"Not a valid TlsHandshakeTypeByte" when running --heartbleed

[wondex]

Describe the bug

Traceback (most recent call last):
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/scanner.py", line 264, in get_results
    result = implementation_cls.result_for_completed_scan_jobs(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 77, in result_for_completed_scan_jobs
    return HeartbleedScanResult(is_vulnerable_to_heartbleed=completed_scan_jobs[0].result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 432, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 388, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 98, in _test_heartbleed
    ssl_connection.connect()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
    self.ssl_client.do_handshake()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 157, in _do_handshake_with_heartbleed
    tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/parser.py", line 17, in parse_bytes
    return TlsHandshakeRecord.from_bytes(raw_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 82, in from_bytes
    message, len_consumed_for_message = TlsHandshakeMessage.from_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 43, in from_bytes
    handshake_type = TlsHandshakeTypeByte(struct.unpack('B', raw_bytes[0:1])[0])
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 315, in __call__
    return cls.__new__(cls, value)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 617, in __new__
    raise ve_exc
ValueError: 204 is not a valid TlsHandshakeTypeByte

or

ValueError: 92 is not a valid TlsHandshakeTypeByte

To Reproduce
Install SSLyze using: pip
Run the following command: /opt/rh/rh-python38/root/usr/bin/python3.8 -m sslyze --regular

Expected behavior
Successful scan

Python environment (please complete the following information):
OS: Red Hat Enterprise Linux Server release 7.9 (Maipo)
Python version: 3.8
SSLyzeL: 4.0.2

[nabla-c0d3]

@wondex Could you send me the server that triggered this issue? Otherwise I won't be able to fix it. Thanks!

[wondex]

Hi Alban,

This is related to a Red Hat product, is there any debug option to send you the actual TlsHandshakeTypeByte value?

[nabla-c0d3]

Can you show the results of a full scan against this server?

[wondex]

This is the full scan report (alterted the host information):

CHECKING HOST(S) AVAILABILITY

:443 => WARNING: Server requested optional client authentication

SCAN RESULTS FOR :443 -

• TLS 1.2 Session Resumption Support:
  With Session IDs: OK - Supported (5 successful resumptions out of 5 attempts).
  With TLS Tickets: OK - Supported.

• Session Renegotiation:
  Client Renegotiation DoS Attack: OK - Not vulnerable
  Secure Renegotiation: OK - Supported

• Deflate Compression:
  OK - Compression disabled

• TLS 1.0 Cipher Suites:
  Attempted to connect using 80 cipher suites.

  The server accepted the following 6 cipher suites:
  TLS_RSA_WITH_AES_256_CBC_SHA 256
  TLS_RSA_WITH_AES_128_CBC_SHA 128
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (2048 bits)

  The group of cipher suites supported by the server has the following properties:
  Forward Secrecy OK - Supported
  Legacy RC4 Algorithm OK - Not Supported

• TLS 1.1 Cipher Suites:
  Attempted to connect using 80 cipher suites.

  The server accepted the following 6 cipher suites:
  TLS_RSA_WITH_AES_256_CBC_SHA 256
  TLS_RSA_WITH_AES_128_CBC_SHA 128
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (2048 bits)

  The group of cipher suites supported by the server has the following properties:
  Forward Secrecy OK - Supported
  Legacy RC4 Algorithm OK - Not Supported

• SSL 3.0 Cipher Suites:
  Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

• Certificates Information:
  Hostname sent for SNI:
  Number of certificates detected: 1

  Certificate #0 ( _RSAPublicKey )
  SHA1 Fingerprint: 2dd695ee475b86546b0b2e22af16b2589901d562
  Common Name:
  Issuer:
  _{Serial Number: 5721029571254994925
  Not Before: 2020-03-04
  Not After: 2021-03-04
  Public Key Algorithm: _RSAPublicKey
  Signature Algorithm: sha256
  Key Size: 2048
  Exponent: 65537
  DNS Subject Alternative Names: ['', '']}

  Certificate #0 - Trust
  Hostname Validation: OK - Certificate matches server hostname
  Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
  Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
  Java CA Store (jdk-13.0.2): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
  Mozilla CA Store (2021-01-24): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
  Windows CA Store (2021-02-08): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
  Symantec 2018 Deprecation: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain: -->
  Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain Order: FAILED - Certificate chain out of order!
  Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)

  Certificate #0 - Extensions
  OCSP Must-Staple: NOT SUPPORTED - Extension not found
  Certificate Transparency: NOT SUPPORTED - Extension not found

  Certificate #0 - OCSP Stapling
  NOT SUPPORTED - Server did not send back an OCSP response

• Downgrade Attacks:
  TLS_FALLBACK_SCSV: OK - Supported

• SSL 2.0 Cipher Suites:
  Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

• TLS 1.3 Cipher Suites:
  Attempted to connect using 5 cipher suites; the server rejected all cipher suites.

