Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test 1 failed: Configures ssl cert, proto, cipher_list correctly #1

Open
Lo0815 opened this issue Sep 4, 2021 · 1 comment
Open

Test 1 failed: Configures ssl cert, proto, cipher_list correctly #1

Lo0815 opened this issue Sep 4, 2021 · 1 comment

Comments

@Lo0815
Copy link

Lo0815 commented Sep 4, 2021

I want to test the SSLProxy with this tool, but whenever I want to run a test. I get the following errors I do not know if I'm doing something wrong or if it's a bug or something else.

With the ssl_testset_1.json

[16:00:21] [WARN] testproxy: SSLproxy tests
[16:00:21] [WARN] testproxy: Start test harness 1: SSL tests
[16:00:21] [WARN] MGR.h1.s1.c1: Start test set 1 for test config 1: Tests for SSL configuration
[16:00:21] [ERROR] MGR.h1.s1.c1: Test 1 failed: Configures ssl cert, proto, cipher_list correctly
[16:00:21] [ERROR] testproxy: Test set h1.s1 failed
[16:00:21] [ERROR] testproxy: Test harness 1 failed: SSL tests

With the http_testset_1.json
[15:53:05] [ERROR] SRV.h1.s1.c1.t1.0: TCP stream connect timed out
[15:53:05] [ERROR] MGR.h1.s1.c1: Test 1 failed: Removes any extra SSLproxy line, and appends Connection: close
[15:53:05] [ERROR] testproxy: Test set h1.s1 failed
[15:53:05] [ERROR] testproxy: Test harness 1 failed: SSL tests

This is the harness.json file i use

{
  "comment": "SSLproxy tests",
  "testharnesses": {
    "1": {
      "comment": "SSL tests",
      "testsets": {
       
        "1": "ssl_testset_1.json"
      }
  }
}
}

I used the ssl and http test in the examples folder to try it out


{
  "comment": "Tests for SSL configuration",
  "configs": {
    "1": {
      "proto": {
        "proto": "ssl",
        "tcp_nodelay": "yes",
        "ip_ttl": "15",
        "connect_timeout": "1000",
        "read_timeout": "50",
        "write_timeout": "50",
        "verify_peer": "no",
        "cipher_list": "MEDIUM:HIGH",
        "no_ssl2": "yes",
        "no_ssl3": "yes",
        "no_tls10": "yes",
        "no_tls11": "yes",
        "no_tls12": "yes",
        "no_tls13": "yes",
        "min_proto_version": "ssl3",
        "max_proto_version": "tls13",
        "ecdhcurve": "prime256v1",
        "use_sni": "no",
        "verify_hostname": "no",
        "compression": "no"
      },
      "client": {
        "ip": "127.0.0.1",
        "port": "8443",
        "crt": "/TestProxy/target/debug/server.crt",
        "key": "/TestProxy/target/debug/server.key",
        "cipher_list": "MEDIUM",
        "use_sni": "yes",
        "sni_servername": "comixwall.org",
        "verify_hostname": "yes",
        "no_tls10": "no",
        "max_proto_version": "tls11"
      },
      "server": {
        "ip": "127.0.0.1",
        "port": "9443",
        "crt": "/TestProxy/target/debug/server.crt",
        "key": "/TestProxy/target/debug/server.key",
        "cipher_list": "HIGH",
        "no_tls12": "no",
        "min_proto_version": "tls12",
        "compression": "yes"
      }
    }
  },
  "tests": {
    "1": {
      "comment": "Configures ssl cert, proto, cipher_list correctly",
      "states": {
        "1": {
          "testend": "client",
          "cmd": "send",
          "payload": "GET / HTTP/1.1\r\nHost: comixwall.org\r\n\r\n",
          "assert": {
            "current_cipher_name": {
              "match": [
                "^DHE-\\w+-\\w+-\\w+",
                "\\w+-\\w+-SEED-\\w+",
                "\\w+-\\w+-\\w+-SHA$"
              ],
              "!match": [
                "ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+",
                "[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+",
                "[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384"
              ]
            },
            "current_cipher_version": {
              "==": [
                "SSLv3",
                "TLSv1"
              ],
              "!match": [
                "^TLSv1\\.[1-3]?$"
              ]
            },
            "ssl_proto_version": {
              "==": [
                "TLSv1"
              ],
              "!=": [
                "SSLv3"
              ],
              "!match": [
                "^TLSv1\\.[1-3]?$"
              ]
            },
            "ssl_state": {
              "==": [
                "SSLOK "
              ]
            },
            "peer_certificate": {
              "==": [
                "TR, Antalya, Serik, ComixWall, SSLproxy, comixwall.org, sonertari@gmail.com"
              ]
            },
            "peer_certificate_not_before": {
              ">=": [
                "-2"
              ],
              "<=": [
                "0"
              ]
            },
            "peer_certificate_not_after": {
              ">=": [
                "363"
              ],
              "<=": [
                "365"
              ]
            }
          }
        },
        "2": {
          "testend": "server",
          "cmd": "recv",
          "payload": "GET / HTTP/1.1\r\nHost: comixwall.org\r\nConnection: close\r\n\r\n",
          "assert": {
            "current_cipher_name": {
              "match": [
                "ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+",
                "[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+",
                "[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384"
              ],
              "!match": [
                "^DHE-\\w+-\\w+-\\w+",
                "\\w+-\\w+-SEED-\\w+",
                "\\w+-\\w+-\\w+-SHA$"
              ]
            },
            "current_cipher_version": {
              "==": [
                "TLSv1.2"
              ],
              "!match": [
                "^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
              ]
            },
            "ssl_proto_version": {
              "==": [
                "TLSv1.2"
              ],
              "!match": [
                "^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
              ]
            },
            "ssl_state": {
              "==": [
                "SSLOK "
              ]
            },
            "sni_servername": {
              "==": [
                "comixwall.org"
              ]
            }
          }
        }
      }
    }
  }
}

This is how i start the sslproxy

sudo sslproxy -D4 -k /SSLproxy/server.key -c /SSLproxy/server.crt -l connect.log -J -S /SSLproxy/log -Y /SSLproxy/pcap ssl 127.0.0.1 8443 up:1212
for the lp i you use that on in the test dir.

At least the output of the proxy says that it has received something.

EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
@sonertari
Copy link
Owner

I haven't received a notification for this issue, sorry. Were you able to resolve it?

Btw, looking at the logs you provide, I wonder if lp is really listening on port 1212.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @Lo0815