Nmap Development mailing list archives
Re: Proposed SSL version detection probe changes
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Tue, 10 Feb 2009 19:43:14 +0100
Brandon Enright wrote:
I'll send a longer reply later but my comment right now is that we need a way to stay backwards compatible with existing SSL match lines. A lot of them are not replaceable(sp?).Maybe add matching for "ssl2", "ssl3", "tls1" and leaving "ssl" as a legacy match for ssl23.
Brandon, I am looking forward to your longer reply. :)Nevertheless, based on this initial comment, I thought a bit more about ways to stay backward compatible, and actually there seems to be an rather straightforward solution for this.
In fact, it is not necessary to replace the existing SSL probe. It is able to reliably detect all SSL versions, apart from a SSLv2-only server. If we add the SSLv23 probe as a second SSL probe after the SSLv3 probe, we get even 100% coverage (see further for what I mean with that). I will call this the "SSLv3 solution" in the rest of the mail. We get the same coverage with the SSLv23 probe first, followed by the TLSv1 or SSLv3 probe; this is the solution proposed earlier, I will call this the "SSLv23 solution". However, for backwards compatibility reasons it seems better to keep the SSLv3 probe (the original probe) first, that is, the SSLv3 solution.
FYI, these are the servers I use for the "coverage testing":openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -accept 4400 & openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -ssl2 -accept 4401 & openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -no_ssl2 -accept 4402 & openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -tls1 -accept 4403 & openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -ssl3 -accept 4404 & openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem -key /usr/share/doc/libssl-dev/demos/sign/key.pem -tls1 -ssl3 -accept 4405 &
Both solutions proposed above are able to reliably identify a compatible version with all these servers; that's what I call "100% coverage" here. Note that both solutions will return slightly different results with the above servers:
SSLv3 solution: PORT STATE SERVICE VERSION 4400/tcp open sslv3 4401/tcp open sslv2 4402/tcp open sslv3 4403/tcp open tlsv1 4404/tcp open sslv3 4405/tcp open sslv3 SSLv23 solution: PORT STATE SERVICE VERSION 4400/tcp open tlsv1 4401/tcp open sslv2 4402/tcp open tlsv1 4403/tcp open tlsv1 4404/tcp open sslv3 4405/tcp open sslv3The reason for these different results, is that the SSLv23 solution will negotiate the highest possible version (up till TLSv1), while the SSLv3 solution can only go as high as SSLv3. However, I do not think we care about this difference. We are mainly interested in understanding what kind of SSL connection we can use to solicit more information in the next step. It is notable that the SSLv23 solution will uncover slightly more information in the TLSv1-only case, as it will not get a short Handshake alert, but a full TLSv1 ServerHello with a certificate that likely contains interesting information. This might be especially interesting for non-OpenSSL instances of Nmap, as this is all they will ever get. However, the SSLv3 solution can easily be extended with an additional TLSv1 probe to trigger this more extensive information as well. I did not implement this change though.
In short, going for this SSLv3 solution ensures backward compatibility, and improves SSL coverage (as compared to the current SSL probe).
Attached the new patch file, implementing this SSLv3 solution in nmap-service-probes.patch (again against the file coming with Nmap 4.76).
I made the following changes to make all the details working:1. Renamed SSLSessionReq probe to SSLv3SessionReq, to make clear that it is a SSLv3 probe. Added some comment to give more detail about this probe as well.
2. Commented out the match lines that are so generic that they actually simply match a general TLSv1 handshake alert or SSLv3 ServerHello. I labeled and commented these by replacing "match" by "#Too generic#match". Note that this was really necessary, otherwise the real generic version matches at the bottom (see 3.) would never be reached. Moreover, IMHO, these matches are too generic to correctly guess more than the SSL version anyway.