• TLS 1.2 Cipher Suites:
  Attempted to connect using 156 cipher suites.

  The server accepted the following 18 cipher suites:
  TLS_RSA_WITH_AES_256_GCM_SHA384 256
  TLS_RSA_WITH_AES_256_CBC_SHA256 256
  TLS_RSA_WITH_AES_256_CBC_SHA 256
  TLS_RSA_WITH_AES_128_GCM_SHA256 128
  TLS_RSA_WITH_AES_128_CBC_SHA256 128
  TLS_RSA_WITH_AES_128_CBC_SHA 128
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 DH (2048 bits)
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (2048 bits)

  The group of cipher suites supported by the server has the following properties:
  Forward Secrecy OK - Supported
  Legacy RC4 Algorithm OK - Not Supported

• Elliptic Curve Key Exchange:
  Supported curves: prime256v1, secp256k1, secp384r1, secp521r1
  Rejected curves: X25519, X448, prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1

• Error when running --openssl_ccs:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * Server: <internal host>:443 - <internal ip>
  * Scan command: openssl_ccs_injection
  
  Traceback (most recent call last):
    File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/scanner.py", line 264, in get_results
  

  result = implementation_cls.result_for_completed_scan_jobs(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/openssl_ccs_injection_plugin.py", line 78, in result_for_completed_scan_jobs
  return OpenSslCcsInjectionScanResult(is_vulnerable_to_ccs_injection=completed_scan_jobs[0].result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 432, in result
  return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 388, in __get_result
  raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
  result = self.fn(*self.args, **self.kwargs)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/openssl_ccs_injection_plugin.py", line 99, in _test_for_ccs_injection
  ssl_connection.connect()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
  self.ssl_client.do_handshake()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/openssl_ccs_injection_plugin.py", line 145, in _do_handshake_with_ccs_injection
  tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/parser.py", line 17, in parse_bytes
  return TlsHandshakeRecord.from_bytes(raw_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 82, in from_bytes
  message, len_consumed_for_message = TlsHandshakeMessage.from_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 43, in from_bytes
  handshake_type = TlsHandshakeTypeByte(struct.unpack('B', raw_bytes[0:1])[0])
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 315, in call
  return cls.new(cls, value)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 617, in new
  raise ve_exc
  ValueError: 92 is not a valid TlsHandshakeTypeByte

• Error when running --heartbleed:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * Server: <internal host>:443 - <internal ip>
  * Scan command: heartbleed
  
  Traceback (most recent call last):
    File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/scanner.py", line 264, in get_results
  

  result = implementation_cls.result_for_completed_scan_jobs(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 77, in result_for_completed_scan_jobs
  return HeartbleedScanResult(is_vulnerable_to_heartbleed=completed_scan_jobs[0].result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 432, in result
  return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 388, in __get_result
  raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
  result = self.fn(*self.args, **self.kwargs)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 98, in _test_heartbleed
  ssl_connection.connect()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
  self.ssl_client.do_handshake()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/heartbleed_plugin.py", line 157, in _do_handshake_with_heartbleed
  tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/parser.py", line 17, in parse_bytes
  return TlsHandshakeRecord.from_bytes(raw_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 82, in from_bytes
  message, len_consumed_for_message = TlsHandshakeMessage.from_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 43, in from_bytes
  handshake_type = TlsHandshakeTypeByte(struct.unpack('B', raw_bytes[0:1])[0])
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 315, in call
  return cls.new(cls, value)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 617, in new
  raise ve_exc
  ValueError: 92 is not a valid TlsHandshakeTypeByte

• Error when running --robot:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * Server: <internal host>:443 - <internal ip>
  * Scan command: robot
  
