The theory: What to look forFirst it would be a good idea to know what to test for and why.
Wikipedia has a good introduction to TLS:
OWASP's cheat sheet is a good overview of basic TLS security considerations:
Qualys SSL Labs has a useful whitepaper describing SSL/TLS Deployment Best Practices.
The whitepaper has footnotes pointing to background articles describing recent developments in TLS security:
- Use of RC4
- TLS Renegotiation
- CRIME, TIME, BREACH, and BEAST attacks
- Public key pinning
- ECDSA certificates.
Shameless plug for SSL LabsIf you want to test a single certificate (or a browser's SSL implementation), SSL labs offers great web-based tools. Comprehensive diagnostics are provided. In-page links are given to point to relevant documentation.
If you test a company server, don't forget to click on the link "Do not show the results on the boards".
However if you need to do bulk testing of certificates (a la "pen test"), or want a tool for specialized testing, read on ....
Kali Linux installation
Base installationThe VMWare pre-built images lag the main distro release cycle so I opted to build my own Kali VM.
I downloaded the most recent Kali 32-bit ISO (v1.0.8) from Offensive Security:
The ISO was installed into VMWare Workstation using the Kali Linux Hard Disk Install procedure.
The install was text mode, not GUI, but the basic steps are outlined in Kali's documentation. Depending on when you do the install, it's a good idea to update to "latest and greatest" from the Kali mirrors. After the GRUB loader was put into the VM disk's MBR by the installer, Kali was ready to boot up.
VMWare ToolsFollowing the Kali documentation, I next installed open-vm-toolbox.
Kali has a custom kernel that plays havoc with VMWare's standard VM Tools.
VM Cut+paste worked out of the box, but not shared folders. An easy workaround is winscp / sftp.
SSL V2 support
OpenSSLOpenSSL's default compile does not include SSL V2 support. This limits / breaks the SSL validation tools.
Installing OpenSSL SSL V2 support is not difficult. Foundstone has a blow-by-blow Kali-specific writeup:
Be aware that there is a typo. The correct command is:
apt-get install devscripts
Perl Net::SSLeayThe OWASP o-saft SSL test tool requires Net::SSLeay. However the Perl module developers have removed SSL V2 support in their module (to avoid spurious error messages during installs).
To fully support o-saft function, a custom version of Net::SSLeay with SSL V2 support should be installed.
To do this, download the Net::SSLeay tarball from CPAN. At time of writing (2014-7-28), the CPAN page was here:
and the tarball was here:
The recipe for building the custom Net::SSLeay is here:
To get things working. be sure to remove both #ifndef and the #ifdef stmts (as well as the corresponding #endifs) in the two places indicated in SSLeay.xs.
Once the new SSLeay module is compiled and installed (in /usr/local/lib), if o-saft still complains about lack of SSL v2 support, be sure that there is not another version of Net::SSLeay in a system library.
OWASP o-saft installationFinally, install the OWASP o-saft tool. This tool is worth the trouble of installing because of the flexibility and detailed diagnostics provided. See the man page if you have any doubts about this:
The o-saft tool can be downloaded from the OWASP web site here:
The same page has installation instructions. Once the tarball has been downloaded / unpacked, go to CPAN to install the Perl module dependencies. But do *not* install Net::SSLeay (again) (of course!): IO::Socket::INET, IO::Socket::SSL.
The README in the install directory has to be renamed or the o-saft perl script will not start. This is the author's way of making sure everyone looks at the README.
Instead of installing the Net::SSLinfo module included in the o-saft tarball, I just told perl where to find it.
perl -I ./ o-saft.pl
o-saft.pl +cipher some.tld
o-saft.pl +info some.tld
o-saft.pl +check some.tld
o-saft.pl +quick some.tld
o-saft.pl +list --v
SSL auditingThis is what we have all been waiting for. After looking at all the Kali SSL tools as well as OWASP's o-saft, here is my take on what's useful.
TLSSled - SSL Scanner
This is probably the most useful SSL scanner on the Kali distro, especially for bulk scans.
But taddong is apparently finished as a company. http://www.taddong.com/en/lab.html So YMMV in the future.
The tool includes a good set of tests and provides full SSLScan output as a bonus.
From the tool web site:
TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. More information in our blog.
sslscan - Fast ssl scan
This is a fast tool that includes comprehensive checks. As mentioned above, TLSSled leverages sslscan.
From the tool web site:
SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats.
The user can provide a list of ciphers in order to check if other ciphers are supported (which shouldn’t be).
SSLyze - python SSL scanner
The other Kali SSL scan tool to look at is SSLyze.
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
Key features include:
- Multi-processed and multi-threaded scanning (it's fast)
- SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
- Performance testing: session resumption and TLS tickets support
- Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
- Server certificate validation and revocation checking through OCSP stapling
- Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
- Support for client certificates when scanning servers that perform mutual authentication
- XML output to further process the scan results
- And much more !
$ python sslyze.py --regular www.isecpartners.com:443 www.google.com
Supports proxy “Http connect” to test through a proxy. Very nice. Fast.
sslyze --resum --reneg --certinfo=full --compression --hide_rejected_ciphers --regular my.tld.com | less
The other Kali SSL toolsThe other Kali SSL test tools are not basic validation tools per se, but provide other pen-testing functions:
- sslcaudit: tests client-side SSL, tester provides a CA trusted by the client
- ssldump: SSL-oriented trace. Handles pcap files as well.
- sslh: SSL application protocol multiplexer. Run several services on the same port 443 to punch through firewalls.
- sslsniff, sslsplit: SSL MITM
- sslstrip: Marlingspike's https stripping attack