sslv3 alert unexpected message when running --elliptic_curves

[Gary-Lum]

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Install SSLyze using sslyze-4.0.2-exe.zip on
2. E:\ssylze-4.0.2\sslyze.exe --regular 172.16.77.207
3. See error

Expected behavior
No error before I updated the JDK to 1.8.0_291

Python environment (please complete the following information):

• OS: Windows Server 2012R2
• Python version: [e.g. 3.6, 3.7]

Additional context

• TLS 1.2 Cipher Suites:
  Attempted to connect using 156 cipher suites.

  The server accepted the following 12 cipher suites:
  TLS_RSA_WITH_AES_256_GCM_SHA384 256
  TLS_RSA_WITH_AES_256_CBC_SHA256 256
  TLS_RSA_WITH_AES_256_CBC_SHA 256
  TLS_RSA_WITH_AES_128_GCM_SHA256 128
  TLS_RSA_WITH_AES_128_CBC_SHA256 128
  TLS_RSA_WITH_AES_128_CBC_SHA 128
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)

  The group of cipher suites supported by the server has the following properties:
  Forward Secrecy OK - Supported
  Legacy RC4 Algorithm OK - Not Supported

• SSL 2.0 Cipher Suites:
  Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

• Error when running --elliptic_curves:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * Server: 172.16.77.207:443 - 172.16.77.207
  * Scan command: elliptic_curves
  
  Traceback (most recent call last):
    File "D:\a\sslyze\sslyze\sslyze\scanner.py", line 264, in get_results
    File "D:\a\sslyze\sslyze\sslyze\plugins\elliptic_curves_plugin.py", line 118, in result_for_completed_scan_jobs
    File "D:\a\sslyze\sslyze\sslyze\plugins\elliptic_curves_plugin.py", line 118, in <listcomp>
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\_base.py", line 432, in result
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\_base.py", line 388, in __get_result
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\thread.py", line 57, in run
    File "D:\a\sslyze\sslyze\sslyze\plugins\elliptic_curves_plugin.py", line 162, in _test_curve
    File "D:\a\sslyze\sslyze\sslyze\connection_helpers\tls_connection.py", line 293, in connect
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\site-packages\nassl\ssl_client.py", line 182, in do_handshake
  nassl._nassl.OpenSSLError: error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message
  

SCAN COMPLETED IN 1.64 S

[nabla-c0d3]

Hello @Gary-Lum do you know what kind of server software triggered this issue? Otherwise I won't be able to fix it. Thanks!

[evalalave]

I've got the same issue maybe:

* Error when running --elliptic_curves:
You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

   * Server: x.x.x.x:443 - x.x.x.x
   * Scan command: elliptic_curves

   Traceback (most recent call last):
     File "/usr/local/lib/python3.7/site-packages/sslyze/scanner.py", line 265, in get_results
server_info, list(completed_scan_jobs)
     File "/usr/local/lib/python3.7/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 126, in result_for_completed_scan_jobs
all_ecdh_results = [scan_job.result() for scan_job in completed_scan_jobs]
     File "/usr/local/lib/python3.7/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 126, in <listcomp>
all_ecdh_results = [scan_job.result() for scan_job in completed_scan_jobs]
     File "/usr/local/lib/python3.7/concurrent/futures/_base.py", line 425, in result
return self.__get_result()
     File "/usr/local/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result
raise self._exception
     File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
     File "/usr/local/lib/python3.7/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 170, in _test_curve
ssl_connection.connect()
     File "/usr/local/lib/python3.7/site-packages/sslyze/connection_helpers/tls_connection.py", line 293, in connect
self.ssl_client.do_handshake()
     File "/usr/local/lib/python3.7/site-packages/nassl/ssl_client.py", line 182, in do_handshake
self._ssl.do_handshake()
   nassl._nassl.OpenSSLError: error:141A417A:SSL routines:tls_process_ske_ecdhe:wrong curve

The HTTP server is using the pre-latest Bouncy Castle versions (BCFIPS and BCJSSE 2.2.1), doesn't occur on older versions of sslyze or BC.

[nabla-c0d3]

Fixed in v4.0.4.