How can I test SSLv3 on recent Ubuntu OS?

Question

I am using Ubuntu 16.04 on my client (laptop) and it seems that SSL v3 is not present on my system to test the remote server (zmap.io in this example).

Tests that did NOT work

curl:

$ curl --sslv3 https://zmap.io/
curl: (35) gnutls_handshake() failed: Handshake failed

I expect SSLv3, TLS handshake, Client hello in the output.

openssl

$ openssl s_client -ssl3 -connect zmap.io:443
140396574262936:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method passed:ssl_lib.c:1878:

I expect routines:SSL3_READ_BYTES:sslv3 alert handshake in the output.

nmap

$ nmap --script ssl-enum-ciphers -p 443 zmap.io

Starting Nmap 7.01 ( https://nmap.org ) at 2016-09-20 17:19 CEST
Nmap scan report for zmap.io (141.212.120.90)
Host is up (0.12s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 10.57 seconds

I expect **SSLv3: No supported ciphers found** in the output.

What to do?

Does anyone know a way to test SSLv3 with Ubuntu 16.04 (or other Linux distros without SSLv3 enabled in openssl)?

My server under test is not available from the public internet, meaning that an online service is not fulfilling my needs.

It appears you've answered your own question - you've successfully tested and verified that SSLv3 is not enabled on your server. Or are you asking how to enable it for some reason? Or? — crovers, Sep 20 '16 at 15:38
No, I'm running the code from my laptop (Ubuntu) and I want to check the presence of SSL v3 on the server (zmap.io in this example). And yes, I want to enable SSL v3 on my client to test the server. — Yannick Clybouw, Sep 20 '16 at 15:50
You can get a statically linked version of SSLScan - see the documentation at https://github.com/rbsec/sslscan which would allow you to check some basic issues at least, although it doesn't cover every case. — Matthew, Sep 20 '16 at 16:05

StackzOfZtuff · Answer 1 · 2016-12-29T10:44:40.023

Try TestSSL.sh's static openssl build

The TestSSL.sh project is an SSL scanner. And they include static versions of deliberately weakened OpenSSL with all sorts of old crypto enabled. You can use one of their builds to test for SSLv3.

I tried this on the current Mint Live CD. And I'm guessing it should work on your Ubuntu as well.

Full instructions/proof of concept below.

FYI: The Linux version I was using

mint@mint ~ $ cat /etc/lsb-release
DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=18.1
DISTRIB_CODENAME=serena
DISTRIB_DESCRIPTION="Linux Mint 18.1 Serena"

Get testssl.sh

mint@mint ~ $ git clone https://github.com/drwetter/testssl.sh --depth 1
Cloning into 'testssl.sh'...
remote: Counting objects: 48, done.
remote: Compressing objects: 100% (46/46), done.
remote: Total 48 (delta 8), reused 17 (delta 2), pack-reused 0
Unpacking objects: 100% (48/48), done.
Checking connectivity... done.

Here are the static builds

mint@mint ~ $ file testssl.sh/bin/* | grep -i linux | grep -i static
testssl.sh/bin/openssl.Linux.i686:             ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.24, BuildID[sha1]=688fd66da53e4351659a0580cf9f5605deb16c9e, stripped
testssl.sh/bin/openssl.Linux.x86_64:           ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for GNU/Linux 2.6.24, BuildID[sha1]=2ac27c3998817aa9145f19a723e99e8a9191d0da, stripped

Let's define the alias "badopenssl" for one of the static builds

mint@mint ~ $ alias badopenssl=testssl.sh/bin/openssl.Linux.x86_64

We now have two versions of openssl:

mint@mint ~ $ openssl version
OpenSSL 1.0.2g  1 Mar 2016

mint@mint ~ $ sha256sum $(which openssl)
efed90fc204144946c011c451e61e3c420756014c2252cfad493ec0896cb4e34  /usr/bin/openssl


mint@mint ~ $ badopenssl version
OpenSSL 1.0.2-chacha (1.0.2i-dev)

mint@mint ~ $ sha256sum testssl.sh/bin/openssl.Linux.x86_64
a11b8e25992030059b3ce3a5c38c432d9a33c05e8e4581996d19c52a57cb94ab  testssl.sh/bin/openssl.Linux.x86_64

Bootstrap an SSL test server

mint@mint ~ $ openssl req -x509 -nodes -days 999 -subj '/CN=mydemoserver' -newkey rsa:2048 -keyout server.pem -out server.pem
Generating a 2048 bit RSA private key
.........................................+++
..................................+++
writing new private key to 'server.pem'
-----

Note that regular openssl will NOT allow SSLv3

mint@mint ~ $ openssl s_server -ssl3
140199887697560:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method passed:ssl_lib.c:1878:

...while badopenssl does not care

mint@mint ~ $ badopenssl s_server -ssl3
Using default temp DH parameters
ACCEPT
^C

Let's background this. And we don't even need the "-ssl3" parameter.

mint@mint ~ $ badopenssl s_server 2>&1 >/dev/null &
[1] 8136

The regular openssl will NOT connect with SSLv3:

mint@mint ~ $ openssl s_client -ssl3 -connect localhost:4433
140415485314712:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method passed:ssl_lib.c:1878:

...but badopenssl WILL happily connect with SSLv3:

mint@mint ~ $ badopenssl s_client -ssl3 -connect localhost:4433 2>&1 | grep -iE 'Protocol|^New'
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
    Protocol  : SSLv3
^C

Credits

I used the very nice MadBoa OpenSSL cheat sheet. Archived here.

score 0 · Answer 2 · answered Sep 20 '16 at 21:54

SSLyze is an open-source Python-based tool that can enumerate ciphers and protocols (and some other TLS security factors). It's easy to run locally from your own machine, which makes it useful for testing servers that aren't exposed to the Internet.

It uses a Python wrapper for OpenSSL, so it probably can't test for things that aren't present in your OpenSSL library. An older library, or one re-compiled with the weak protocols, should work if the default one on your system does not.