Verify OpenSSL TLS 1.2

Thursday, September 24, 2020 Add a comment

In an effort to combat cyber crime, major tech companies are advocating encryption for the entire Internet through the free certificate service called “Let’s Encrypt”; meaning that in the not so distant future the following will block public web pages from running browsers:

    * Web paged running on http port 80
    * Web pages with self-signed certificates
    * Web pages with weak encryption
    * Web pages without TLS 1.2 certified encryption
    * Web pages still encrypting with old SSL3

Below find some examples on how to quickly test if your site complies with OpenSSL TLS 1.2.

TLS is supported on OpenSSL 1.0.1 or above. Verify your version:

~$ openssl version
OpenSSL 1.1.1d  10 Sep 2019

Verify a TLS 1.2 enabled website by querying its certificate and spotting its cipher at the bottom. If it returns error handshake messages and no cipher, then it probably does not support TLS 1.2. It should return something like this:

~$ openssl s_client -connect www.sotosystems.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = sotosystems.com
verify return:1
---
Certificate chain
 0 s:CN = sotosystems.com
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIRALiuGHZFyxUl9E1DnEkVRDIwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
...
...
-----END CERTIFICATE-----
subject=CN = sotosystems.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5162 bytes and written 342 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 409020B064B170149091C0C5AF9179B91EF4476EDEE79C7C38C883C6BA4F9AF8
    Session-ID-ctx: 
    Master-Key: DACD0A5D171833C82107CDD69B52661D671DFCD033C6416AF4EC6F5ACECAAD62D2B1A9F51CEA29B181366CED2F90727D
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - c5 68 f5 e2 b9 71 e2 74-2f 30 a4 96 de 58 95 ab   .h...q.t/0...X..
    0010 - dc 50 28 43 32 78 b1 59-aa be 0d e0 4d b4 33 43   .P(C2x.Y....M.3C
...
    Start Time: 1600876066
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

Using nmap verify the list of all supported ciphers for a web site. Look for the TLS 1.2 section at the bottom:

~$ nmap --script ssl-enum-ciphers -p 443 www.sotosystems.com
Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-23 11:50 EDT
Nmap scan report for www.sotosystems.com (50.116.45.185)
Host is up (0.031s latency).
rDNS record for 50.116.45.185: li484-185.members.linode.com

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 4.89 seconds

Verify connecting with TLS 1.2 by look at the following command output. If it instead returns a handshake error, then it means that TLS 1.2 is not supported on that webpage.

$ openssl s_client -connect www.sotosystems.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = sotosystems.com
verify return:1
---
Certificate chain
 0 s:CN = sotosystems.com
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIRALiuGHZFyxUl9E1DnEkVRDIwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
...
...
-----END CERTIFICATE-----
subject=CN = sotosystems.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5162 bytes and written 342 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: C9E3B86E50CCEE8F154F2A3C06CB7B478AAE38E3F2FEF860069CD101FFB73D5F
    Session-ID-ctx: 
    Master-Key: 602B33345A163C9EBDDD154E4A27CB951F11F971E8ADD96104BAA0C45A509991CAF738B25A05A6F797F89AA05C5A375E
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - c5 68 f5 e2 b9 71 e2 74-2f 30 a4 96 de 58 95 ab   .h...q.t/0...X..
    0010 - be 69 dc 18 88 60 8e a7-b8 2b 60 b1 95 21 76 e4   .i...`...+`..!v.
...
...

    Start Time: 1600923864
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

HTTP/1.1 400 Bad Request
Date: Thu, 24 Sep 2020 05:04:26 GMT
Server: Apache/2.4.10 (Debian)
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.

</p>
<hr>
<address>Apache/2.4.10 (Debian) Server at sotosystems.com Port 443</address>
</body></html>
read:errno=0

If you don’t get a handshake as above then the new protocol is not supported; or if it returns “handshake error”, then that means that TLS 1.2 is not supported. You may get a message more like this:

$ openssl s_client -connect 10.112.3.35:443 -tls1_2
CONNECTED(00000003)
139856468424336:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1600875251
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Further proof that this system does not support TLS 1.2:

$ nmap --script ssl-enum-ciphers -p 443 10.112.3.35

Starting Nmap 6.46 ( http://nmap.org ) at 2020-09-23 11:55 EDT
Nmap scan report for www.oldwebsite.edu (10.112.3.35)
Host is up (0.017s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds

Testing for a particular cipher: 

$ openssl s_client -cipher 'ECDHE-ECDSA-AES256-GCM-SHA384' -connect www.sotosystems.com:443
...
...
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 79866B234BBEAE9F66E00DFA1AAB50458948D396121E038823BAF53EA41A18C1
..
...
...

Testing all local TLS 1.2 ciphers:

~$ openssl ciphers -v 'ALL:eNULL' | grep -i tlsv1.2
[1] 5942
~$ TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD

The End.

Posted by Ramses at 02:52:21 in
Apache SSL TLS Certificate Creation Script »
« Unix BSD/OS 4.3 Install on Qemu 386