls version enum #69
Merged
2 tasks
@Mzack9999 Mzack9999 mentioned this issue Aug 8, 2022
Open
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Aug 8, 2022
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Aug 10, 2022
@ehsandeep ehsandeep linked a pull request Aug 22, 2022 that will close this issue
v0.0.6 Release #75
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
3 participants
@dogasantos @ehsandeep @Mzack9999