分類: Linux

testssl.sh 伺服器 TLS/SSL 加密安全性檢測工具,找出網站漏洞預防入侵

testssl.sh 是一個用來檢查伺服器 TLS/SSL 安全性的工具,適用於各種有使用加密的網路服務,例如網頁、郵件或 FTP 伺服器等都可以用它來檢測。

伺服器的各種服務加上了 TLS/SSL 之後,可以讓資料以加密的形式在網路上傳輸,確保資料不會被駭客輕易地竊取,不過伺服器的安全性問題並沒有那麼單純,雖然安裝了 TLS/SSL 可以讓伺服器有基本的保護,但後續的設定與維護也非常重要,不當的設定也可能讓伺服器暴露出許多漏洞讓駭客有機可乘。

testssl.sh 是一個開放原始碼的 TLS/SSL 加密安全性檢測工具,可以在 Linux、Mac OS X、FreeBSD 或 MSYS2/Cygwin 等環境中使用,伺服器上各種有使用 TLS/SSL 加密的網路服務(例如網頁、郵件或 FTP 等)都可以用 testssl.sh 來檢測。


Step 1
下載 testssl.sh 指令稿,可以使用 wget 下載:
wget -O testssl.sh testssl.sh

或是用 curl 下載:

curl -L testssl.sh -o testssl.sh

設定 testssl.sh 指令稿的執行權限:

chmod +x testssl.sh

Step 2
使用測試 testssl.sh 測試指定的網站:

./testssl.sh blog.gtwang.org

testssl.sh 在執行之後,就會進行各種網站的 TLS/SSL 安全性檢測,而其輸出的報表也非常清楚,沒問題的項目都會以綠色的文字表示。

testssl.sh 測試結果

testssl.sh 也會進行各種已知的安全性漏洞檢查,若發現有可能被入侵的弱點時,就會以紅色的文字標示,若您在測試伺服器時出現這樣的紅色訊息,就可以從該弱點的名稱與代號來查詢該如何修正它。

testssl.sh 測試結果

以下是完整的報表內容,給大家參考。

No mapping file found

###########################################################
    testssl.sh       2.6 from https://testssl.sh/
    (1.379c 2015/09/29 16:47:47)

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.1f 6 Jan 2014" [~115 ciphers] on
 linode01:/usr/bin/openssl
 (built: "May  2 16:53:18 2016", platform: "debian-amd64")


Testing now (2016-05-18 07:22) ---> 45.118.135.69:443 (blog.gtwang.org) <---

 further IP addresses:   2400:8901::f03c:91ff:fe67:98b
 rDNS (45.118.135.69):   li1442-69.members.linode.com. (A record via /etc/hosts)
 Service detected:       HTTP


--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 SPDY/NPN   h2, http/1.1 (advertised)

--> Testing ~standard cipher lists

 Null Ciphers                 not offered (OK)
 Anonymous NULL Ciphers       not offered (OK)
 Anonymous DH Ciphers         not offered (OK)
 40 Bit encryption            not offered (OK)
 56 Bit encryption            Local problem: No 56 Bit encryption configured in /usr/bin/openssl
 Export Ciphers (general)     not offered (OK)
 Low (<=64 Bit)               not offered (OK)
 DES Ciphers                  not offered (OK)
 Medium grade encryption      not offered (OK)
 Triple DES Ciphers           offered (NOT ok)
 High grade encryption        offered (OK)

--> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here

 PFS is offered (OK)  ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA

--> Testing server preferences

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256
 Cipher order
     TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
     TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
     TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA
     h2:        ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA
     http/1.1:  ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA

--> Testing server defaults (Server Hello)

