[gnutls-devel] GnuTLS | gnutls_cli_debug / test_ssl3 don't detect some old SSLv3 servers (#958)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Mar 23 02:56:32 CET 2020

Daniel Lenski created an issue: https://gitlab.com/gnutls/gnutls/-/issues/958

I have access to a very old Cisco VPN server. (Some of the front-end HTTP suggests that it was last updated in 2007.) It's definitely insecure, but I'm just an end-user and can't do much about it:

Recent versions of `gnutls-cli-debug` report that it doesn't support SSL 3.0. With latest version from `master` (7fa4d8efcaecac06ebd38f3a4aa392ab76c721e4):

$ src/gnutls-cli-debug vpn.company.com
GnuTLS debug client 3.6.12
Checking vpn.company.com:443
whether the server accepts default record size (512 bytes)... no
                  whether %ALLOW_SMALL_RECORDS is required... no
                             for SSL 3.0 (RFC6101) support... no
                        whether we need to disable TLS 1.2... yes
                        whether we need to disable TLS 1.1... yes
                        whether we need to disable TLS 1.0... yes
                        whether %NO_EXTENSIONS is required... yes
                               whether %COMPAT is required... yes
                             for TLS 1.0 (RFC2246) support... no
 for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no
                             for TLS 1.1 (RFC4346) support... no
                                  fallback from TLS 1.1 to... failed
                             for TLS 1.2 (RFC5246) support... no
                             for TLS 1.3 (RFC8446) support... no
                    for known TLS or SSL protocols support... no

However, this isn't actually true. It *does* support SSL 3.0 (and _only_ SSL 3.0), but only with extensions disabled:

$ src/gnutls-cli --insecure --priority 'NORMAL:-VERS-ALL:+VERS-SSL3.0:%NO_EXTENSIONS' vpn.company.com
*** PKI verification of server certificate failed...
- Description: (SSL3.0-X.509)-(RSA)-(3DES-CBC)-(SHA1)
- Session ID: ...
- Options:
- Handshake was completed

The output of `gnutls-cli` seems a bit misleading to me: `Checking [hostname] for SSL 3.0 (RFC6101) support... no`.

As far as I can tell, SSL 3.0 as described in [RFC6101](https://tools.ietf.org/html/rfc6101) _does not_ require any support for TLS extensions.

I realize that this server is using ~25 year old insecure technology, but I know that there are plenty of similar examples out there, and `gnutls-cli-debug` is a very useful for figuring out how to connect to a buggy/ancient server. (I had to turn to [testssl.sh](https://github.com/drwetter/testssl.sh) instead.)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/958
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200323/f4441f38/attachment.html>

More information about the Gnutls-devel mailing list