It are the following matches: $grep generic#match nmap-service-probes #Too generic#match ssl m|^\x16\x03\0\0J\x02\0\0F\x03\0| p/OpenSSL/#Too generic#match ssl m|^\x16\x03\0..\x02\0\0F\x03\0|s p/Microsoft IIS SSL/ o/Windows/
#Too generic#match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03\0|#Too generic#match ssl m|^\x15\x03\0\0\x02\x02\($| p/Nessus security scanner/ #Too generic#match ssl m|^\x16\x03\x01\0J\x02\0\0F\x03\x01| p/Nessus security scanner/
3. Added a generic TLSv1 (based on general handshake alert) and generic SSLv3 (based on SSLv3 ServerHello) match at the bottom; these are the matches that will give us the right SSL version (sslv3 or tlsv1) used for further probing, in case it did not find a more closer match in the lines above.
4. Added the SSLv23 probe below the SSLv3 probe. This will match any SSLv2-only servers, and label them "sslv2" for further processing.
Note that for now, I did not touch the old "ssl" matches (apart from the cleaning up in 2.). It is quite easy to spot whether they are detecting an sslv3 vs tlsv1 service as well, and thus can be labeled "sslv3" or "tlsv1" instead of "ssl". For now though, I did not make this change.
Cheers, Kristof
--- nmap-service-probes.orig 2009-02-09 18:21:09.000000000 +0100
+++ nmap-service-probes 2009-02-10 18:49:15.000000000 +0100
@@ -6048,7 +6048,8 @@
match webster m/^DICTIONARY server protocol:\r\n\r\nContact name is/ p/Webster dictionary server/
##############################NEXT PROBE##############################
-Probe TCP SSLSessionReq
q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
+#SSLv3 ClientHello probe. Will be able to reliably identify the SSL version used, unless the server is running SSLv2
only. Note that it will also detect TLSv1 servers, based on a fail handshake alert.
+Probe TCP SSLv3SessionReq
q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
rarity 3
ports 443,444,548,636,993,1241,1311,2000,4444,5550,7210,7272,8009,8194,9001
@@ -6067,24 +6068,24 @@
match maxdb m|^.Rejected bad connect packet\0$|s p/SAP MaxDB/
# OpenSSL/0.9.7aa
-match ssl m|^\x16\x03\0\0J\x02\0\0F\x03\0| p/OpenSSL/
+#Too generic#match ssl m|^\x16\x03\0\0J\x02\0\0F\x03\0| p/OpenSSL/
# Don't think these 2 are correct:
#match ssl m|^\x16\x03\0\x04#\x02\0\0F\x03\0| p/Apache Tomcat SSL/
#match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03\0| p/Apache mod_ssl/
# Microsoft-IIS/5.0 - note that OpenSSL must go above this one because this is more general
-match ssl m|^\x16\x03\0..\x02\0\0F\x03\0|s p/Microsoft IIS SSL/ o/Windows/
+#Too generic#match ssl m|^\x16\x03\0..\x02\0\0F\x03\0|s p/Microsoft IIS SSL/ o/Windows/
# Novell Netware 6 Enterprise Web server 5.1 https
# Novell Netware Ldap over SSL or enterprise web server 5.1 over SSL
match ssl m|^\x16\x03\0\0:\x02\0\x006\x03\0| p/Novell Netware SSL/ o/NetWare/
# Very generic:
-match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03\0|
+#Too generic#match ssl m|^\x16\x03\0\0\*\x02\0\0&\x03\0|
# Cisco IDS 4.1 Appliance
match ssl
m|^\x16\x03\0\0\*\x02\0\0&\x03\0\xd10:\xbd\\\x8e\xe3\x15\x1c\x0fZ\xe4\x04\x87\x07\xc0\x82\xa9\xd4\x0e\x9c1LXk\xd1\xd2\x0b\x1a\xc6/p\0\0\n\0\x16\x03\0\x026\x0b\0\x022\0|
