Recent changes to bugs

Invalid result - many ciphers "failed"

jpstotz — Tue, 20 May 2014 11:04:38 -0000

used version: sslscan 1.8.2 precompiled from Ubuntu 14.04 amd64

While using sslscan I noticed that a lot of ciphers were missing compared to the result of https://www.ssllabs.com/ssltest. The missing ciphers were marken in sslscan as "failed", however if I connect to the tested server using openssl s_client the "failed" cipher works without any problems.

Example: sslscan --http --tls1 ssllabs.com:443 marks the cipher "ECDHE-RSA-AES256-GCM-SHA384" as "failed".

Executing "openssl s_client -host ssllabs.com -port 443" results in the cipher ECDHE-RSA-AES256-GCM-SHA384 to be used.

This also happens with other ciphers that use SHA256 and SHA384.

Therefore the result of sslscan is unreliable.

Invalid XML files

Mario Vilas — Mon, 03 Feb 2014 16:33:01 -0000

When scanning live.vodafone.es and generating an XML output file, some characters aren't correctly escaped. This causes XML parsers to fail to read the file, but at its worst, it can also cause a security issue if a malicious site is scanned and the resulting XML file is fed to a parser (XML injection vulnerability).

I've attached the XML file showing the problem, look for unescaped ampersands in the "extension" tag near the end of the file.

sslscan does not honor OpenSSL config options

Jeffrey Walton — Sat, 14 Dec 2013 18:59:12 -0000

OpenSSL configured without SSLv2 produces the following compiler warning/error:

$ gcc -I /usr/local/ssl/macosx-x64/include/ /usr/local/ssl/macosx-x64/lib/libssl.a -o sslscan sslscan.c

sslscan.c:566:41: warning: implicit declaration of function
'SSLv2_client_method' is invalid in C99 [-Wimplicit-function-declaration]
...if (sslCipherPointer->sslMethod == SSLv2_client_method())

To configure OpenSSL without SSLv2:

$ ./config -no-ssl2

OpenSSL's configuration is stored in opensslconf.h>:

$ cat /usr/local/ssl/macosx-x64/include/openssl/opensslconf.h | grep -b2 -a2 -i SSL2
...
738:#ifndef OPENSSL_NO_SSL2
762:# define OPENSSL_NO_SSL2
787-#endif
--
--
2009:# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
2060:# define NO_SSL2
2078-# endif

To detect it at compile time:

#include opensslconf.h>

#if !defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
if (sslCipherPointer->sslMethod == SSLv2_client_method())
...
#endif

Attached is an updated sslscan.c that fixes the SSLv2 issues. You should also test with SSLv3 disabled (i.e., use -no-ssl3). Most of the time I disable SSLv3 also; and I require it be disabled in all projects with security requirements that use OpenSSL.

Truncation errors on Mac OS X 10.8.4 and OpenSSL 1.0.1e

Jeffrey Walton — Sat, 14 Dec 2013 18:41:55 -0000

$ gcc -I /usr/local/ssl/macosx-x64/include/ /usr/local/ssl/macosx-x64/lib/libssl.a -o sslscan sslscan.c

sslscan.c:566:41: warning: implicit declaration of function
'SSLv2_client_method' is invalid in C99 [-Wimplicit-function-declaration]
...if (sslCipherPointer->sslMethod == SSLv2_client_method())
^
sslscan.c:566:38: warning: comparison between pointer and integer
('SSL_METHOD ' (aka 'struct ssl_method_st ') and 'int')
...if (sslCipherPointer->sslMethod == SSLv2_client_method())
sslscan.c:691:22: warning: comparison between pointer and integer
('SSL_METHOD ' (aka 'struct ssl_method_st ') and 'int')
...if (sslMethod == SSLv2_client_method())
sslscan.c:811:13: warning: assigning to 'SSL_METHOD ' (aka
'struct ssl_method_st ') from 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
sslMethod = SSLv23_method();
^ ~~~~~~~~~~~~~~~
sslscan.c:1195:37: warning: incompatible integer to pointer conversion passing
'int' to parameter of type 'SSL_METHOD ' (aka 'struct ssl_method_st ')
[-Wint-conversion]
...status = defaultCipher(options, SSLv2_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1197:38: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...status = defaultCipher(options, SSLv3_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1199:38: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...status = defaultCipher(options, TLSv1_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1202:37: warning: incompatible integer to pointer conversion passing
'int' to parameter of type 'SSL_METHOD ' (aka 'struct ssl_method_st ')
[-Wint-conversion]
...status = defaultCipher(options, SSLv2_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1205:37: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...status = defaultCipher(options, SSLv3_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1208:37: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...status = defaultCipher(options, TLSv1_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:648:64: note: passing argument to parameter 'sslMethod' here
int defaultCipher(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1418:35: warning: incompatible integer to pointer conversion passing
'int' to parameter of type 'SSL_METHOD ' (aka 'struct ssl_method_st ')
[-Wint-conversion]
...populateCipherList(&options, SSLv2_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1419:35: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...populateCipherList(&options, SSLv3_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1420:35: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...populateCipherList(&options, TLSv1_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1423:35: warning: incompatible integer to pointer conversion passing
'int' to parameter of type 'SSL_METHOD ' (aka 'struct ssl_method_st ')
[-Wint-conversion]
...populateCipherList(&options, SSLv2_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1426:35: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...populateCipherList(&options, SSLv3_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)
^
sslscan.c:1429:35: warning: passing 'const SSL_METHOD ' (aka 'const struct
ssl_method_st ') to parameter of type 'SSL_METHOD ' (aka
'struct ssl_method_st ') discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
...populateCipherList(&options, TLSv1_client_method());
^~~~~~~~~~~~~~~~~~~~~
sslscan.c:128:69: note: passing argument to parameter 'sslMethod' here
int populateCipherList(struct sslCheckOptions options, SSL_METHOD sslMethod)

redhat does not support ec in openssl

Eero Volotinen — Fri, 13 Sep 2013 08:24:47 -0000

attached patch to compile under rhel systems

Makefile can cause link issues (underlinking)

