Re: SSL support in Ncat - confusing server parameters and client version issue

[Kristof Boeynaems <kristof.boeynaems () gmail com>]

A bit more information on the second issue:

Apparently Ncat uses the SSLv23_client_method() defined in nsock_ssl.c.

This method sends a SSLv2 compatible Client Hello, indicating that it
understand SSLv2, SSLv3 and TLSv1.

However, a pure TLSv1 or SSLv3 server (i.e. a server initiated with
the methods TLSv1_server_method() or SSLv3_server_method()) will NOT
understand this Client Hello (see
http://www.openssl.org/docs/ssl/SSL_CTX_new.html). Additionally, a
pure TLSv1 server will also NOT understand SSLv3 Client Hello
messages.

In other words, to support the widest range of SSL servers available,
it seems that Ncat should not only try the SSLv23_client_method(), but
also the SSLv3_client_method() and TLSv1_client_method().
Not sure how this can be most efficiently implemented though.

Also note that the same nsock_ssl code seems to be called by the Nmap
engine for its SSL support, so this might have repercussions for
version detection (and possibly the scripting engine) as well.

Indeed, a quick version scan on different "openssl s_server" instances
(using the commands from the earlier post) shows that also Nmap
version detection makes a difference between a pure SSLv3/TLSv1 server
and the other cases:

- In case of a pure SSLv3/TLSv1 server, Nmap correctly detects that it
is a service wrapped in SSL ("ssl/unknown").

- In the other cases though (default/ssl2/no_ssl2), Nmap detects the
SSL service, launches a whole battery of SSL probes at the service,
but, as it is unable to induce any response, it ultimately falls back
to "unknown?", not even indicating that SSL was detected.

Of course the "openssl s_server" instances are artificial test cases,
as they do not respond in any way, apart from the SSL handshake.
Nevertheless, Nmap should (and is) well aware that there is an SSL
service listening on that port (because of the SSL handshake), so it
should not fallback to "unknown".
Not sure why that happens.

Cheers,

Kristof


On Sat, Feb 7, 2009 at 12:06 PM, Kristof Boeynaems
<kristof.boeynaems () gmail com> wrote:
> -------------------------------------------------------------------------------
> 2. Ncat as SSL client - Not all versions supported?
> -------------------------------------------------------------------------------
> It seems that Ncat does not support pure TLSv1 or SSLv3 servers.
> Starting an OpenSSL SSLv3 or TLSv1 server with following commands:
>
>  openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem
> -key /usr/share/doc/libssl-dev/demos/sign/key.pem -ssl3
>  openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem
> -key /usr/share/doc/libssl-dev/demos/sign/key.pem -tls1
>
> and trying to connect with Ncat as follows:
>
>  ./ncat --ssl localhost 4433
>
> Ncat immediately quits without any error, while at the openssl side
> the following error is shown (both in SSLv3 and TLSv1 case):
>
>  3026:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:295:
>
> It works fine with an OpenSSL server started without specifying the
> version, or using -no_ssl2 or -ssl2:
>
>  openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem
> -key /usr/share/doc/libssl-dev/demos/sign/key.pem
>  openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem
> -key /usr/share/doc/libssl-dev/demos/sign/key.pem -no_ssl2
>  openssl s_server -cert /usr/share/doc/libssl-dev/demos/sign/cert.pem
> -key /usr/share/doc/libssl-dev/demos/sign/key.pem -ssl2
>
> Am I missing something, or does Ncat indeed not support pure TLSv1 and
> SSLv3 servers?
>
> Thank you,
>
> Kristof

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org