p/Cisco IDS SSL/ d/firewall/
# These Nessus match lines might be problematic:
-match ssl m|^\x15\x03\0\0\x02\x02\($| p/Nessus security scanner/
-match ssl m|^\x16\x03\x01\0J\x02\0\0F\x03\x01| p/Nessus security scanner/
+#Too generic#match ssl m|^\x15\x03\0\0\x02\x02\($| p/Nessus security scanner/
+#Too generic#match ssl m|^\x16\x03\x01\0J\x02\0\0F\x03\x01| p/Nessus security scanner/
# PGP Corporation Keyserver Web Console 7.0 - custom Apache 1.3
# PGP LDAPS Keyserver 8.X
match ssl m|^\x16\x03\0\0\+\x02\0\0'\x03\0...\?|s p/PGP Corporation product SSL/
@@ -6110,6 +6111,29 @@
match ssl/sophos m|^\x16\x03\0.*Router\$([a-zA-Z0-9_-]+).*Sophos EM Certification Manager|s p/Sophos Message Router/
h/$1/
match ssl/sophos m|^\x16\x03\0.*Sophos EM Certification Manager|s p/Sophos Message Router/
+# Generic: TLSv1 Handshake error:
+match tlsv1 m|^\x15\x03\0\0\x02\x02\($|
+
+# Generic: SSLv3 ServerHello:
+match sslv3 m|^\x16\x03\0..\x02...\x03\0|
+
+##############################NEXT PROBE##############################
+#SSLv2-compatible ClientHello, 39 ciphers offered.
+#Will sollicit a ServerHello from most SSL implementations, apart from the ones that are TLSv1-only or SSLv3-only. As
it comes after the SSLv3 probe, its only added value is the detection of SSLv2-only servers
+Probe TCP SSLv23SessionReq q|\x80\x9e\x01\x03\x01\x00u\x00\x00\x00
\x00\x00f\x00\x00e\x00\x00d\x00\x00c\x00\x00b\x00\x00:\x00\x009\x00\x008\x00\x005\x00\x004\x00\x003\x00\x002\x00\x00/\x00\x00\x1b\x00\x00\x1a\x00\x00\x19\x00\x00\x18\x00\x00\x17\x00\x00\x16\x00\x00\x15\x00\x00\x14\x00\x00\x13\x00\x00\x12\x00\x00\x11\x00\x00\n\x00\x00\t\x00\x00\x08\x00\x00\x06\x00\x00\x05\x00\x00\x04\x00\x00\x03\x07\x00\xc0\x06\x00@\x04\x00\x80\x03\x00\x80\x02\x00\x80\x01\x00\x80\x00\x00\x02\x00\x00\x01\xe4i<+\xf6\xd6\x9b\xbb\xd3\x81\x9f\xbf\x15\xc1@\xa5o\x14,M
\xc4\xc7\xe0\xb6\xb0\xb2\x1f\xf9)\xe8\x98|
+
+rarity 3
+ports 443,444,548,636,993,1241,1311,2000,4444,5550,7210,7272,8009,8194,9001
+fallback GetRequest
+
+# SSLv2 ServerHello
+match sslv2 m|^..\x04\0.\0\x02|
+
+# TLSv1 ServerHello:
+match tlsv1 m|^\x16\x03\x01..\x02...\x03\x01|
+
+# SSLv3 ServerHello:
+match sslv3 m|^\x16\x03\0..\x02...\x03\0|
# SMB Negotiate Protocol
##############################NEXT PROBE##############################
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Proposed SSL version detection probe changes Kristof Boeynaems (Feb 08)
- Re: Proposed SSL version detection probe changes doug (Feb 08)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 09)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 09)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 10)
- Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 09)
- Re: Proposed SSL version detection probe changes Fyodor (Feb 16)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 17)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Brandon Enright (Feb 17)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 18)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Feb 21)
- Re: Proposed SSL version detection probe changes Kristof Boeynaems (Mar 21)
- Re: Proposed SSL version detection probe changes doug (Feb 08)