diff options
| author | Remy <relst@relst.nl> | 2015-04-12 10:19:48 +0200 |
|---|---|---|
| committer | Remy <relst@relst.nl> | 2015-04-12 10:19:48 +0200 |
| commit | 225ba54913c49cfeca7e3afa7d2e9af128a344a7 (patch) | |
| tree | f53c51fed31c3e09eae61330a83271fd00ce1f95 /functions | |
| parent | ced7bdc15c7086cc47452478e6d94429833d30b7 (diff) | |
| download | ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.zip ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.tar.gz ssl-decoder-225ba54913c49cfeca7e3afa7d2e9af128a344a7.tar.bz2 | |
Add SSLv2 check
Diffstat (limited to 'functions')
| -rw-r--r-- | functions/connection.php | 27 | ||||
| -rw-r--r-- | functions/variables.php | 4 |
2 files changed, 28 insertions, 3 deletions
diff --git a/functions/connection.php b/functions/connection.php index e9542f9..d6d1391 100644 --- a/functions/connection.php +++ b/functions/connection.php @@ -71,14 +71,30 @@ function ssl_conn_ciphersuites($host, $port, $ciphersuites){ return $results; } + +function test_sslv2($host, $port) { + $exitstatus = 0; + $output = 0; + exec('echo | timeout 2 openssl s_client -connect "' . escapeshellcmd($host) . ':' . escapeshellcmd($port) . '" -ssl2 2>&1 >/dev/null', $output, $exitstatus); + if ($exitstatus == 0) { + $result = true; + } else { + $result = false; + } + return $result; +} + function ssl_conn_protocols($host, $port){ $old_error_reporting = error_reporting(); error_reporting($old_error_reporting ^ E_WARNING); - $results = array('sslv3' => false, + $results = array('sslv2' => false, + 'sslv3' => false, 'tlsv1.0' => false, 'tlsv1.1' => false, 'tlsv1.2' => false); + $results['sslv2'] = test_sslv2($host, $port); + $stream_sslv3 = stream_context_create (array("ssl" => array("verify_peer" => false, "capture_session_meta" => true, @@ -216,6 +232,8 @@ function ssl_conn_metadata($data) { echo '<p><span class="glyphicon glyphicon-ok"></span> - TLSv1.0 (Supported)</p>'; } else if ( $key == "sslv3") { echo '<p><span class="text-danger glyphicon glyphicon-ok"></span> - <span class="text-danger">SSLv3 (Supported)</span></p>'; + } else if ( $key == "sslv2") { + echo '<p><span class="text-danger glyphicon glyphicon-ok"></span> - <span class="text-danger">SSLv2 (Supported)</span></p>'; } else { echo '<p><span class="glyphicon glyphicon-ok"></span> - <span>'.$key.' (Supported)</span></p>'; } @@ -228,6 +246,8 @@ function ssl_conn_metadata($data) { echo '<p><span class="glyphicon glyphicon-remove"></span> - TLSv1.0 (Not supported)</p>'; } else if ( $key == "sslv3") { echo '<p><span class="text-success glyphicon glyphicon-remove"></span> - <span class="text-success">SSLv3 (Not supported)</span></p>'; + } else if ( $key == "sslv2") { + echo '<p><span class="text-success glyphicon glyphicon-remove"></span> - <span class="text-success">SSLv2 (Not supported)</span></p>'; } else { echo '<p><span class="glyphicon glyphicon-remove"></span> - <span>'.$key.'(Not supported)</span></p>'; } @@ -451,7 +471,7 @@ function ssl_conn_metadata_json($host, $port, $read_stream, $chain_data=null) { if ($verify_exit_code != 1) { $result["validation"]["status"] = "failed"; $result["validation"]["error"] = "Error: Validating certificate chain failed: " . str_replace('/tmp/verify_cert.' . $random_blurp . '.pem: ', '', implode("\n", $verify_output)); - $result["warning"][] = "Error: Validating certificate chain failed. Probably non-trusted root/self signed certificate, or the chain order is wrong."; + $result["warning"][] = "Validating certificate chain failed. Probably non-trusted root/self signed certificate, or the chain order is wrong."; } else { $result["validation"]["status"] = "success"; } @@ -468,6 +488,9 @@ function ssl_conn_metadata_json($host, $port, $read_stream, $chain_data=null) { $result["protocols"] = array_reverse(ssl_conn_protocols($host, $port)); foreach ($result["protocols"] as $key => $value) { if ( $value == true ) { + if ( $key == "sslv2") { + $result["warning"][] = 'SSLv2 supported. Please disable ASAP and upgrade to a newer protocol like TLSv1.2.'; + } if ( $key == "sslv3") { $result["warning"][] = 'SSLv3 supported. Please disable and upgrade to a newer protocol like TLSv1.2.'; } diff --git a/functions/variables.php b/functions/variables.php index 1154bb4..c578bed 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -16,6 +16,8 @@ date_default_timezone_set('UTC'); +$version = 2.2; + $random_blurp = rand(1000,99999); # 2014-11-10 (nov) from wikipedia @@ -44,4 +46,4 @@ function parse_hostname($u_hostname){ return $result; } -?>
\ No newline at end of file +?> |