Sluggish execution for --server-defaults

[l4rm4nd]

Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch
I am running version commit 27c77071ebd03ce88c2605b6f42768ff1d55b4bf and testssl.sh 3.2rc2

Command line / docker command to reproduce

testssl.sh -S https://leibniz-gwzo.de/de

Expected behavior
Testss.sh returns the results in a reasonable amount of time.

Actual behavior
Testssl.sh runs almost infinitely long. Takes multiple minutes. Does not occur for other target urls.

Your system (please complete the following information):

• OS: Kali GNU/Linux Rolling
• Platform: Linux 5.19.0-kali2-amd64 x86_64
• OpenSSL: testssl.sh/bin/openssl.Linux.x86_64 (OpenSSL 1.0.2-bad (1.0.2k-dev))

[dcooper16]

Hello @l4rm4nd,

The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite.

When running --server-defaults testssl.sh needs to decrypt TLS 1.3 responses, since the certificate sent by the server is encrypted in TLS 1.3. Since the OpenSSL 1.0.2 command line does not support ChaCha20, and also since OpenSSL 1.0.2 does not support TLS 1.3, testssl.sh needs to perform the ChaCha20 decryption using code written in Bash, which is painfully slow.

A simple solution is to use the --openssl= option to specify a different OpenSSL binary that is version 1.1.1 or newer. By doing so, testssl.sh can make use of OpenSSL's TLS 1.3 implementation for some things and OpenSSL's ChaCha20 decryption for others.

Running --server-defaults on leibniz-gwzo.de using OpenSSL 1.0.2 took 1014 seconds. Using OpenSSL 1.1.1 or 3.0.2 it took 51 seconds.

[l4rm4nd]

Hello @l4rm4nd,

The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite.

When running --server-defaults testssl.sh needs to decrypt TLS 1.3 responses, since the certificate sent by the server is encrypted in TLS 1.3. Since the OpenSSL 1.0.2 command line does not support ChaCha20, and also since OpenSSL 1.0.2 does not support TLS 1.3, testssl.sh needs to perform the ChaCha20 decryption using code written in Bash, which is painfully slow.

A simple solution is to use the --openssl= option to specify a different OpenSSL binary that is version 1.1.1 or newer. By doing so, testssl.sh can make use of OpenSSL's TLS 1.3 implementation for some things and OpenSSL's ChaCha20 decryption for others.

Running --server-defaults on leibniz-gwzo.de using OpenSSL 1.0.2 took 1014 seconds. Using OpenSSL 1.1.1 or 3.0.2 it took 51 seconds.

Thanks for the quick reply.

I can confirm that the following command, using OpenSSL 3.0.9, is much faster and fixes the issue:

testssl.sh --openssl=/usr/bin/openssl -S https://leibniz-gwzo.de/de

[l4rm4nd]

Hey @dcooper16,

when I use OpenSSL specifically, the RC4 ciphers checks will not work, as those are not enabled for OpenSSL anymore in newer versions. I assume I would have to build OpenSSL manually and enable those in order to test for RC4 with testssl.sh.

Any other ideas, how RC4 may be scanned without building OpenSSL from source?

Thanks in advance!

[dcooper16]

Hello @l4rm4nd,

Can you point to a server for which the RC4 checks are not working? The RC4 checks should work even if the OpenSSL you are using does not support RC4, unless you are using the --ssl-native option.

[l4rm4nd]

Hi @dcooper16,

basically the same host:

testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de

In my case, this leads to the following warning:

 RC4 (CVE-2013-2566, CVE-2015-2808)        Local problem: No RC4 Ciphers configured in /opt/tools/ssl/testssl.sh/openssl-3.1.2/apps/openssl

$ /usr/bin/openssl version

OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

[l4rm4nd]

Hi @dcooper16,

basically the same host:

testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de

In my case, this leads to the following warning:

 RC4 (CVE-2013-2566, CVE-2015-2808)        Local problem: No RC4 Ciphers configured in /opt/tools/ssl/testssl.sh/openssl-3.1.2/apps/openssl

$ /usr/bin/openssl version

OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

Ok, removing the --fast CLI parameter works and RC4 is audited.

[drwetter]

Reopening as I believe we can do better, at least for the TLS 1.3 -part, like: if there's a situation we need TLS 1.3 and the supplied binary doesn't support it, check for /usr/bin/openssl.

I created the PR #2384 which can be used as a basis. If anyboady wants to step in (@dcooper16 ?) that would be much appreciated.