diff options
| author | Remy <relst@relst.nl> | 2015-04-12 10:19:48 +0200 |
|---|---|---|
| committer | Remy <relst@relst.nl> | 2015-04-12 10:19:48 +0200 |
| commit | 225ba54913c49cfeca7e3afa7d2e9af128a344a7 (patch) | |
| tree | f53c51fed31c3e09eae61330a83271fd00ce1f95 | |
| parent | ced7bdc15c7086cc47452478e6d94429833d30b7 (diff) | |
| download | ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.zip ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.tar.gz ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.tar.bz2 | |
Add SSLv2 check
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | functions/connection.php | 27 | ||||
| -rw-r--r-- | functions/variables.php | 4 | ||||
| -rw-r--r-- | inc/footer.php | 4 | ||||
| -rw-r--r-- | json.php | 1 |
5 files changed, 35 insertions, 5 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 20bc282..3636d51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2 + +- Add SSLv2 test + ## 2.1 - Add json API endpoint (see README). diff --git a/functions/connection.php b/functions/connection.php index e9542f9..d6d1391 100644 --- a/functions/connection.php +++ b/functions/connection.php @@ -71,14 +71,30 @@ function ssl_conn_ciphersuites($host, $port, $ciphersuites){ return $results; } + +function test_sslv2($host, $port) { + $exitstatus = 0; + $output = 0; + exec('echo | timeout 2 openssl s_client -connect "' . escapeshellcmd($host) . ':' . escapeshellcmd($port) . '" -ssl2 2>&1 >/dev/null', $output, $exitstatus); + if ($exitstatus == 0) { + $result = true; + } else { + $result = false; + } + return $result; +} + function ssl_conn_protocols($host, $port){ $old_error_reporting = error_reporting(); error_reporting($old_error_reporting ^ E_WARNING); - $results = array('sslv3' => false, + $results = array('sslv2' => false, + 'sslv3' => false, 'tlsv1.0' => false, 'tlsv1.1' => false, 'tlsv1.2' => false); + $results['sslv2'] = test_sslv2($host, $port); + $stream_sslv3 = stream_context_create (array("ssl" => array("verify_peer" => false, "capture_session_meta" => true, @@ -216,6 +232,8 @@ function ssl_conn_metadata($data) { echo '<p><span class="glyphicon glyphicon-ok"></span> - TLSv1.0 (Supported)</p>'; } else if ( $key == "sslv3") { echo '<p><span class="text-danger glyphicon glyphicon-ok"></span> - <span class="text-danger">SSLv3 (Supported)</span></p>'; + } else if ( $key == "sslv2") { + echo '<p><span class="text-danger glyphicon glyphicon-ok"></span> - <span class="text-danger">SSLv2 (Supported)</span></p>'; } else { echo '<p><span class="glyphicon glyphicon-ok"></span> - <span>'.$key.' (Supported)</span></p>'; } @@ -228,6 +246,8 @@ function ssl_conn_metadata($data) { echo '<p><span class="glyphicon glyphicon-remove"></span> - TLSv1.0 (Not supported)</p>'; } else if ( $key == "sslv3") { echo '<p><span class="text-success glyphicon glyphicon-remove"></span> - <span class="text-success">SSLv3 (Not supported)</span></p>'; + } else if ( $key == "sslv2") { + echo '<p><span class="text-success glyphicon glyphicon-remove"></span> - <span class="text-success">SSLv2 (Not supported)</span></p>'; } else { echo '<p><span class="glyphicon glyphicon-remove"></span> - <span>'.$key.'(Not supported)</span></p>'; } @@ -451,7 +471,7 @@ function ssl_conn_metadata_json($host, $port, $read_stream, $chain_data=null) { if ($verify_exit_code != 1) { $result["validation"]["status"] = "failed"; $result["validation"]["error"] = "Error: Validating certificate chain failed: " . str_replace('/tmp/verify_cert.' . $random_blurp . '.pem: ', '', implode("\n", $verify_output)); - $result["warning"][] = "Error: Validating certificate chain failed. Probably non-trusted root/self signed certificate, or the chain order is wrong."; + $result["warning"][] = "Validating certificate chain failed. Probably non-trusted root/self signed certificate, or the chain order is wrong."; } else { $result["validation"]["status"] = "success"; } @@ -468,6 +488,9 @@ function ssl_conn_metadata_json($host, $port, $read_stream, $chain_data=null) { $result["protocols"] = array_reverse(ssl_conn_protocols($host, $port)); foreach ($result["protocols"] as $key => $value) { if ( $value == true ) { + if ( $key == "sslv2") { + $result["warning"][] = 'SSLv2 supported. Please disable ASAP and upgrade to a newer protocol like TLSv1.2.'; + } if ( $key == "sslv3") { $result["warning"][] = 'SSLv3 supported. Please disable and upgrade to a newer protocol like TLSv1.2.'; } diff --git a/functions/variables.php b/functions/variables.php index 1154bb4..c578bed 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -16,6 +16,8 @@ date_default_timezone_set('UTC'); +$version = 2.2; + $random_blurp = rand(1000,99999); # 2014-11-10 (nov) from wikipedia @@ -44,4 +46,4 @@ function parse_hostname($u_hostname){ return $result; } -?>
\ No newline at end of file +?> diff --git a/inc/footer.php b/inc/footer.php index 410777d..6f168f5 100644 --- a/inc/footer.php +++ b/inc/footer.php @@ -3,7 +3,7 @@ if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUE ?> <div class="footer"> <div class="col-md-6 col-md-offset-1 container"> - <p class="text-muted">By <a href="https://raymii.org/s/software/OpenSSL_Decoder.html">Remy van Elst</a>. License: GNU AGPLv3. <a href="https://github.com/RaymiiOrg/ssl-decoder">Source code</a>. <a href="https://github.com/RaymiiOrg/ssl-decoder#json-api">JSON API</a>. <strong><a href="https://cipherli.st/">Strong SSL Ciphers & Config settings @ Cipherli.st</a></strong>. Version: 2.1</p> + <p class="text-muted">By <a href="https://raymii.org/s/software/OpenSSL_Decoder.html">Remy van Elst</a>. License: GNU AGPLv3. <a href="https://github.com/RaymiiOrg/ssl-decoder">Source code</a>. <a href="https://github.com/RaymiiOrg/ssl-decoder#json-api">JSON API</a>. <strong><a href="https://cipherli.st/">Strong SSL Ciphers & Config settings @ Cipherli.st</a></strong>. Version: <?php echo $version; ?></p> </div> </div> </div> @@ -72,4 +72,4 @@ if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUE </script> </body> - </html>
\ No newline at end of file + </html> @@ -34,6 +34,7 @@ if ( isset($_GET['host']) && !empty($_GET['host'])) { $data["error"] = ["Host is required"]; } +$data['version'] = $version; $data = utf8encodeNestedArray($data); if(isset($data["data"]["error"])) { |