Hans de Graaff — Sat, 29 Dec 2012 11:36:58 -0000

The current Makefile can cause link issues depending on the specific linker being used. GNU ld with --as-needed and gold both have issues. I'll attach the patch we use in Gentoo to fix these.

Support for other ports

John — Tue, 19 Jun 2012 19:54:38 -0000

It would be nice to be able to have a command line switch that would allow for scanning non-standard ports. For example, port 8080, 8443, or 5500. Is there a way to have this feature added to the product?

Thanks in advance!

Certificate Dump: Negative Serial Numbers

Anonymous — Fri, 23 Mar 2012 18:37:06 -0000

SSL Certificate:
Version: 0
Serial Number: -4294967295
Signature Algorithm: sha1WithRSAEncryption
Issuer: /CN=xxx/O=xxx/ST=California/C=US
Not valid before: Mar 13 18:01:35 2012 GMT
Not valid after: Mar 12 18:01:35 2017 GMT
Subject: /CN=xxx/O=xxx/ST=California/C=US
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d8:32:c3:92:b0:97:23:4f:32:6f:60:66:c2:3a:
27:c8:a7:15:ea:21:35:89:44:6c:f1:eb:33:bb:be:
5d:49:8c:57:53:94:8e:46:5e:31:44:3a:b2:c7:5a:
3c:6d:3c:05:52:c2:6f:6e:c3:ba:17:52:fa:0e:e9:
f9:b3:93:1d:cb:03:0a:85:7e:3a:da:23:02:55:98:
a7:86:85:eb:48:31:66:93:81:15:70:c4:f7:e6:7f:
65:01:b9:ca:54:ea:a1:77:90:07:8c:e8:7f:99:4f:
8e:28:68:41:47:a4:34:2b:76:e9:cd:ac:d4:61:83:
2c:00:50:2c:b4:2d:b8:60:dd:d2:3f:5a:b0:11:4e:
dd:f1:5e:e2:cc:40:15:b9:27:b4:98:c6:5e:9a:f7:
4e:43:40:cc:c4:09:2d:95:9c:08:23:57:89:fa:70:
ea:1c:76:45:53:2f:a9:a2:d1:9a:69:5b:bf:70:81:
e7:45:f3:9d:05:d1:ba:6e:d2:a2:54:91:a9:3b:f0:
14:4f:d6:e8:e7:2b:a3:ff:bf:4c:b2:21:03:18:ab:
b7:94:f8:8b:e4:35:0b:27:27:02:4a:47:e7:d3:d9:
fd:80:79:58:1b:07:bb:00:cc:93:92:39:5f:61:3c:
54:75:c8:40:0b:d2:ad:eb:ae:6e:74:fb:d5:cb:70:
f7:99
Exponent: 65537 (0x10001)
Verify Certificate:
self signed certificate

Make: Conversion warnings with -Wconversion

Anonymous — Fri, 23 Mar 2012 17:14:05 -0000

sslscan-1.8.2$ make CFLAGS="-Wall -Wextra -Wconversion --stack-protector-all -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,noexecheap -fPIE"
gcc -g -Wall -lssl -o sslscan sslscan.c -Wall -Wextra -Wconversion --stack-protector-all -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,noexecheap -fPIE
sslscan.c: In function ‘readLine’:
sslscan.c:227: warning: conversion to ‘int’ from ‘size_t’ may change the sign of the result
sslscan.c: In function ‘password_callback’:
sslscan.c:311: warning: conversion to ‘size_t’ from ‘int’ may change the sign of the result
sslscan.c:313: warning: conversion to ‘int’ from ‘size_t’ may change the sign of the result
sslscan.c:309: warning: unused parameter ‘rwflag’
sslscan.c: In function ‘testCipher’:
sslscan.c:506: warning: conversion to ‘int’ from ‘size_t’ may change the sign of the result
sslscan.c: In function ‘testHost’:
sslscan.c:1134: warning: conversion to ‘sa_family_t’ from ‘int’ may alter its value
sslscan.c:1135: warning: conversion to ‘size_t’ from ‘int’ may change the sign of the result
sslscan.c:1136: warning: conversion to ‘uint16_t’ from ‘int’ may alter its value
sslscan.c: In function ‘main’:
sslscan.c:1328: warning: conversion to ‘int’ from ‘size_t’ may change the sign of the result
sslscan-1.8.2$

MAN page needs updating

Brian Holland — Thu, 03 Nov 2011 17:02:03 -0000

The MAN page incorrectly denotes a command line parameter of --html. It should be updated to --http. Please update the description as well. Change the file sslscan.1