testssl.sh 是一個用來檢查伺服器 TLS/SSL 安全性的工具,適用於各種有使用加密的網路服務,例如網頁、郵件或 FTP 伺服器等都可以用它來檢測。
伺服器的各種服務加上了 TLS/SSL 之後,可以讓資料以加密的形式在網路上傳輸,確保資料不會被駭客輕易地竊取,不過伺服器的安全性問題並沒有那麼單純,雖然安裝了 TLS/SSL 可以讓伺服器有基本的保護,但後續的設定與維護也非常重要,不當的設定也可能讓伺服器暴露出許多漏洞讓駭客有機可乘。
testssl.sh 是一個開放原始碼的 TLS/SSL 加密安全性檢測工具,可以在 Linux、Mac OS X、FreeBSD 或 MSYS2/Cygwin 等環境中使用,伺服器上各種有使用 TLS/SSL 加密的網路服務(例如網頁、郵件或 FTP 等)都可以用 testssl.sh 來檢測。
Step 1
下載
testssl.sh
指令稿,可以使用 wget
下載:
wget -O testssl.sh testssl.sh
或是用 curl
下載:
curl -L testssl.sh -o testssl.sh
設定 testssl.sh
指令稿的執行權限:
chmod +x testssl.sh
Step 2
使用測試 testssl.sh
測試指定的網站:
./testssl.sh blog.gtwang.org
testssl.sh 在執行之後,就會進行各種網站的 TLS/SSL 安全性檢測,而其輸出的報表也非常清楚,沒問題的項目都會以綠色的文字表示。
testssl.sh 也會進行各種已知的安全性漏洞檢查,若發現有可能被入侵的弱點時,就會以紅色的文字標示,若您在測試伺服器時出現這樣的紅色訊息,就可以從該弱點的名稱與代號來查詢該如何修正它。
以下是完整的報表內容,給大家參考。
No mapping file found ########################################################### testssl.sh 2.6 from https://testssl.sh/ (1.379c 2015/09/29 16:47:47) This program is free software. Distribution and modification under GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Please file bugs @ https://testssl.sh/bugs/ ########################################################### Using "OpenSSL 1.0.1f 6 Jan 2014" [~115 ciphers] on linode01:/usr/bin/openssl (built: "May 2 16:53:18 2016", platform: "debian-amd64") Testing now (2016-05-18 07:22) ---> 45.118.135.69:443 (blog.gtwang.org) <--- further IP addresses: 2400:8901::f03c:91ff:fe67:98b rDNS (45.118.135.69): li1442-69.members.linode.com. (A record via /etc/hosts) Service detected: HTTP --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN) SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) SPDY/NPN h2, http/1.1 (advertised) --> Testing ~standard cipher lists Null Ciphers not offered (OK) Anonymous NULL Ciphers not offered (OK) Anonymous DH Ciphers not offered (OK) 40 Bit encryption not offered (OK) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Ciphers (general) not offered (OK) Low (<=64 Bit) not offered (OK) DES Ciphers not offered (OK) Medium grade encryption not offered (OK) Triple DES Ciphers offered (NOT ok) High grade encryption offered (OK) --> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA --> Testing server preferences Has server cipher order? yes (OK) Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256 Cipher order TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA h2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA http/1.1: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA --> Testing server defaults (Server Hello) TLS server extensions renegotiation info, EC point formats, session ticket, heartbeat Session Tickets RFC 5077 300 seconds Server key size 2048 bit Signature Algorithm SHA256 with RSA Fingerprint / Serial SHA1 CDC977139FF3ECC79F7E6B3ECD751F9F42481330 / 0317B5766AC415983F159B227E35DD16C1BB SHA256 AB052E3C0629FC97F0C8A8CAAA59A6D15586B123472D38EB9CC1764A235E3C0E Common Name (CN) blog.gtwang.org (works w/o SNI) subjectAltName (SAN) blog.gtwang.org gtwang.org Issuer Let's Encrypt Authority X3 (Let's Encrypt from US) EV cert (experimental) no Certificate Expiration >= 60 days (2016-05-15 09:59 --> 2016-08-13 09:59 +0800) # of certificates provided 2 Certificate Revocation List OCSP URI http://ocsp.int-x3.letsencrypt.org/ OCSP stapling not offered TLS timestamp random values, no fingerprinting possible --> Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew -1 sec from localtime Strict Transport Security -- Public Key Pinning -- Server banner nginx Application banner -- Cookie(s) 1 issued: 1/1 secure, 1/1 HttpOnly Security headers -- Reverse Proxy banner -- --> Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out) CCS (CVE-2014-0224) not vulnerable (OK) Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) Local problem: /usr/bin/openssl lacks zlib support BREACH (CVE-2013-3587) NOT ok: uses gzip HTTP compression (only "/" tested) POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK) FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers) LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) --> Testing all locally available 115 ciphers against the server, ordered by encryption strength (Your /usr/bin/openssl cannot show DH/ECDH bits) Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH AESGCM 256 xc028 ECDHE-RSA-AES256-SHA384 ECDH AES 256 xc014 ECDHE-RSA-AES256-SHA ECDH AES 256 x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 x6b DHE-RSA-AES256-SHA256 DH AES 256 x39 DHE-RSA-AES256-SHA DH AES 256 x9d AES256-GCM-SHA384 RSA AESGCM 256 x3d AES256-SHA256 RSA AES 256 x35 AES256-SHA RSA AES 256 xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 3DES 168 x16 EDH-RSA-DES-CBC3-SHA DH 3DES 168 x0a DES-CBC3-SHA RSA 3DES 168 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128 xc027 ECDHE-RSA-AES128-SHA256 ECDH AES 128 xc013 ECDHE-RSA-AES128-SHA ECDH AES 128 x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 x67 DHE-RSA-AES128-SHA256 DH AES 128 x33 DHE-RSA-AES128-SHA DH AES 128 x9c AES128-GCM-SHA256 RSA AESGCM 128 x3c AES128-SHA256 RSA AES 128 x2f AES128-SHA RSA AES 128 Done now (2016-05-18 07:22) ---> 45.118.135.69:443 (blog.gtwang.org) <---
除了 testssl.sh 這個工具之外,Qualys 的 SSL Server Test 也是一個可以檢測伺服器 SSL 安全性的工具。如果想要改善伺服器的 TLS/SSL 安全性設定,可以參考 Raymii.org 的文章。