  Traceback (most recent call last):
    File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/scanner.py", line 264, in get_results
  

  result = implementation_cls.result_for_completed_scan_jobs(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/robot/implementation.py", line 92, in result_for_completed_scan_jobs
  server_responses_per_robot_payloads = future.result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 432, in result
  return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 388, in __get_result
  raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
  result = self.fn(*self.args, **self.kwargs)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/robot/_robot_tester.py", line 183, in test_robot
  server_responses_per_robot_payloads = _run_oracle_detection(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/robot/_robot_tester.py", line 214, in _run_oracle_detection
  server_response = _send_robot_payload(
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/robot/_robot_tester.py", line 306, in _send_robot_payload
  ssl_connection.connect()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
  self.ssl_client.do_handshake()
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/sslyze/plugins/robot/_robot_tester.py", line 356, in do_handshake_with_robot
  tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/parser.py", line 17, in parse_bytes
  return TlsHandshakeRecord.from_bytes(raw_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 82, in from_bytes
  message, len_consumed_for_message = TlsHandshakeMessage.from_bytes(remaining_bytes)
  File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/tls_parser/handshake_protocol.py", line 43, in from_bytes
  handshake_type = TlsHandshakeTypeByte(struct.unpack('B', raw_bytes[0:1])[0])
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 315, in call
  return cls.new(cls, value)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 617, in new
  raise ve_exc
  ValueError: 92 is not a valid TlsHandshakeTypeByte

[wondex]

@nabla-c0d3 is the information enough? because the label "need more info" is still attached? Thanks for maintaining sslyze it's a great tool ;-)

[nabla-c0d3]

@wondex To be honest I might need a live server that I can connect to, in order to be able to debug this; it looks like the server doesn't "speak" TLS. Any idea on how I could access a server that behaves like this?

[B-SPANO]

Seems enough close to not open another issue.
Same Error: Not a valid TlsHandshakeTypeByte when running Robot on badssl domain.

• Error when running --robot:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * SSLyze version: 5.0.2
  * Server: 1000-sans.badssl.com:443 - 104.154.89.105
  * Scan command: robot
  
  Traceback (most recent call last):
    File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/scanner/_mass_scanner.py", line 271, in _generate_result_for_completed_server_scan
  

  scan_job_results=scan_job_results_for_plugin,
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/robot/implementation.py", line 103, in result_for_completed_scan_jobs
  server_responses_per_robot_payloads = future.get_result()
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/plugin_base.py", line 62, in get_result
  raise self._exception
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/scanner/_jobs_worker_thread.py", line 50, in run
  return_value = job_to_complete.function_to_call(*job_to_complete.function_arguments)
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/robot/_robot_tester.py", line 191, in test_robot
  server_info, tls_version_to_use, cipher_string, rsa_modulus, rsa_exponent, robot_should_complete_handshake
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/robot/_robot_tester.py", line 228, in _run_oracle_detection
  rsa_exponent,
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/robot/_robot_tester.py", line 313, in _send_robot_payload
  ssl_connection.connect()
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/connection_helpers/tls_connection.py", line 292, in connect
  self.ssl_client.do_handshake()
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/sslyze/plugins/robot/_robot_tester.py", line 363, in do_handshake_with_robot
  tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/tls_parser/parser.py", line 15, in parse_bytes
  return TlsHandshakeRecord.from_bytes(raw_bytes)
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/tls_parser/handshake_protocol.py", line 75, in from_bytes
  message, len_consumed_for_message = TlsHandshakeMessage.from_bytes(remaining_bytes)
  File "/home/brice/Workspace/SSLChecker/venv/lib/python3.7/site-packages/tls_parser/handshake_protocol.py", line 47, in from_bytes
  handshake_type = TlsHandshakeTypeByte(struct.unpack("B", raw_bytes[0:1])[0])
  File "/usr/lib/python3.7/enum.py", line 310, in call
  return cls.new(cls, value)
  File "/usr/lib/python3.7/enum.py", line 564, in new
  raise exc
  File "/usr/lib/python3.7/enum.py", line 548, in new
  result = cls.missing(value)
  File "/usr/lib/python3.7/enum.py", line 577, in missing
  raise ValueError("%r is not a valid %s" % (value, cls.name))
  ValueError: 28 is not a valid TlsHandshakeTypeByte

Hope that can help you :)
Thanks for the Tools.