Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake #889

Merged
merged 4 commits into from
Oct 25, 2021
Merged

Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake #889

merged 4 commits into from
Oct 25, 2021

Conversation

jjnicola
Copy link
Member

@jjnicola jjnicola commented Oct 6, 2021

What:
Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake

Jira: SC-394

Why:

How:
Use s_server and the different tls versions (tls1_2 and tls_3). Also, different option are possible like -no_renegotation.
openssl s_server -tls1_3 -key key.pem -cert cert.pem -accept 44330 -www -no_renegotiation

Run the following script. Comment/uncomment the

port = 44330;
if( ! soc = open_sock_tcp( port ) )
  exit( 0 );

# Use "7" for  TLS 1.2, "8" for  TLS 1.3,
tls_version = 7; 
soc = socket_negotiate_ssl( socket:soc, transport: tls_version );

if (! soc)
   {
     display("no socket");
     return;
   }

display("There is a socket");     

#send( socket:soc, data:'GET / HTTP/1.0\r\n\r\n' );
send( socket:soc, data:'FFFF\r\n\r\n' );
display("Recieved !!!");     
res = recv( socket:soc, length:512 );
display( res );

res = socket_check_ssl_safe_renegotiation(socket:soc);
display("status:", res);

res = socket_ssl_do_handshake(socket:soc);
display("handshake:", res);

sleep(1);

display("Close!!");     
close( soc );
exit( 0 );

Checklist:

@jjnicola jjnicola requested a review from a team as a code owner October 6, 2021 09:42
@jjnicola jjnicola marked this pull request as draft October 6, 2021 09:52
@jjnicola jjnicola marked this pull request as ready for review October 7, 2021 06:16
@jjnicola jjnicola force-pushed the safe-reneg branch 2 times, most recently from da01ba0 to a36907b Compare October 7, 2021 06:19
@jjnicola jjnicola enabled auto-merge (squash) October 22, 2021 07:16
@jjnicola jjnicola merged commit 641ab33 into greenbone:main Oct 25, 2021
mergify bot pushed a commit that referenced this pull request Oct 25, 2021
@jjnicola
Add: Add nasl functions for checking ssl/tls secure renegotiation and…
df77d02 
… performing re-handshake. (#889)

Add: Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake. (#889)
(cherry picked from commit 641ab33)

# Conflicts:
#	CHANGELOG.md
@mergify mergify bot mentioned this pull request Oct 25, 2021
Merged
mergify bot pushed a commit that referenced this pull request Oct 25, 2021
@jjnicola
Add: Add nasl functions for checking ssl/tls secure renegotiation and…
4429b34 
… performing re-handshake. (#889)

Add: Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake. (#889)
(cherry picked from commit 641ab33)

# Conflicts:
#	CHANGELOG.md
@mergify mergify bot mentioned this pull request Oct 25, 2021
Merged
jjnicola added a commit that referenced this pull request Oct 25, 2021
@mergify @jjnicola
Add: Add nasl functions for checking ssl/tls secure renegotiation and…
1ab8528 
… performing re-handshake (backport #889) (#910)

* Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake. (#889)
* Remove changelog entries to solved conflicts. It uses now squash commits

Co-authored-by: Juan José Nicola <jjnicola@gmail.com>
Co-authored-by: Juan Jose Nicola <juan.nicola@greenbone.net>
jjnicola added a commit that referenced this pull request Oct 25, 2021
@mergify @jjnicola
Add: Add nasl functions for checking ssl/tls secure renegotiation and…
a563ff1 
… performing re-handshake (backport #889) (#911)

* Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake. (#889)
* Remove changelog entries to solved conflicts. It uses now squash commits

Co-authored-by: Juan José Nicola <jjnicola@gmail.com>
Co-authored-by: Juan Jose Nicola <juan.nicola@greenbone.net>
@nichtsfrei nichtsfrei mentioned this pull request Dec 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kraemii Kraemii Kraemii approved these changes

@ArnoStiefvater ArnoStiefvater ArnoStiefvater approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jjnicola @ArnoStiefvater @Kraemii