 TLS server extensions        renegotiation info, EC point formats, session ticket, heartbeat
 Session Tickets RFC 5077     300 seconds
 Server key size              2048 bit
 Signature Algorithm          SHA256 with RSA
 Fingerprint / Serial         SHA1 CDC977139FF3ECC79F7E6B3ECD751F9F42481330 / 0317B5766AC415983F159B227E35DD16C1BB
                              SHA256 AB052E3C0629FC97F0C8A8CAAA59A6D15586B123472D38EB9CC1764A235E3C0E
 Common Name (CN)             blog.gtwang.org (works w/o SNI)
 subjectAltName (SAN)         blog.gtwang.org gtwang.org
 Issuer                       Let's Encrypt Authority X3 (Let's Encrypt from US)
 EV cert (experimental)       no
 Certificate Expiration       >= 60 days (2016-05-15 09:59 --> 2016-08-13 09:59 +0800)
 # of certificates provided   2
 Certificate Revocation List
 OCSP URI                     http://ocsp.int-x3.letsencrypt.org/
 OCSP stapling                not offered
 TLS timestamp                random values, no fingerprinting possible


--> Testing HTTP header response @ "/"

 HTTP Status Code             200 OK
 HTTP clock skew              -1 sec from localtime
 Strict Transport Security    --
 Public Key Pinning           --
 Server banner                nginx
 Application banner           --
 Cookie(s)                    1 issued: 1/1 secure, 1/1 HttpOnly
 Security headers             --
 Reverse Proxy banner         --


--> Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK) (timed out)
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                Local problem: /usr/bin/openssl lacks zlib support
 BREACH (CVE-2013-3587)                    NOT ok: uses gzip HTTP compression (only "/" tested)
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK) (tested with 4/9 ciphers)
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked.
 BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
                                                 DES-CBC3-SHA
                                           -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


--> Testing all locally available 115 ciphers against the server, ordered by encryption strength
    (Your /usr/bin/openssl cannot show DH/ECDH bits)

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
-------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH       AESGCM     256
 xc028   ECDHE-RSA-AES256-SHA384        ECDH       AES        256
 xc014   ECDHE-RSA-AES256-SHA           ECDH       AES        256
 x9f     DHE-RSA-AES256-GCM-SHA384      DH         AESGCM     256
 x6b     DHE-RSA-AES256-SHA256          DH         AES        256
 x39     DHE-RSA-AES256-SHA             DH         AES        256
 x9d     AES256-GCM-SHA384              RSA        AESGCM     256
 x3d     AES256-SHA256                  RSA        AES        256
 x35     AES256-SHA                     RSA        AES        256
 xc012   ECDHE-RSA-DES-CBC3-SHA         ECDH       3DES       168
 x16     EDH-RSA-DES-CBC3-SHA           DH         3DES       168
 x0a     DES-CBC3-SHA                   RSA        3DES       168
 xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH       AESGCM     128
 xc027   ECDHE-RSA-AES128-SHA256        ECDH       AES        128
 xc013   ECDHE-RSA-AES128-SHA           ECDH       AES        128
 x9e     DHE-RSA-AES128-GCM-SHA256      DH         AESGCM     128
 x67     DHE-RSA-AES128-SHA256          DH         AES        128
 x33     DHE-RSA-AES128-SHA             DH         AES        128
 x9c     AES128-GCM-SHA256              RSA        AESGCM     128
 x3c     AES128-SHA256                  RSA        AES        128
 x2f     AES128-SHA                     RSA        AES        128


Done now (2016-05-18 07:22) ---> 45.118.135.69:443 (blog.gtwang.org) <---

除了 testssl.sh 這個工具之外,Qualys 的 SSL Server Test 也是一個可以檢測伺服器 SSL 安全性的工具。如果想要改善伺服器的 TLS/SSL 安全性設定,可以參考 Raymii.org 的文章

G. T. Wang

個人使用 Linux 經驗長達十餘年,樂於分享各種自由軟體技術與實作文章。

Share
Published by
G. T. Wang
標籤: 資訊安全

Recent Posts

光陽 KYMCO GP 125 機車接電發動、更換電瓶記錄

本篇記錄我的光陽 KYMCO ...

2 年 ago

[開箱] YubiKey 5C NFC 實體金鑰

本篇是 YubiKey 5C ...

3 年 ago

[DIY] 自製竹火把

本篇記錄我拿竹子加上過期的苦茶...

3 年 ago