lucky13 false positive?

[asarubbo]

Please make sure that you provide enough information so that we understand what your issue is about.

1. testssl version from the banner (testssl.sh -b 2>/dev/null | head -4 | tail -2)
   testssl.sh 2.9.5-4 from https://testssl.sh/

2. what exactly was happening, output is needed
   During a webserver test I discovered that it is potentially vulnerable to LUCKY13.
   The server which is running the nginx webserver is an up-to-date Centos7 with: OpenSSL 1.0.2k-fips 26 Jan 2017
   Since:
   -the openssl advisory says that it is fixed in 1.0.1e, 1.0.0k or 0.9.8y
   -the openssl advisory says something about partial fix

I'm wondering if it is a false positive, or there was (maybe) an error into the downstream openssl package

4. steps to reproduce

   1. testssl.sh -L $URL

   2. openssl version used (testssl.sh -b 2>/dev/null | head -16 | tail -3)
      CLIENT: /usr/bin/openssl
      (built: "reproducible build, date unspecified", platform: "linux-x86_64")
      openssl version
      OpenSSL 1.0.2q 20 Nov 2018
      SERVER: Using "OpenSSL 1.0.2k-fips 26 Jan 2017" [~118 ciphers]

   3. your operating system (uname -a)
      CLIENT:
      Linux spectre 4.14.83-gentoo openssl bins #7 SMP PREEMPT Tue Jan 8 12:15:22 CET 2019 x86_64 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz GenuineIntel GNU/Linux
      SERVER:
      Linux host 3.10.0-957.1.3.el7.x86_64 Heartbleed for STARTTLS #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

[drwetter]

hello @asarubbo ,

key is the word potentially here. Background is that a real check for Lucky13 cannot be done even with sockets, unlike e.g. Ticket/Heartbleed or ROBOT. For Lucky13 testssl.sh just looks at the cipher suites which had this problem.

The approach in favor of security is to raise the hand but as it is uncertain it marks it as potential.

HTH, Dirk