<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777;">

<a href="https://gitlab.com/dlenski">Daniel Lenski</a> created an issue:

</p>

<div></div>

<p dir="auto">I have access to a very old Cisco VPN server. (Some of the front-end HTTP suggests that it was last updated in 2007.) It's definitely insecure, but I'm just an end-user and can't do much about it:</p>

<p dir="auto">Recent versions of <code>gnutls-cli-debug</code> report that it doesn't support SSL 3.0. With latest version from <code>master</code> (<a href="https://gitlab.com/gnutls/gnutls/-/commit/7fa4d8efcaecac06ebd38f3a4aa392ab76c721e4" data-original="7fa4d8efcaecac06ebd38f3a4aa392ab76c721e4" data-link="false" data-link-reference="false" data-project="179611" data-commit="7fa4d8efcaecac06ebd38f3a4aa392ab76c721e4" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="Merge branch 'tmp-fuzz-readme' into 'master'" class="gfm gfm-commit has-tooltip">7fa4d8ef</a>):</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ src/gnutls-cli-debug vpn.company.com</span>

<span id="LC2" class="line" lang="plaintext">GnuTLS debug client 3.6.12</span>

<span id="LC3" class="line" lang="plaintext">Checking vpn.company.com:443</span>

<span id="LC4" class="line" lang="plaintext">whether the server accepts default record size (512 bytes)... no</span>

<span id="LC5" class="line" lang="plaintext">                  whether %ALLOW_SMALL_RECORDS is required... no</span>

<span id="LC6" class="line" lang="plaintext">                             for SSL 3.0 (RFC6101) support... no</span>

<span id="LC7" class="line" lang="plaintext">                        whether we need to disable TLS 1.2... yes</span>

<span id="LC8" class="line" lang="plaintext">                        whether we need to disable TLS 1.1... yes</span>

<span id="LC9" class="line" lang="plaintext">                        whether we need to disable TLS 1.0... yes</span>

<span id="LC10" class="line" lang="plaintext">                        whether %NO_EXTENSIONS is required... yes</span>

<span id="LC11" class="line" lang="plaintext">                               whether %COMPAT is required... yes</span>

<span id="LC12" class="line" lang="plaintext">                             for TLS 1.0 (RFC2246) support... no</span>

<span id="LC13" class="line" lang="plaintext"> for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no</span>

<span id="LC14" class="line" lang="plaintext">                             for TLS 1.1 (RFC4346) support... no</span>

<span id="LC15" class="line" lang="plaintext">                                  fallback from TLS 1.1 to... failed</span>

<span id="LC16" class="line" lang="plaintext">                             for TLS 1.2 (RFC5246) support... no</span>

<span id="LC17" class="line" lang="plaintext">                             for TLS 1.3 (RFC8446) support... no</span>

<span id="LC18" class="line" lang="plaintext">                    for known TLS or SSL protocols support... no</span></code></pre>

<p dir="auto">However, this isn't actually true. It <em>does</em> support SSL 3.0 (and <em>only</em> SSL 3.0), but only with extensions disabled:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ src/gnutls-cli --insecure --priority 'NORMAL:-VERS-ALL:+VERS-SSL3.0:%NO_EXTENSIONS' vpn.company.com</span>

<span id="LC2" class="line" lang="plaintext">...</span>

<span id="LC3" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>

<span id="LC4" class="line" lang="plaintext">- Description: (SSL3.0-X.509)-(RSA)-(3DES-CBC)-(SHA1)</span>

<span id="LC5" class="line" lang="plaintext">- Session ID: ...</span>

<span id="LC6" class="line" lang="plaintext">- Options:</span>

<span id="LC7" class="line" lang="plaintext">- Handshake was completed</span>

<span id="LC8" class="line" lang="plaintext">...</span></code></pre>

<p dir="auto">The output of <code>gnutls-cli</code> seems a bit misleading to me: <code>Checking [hostname] for SSL 3.0 (RFC6101) support... no</code>.</p>

<p dir="auto">As far as I can tell, SSL 3.0 as described in <a href="https://tools.ietf.org/html/rfc6101" rel="nofollow noreferrer noopener" target="_blank">RFC6101</a> <em>does not</em> require any support for TLS extensions.</p>

<p dir="auto">I realize that this server is using ~25 year old insecure technology, but I know that there are plenty of similar examples out there, and <code>gnutls-cli-debug</code> is a very useful for figuring out how to connect to a buggy/ancient server. (I had to turn to <a href="https://github.com/drwetter/testssl.sh" rel="nofollow noreferrer noopener" target="_blank">testssl.sh</a> instead.)</p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/958">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/0aadb43530dc74f7676da504ca47255b/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/958"}}</script>

</p>

</div>

</body>

</html>