Hi Marc,
here are the protocol details for my internal mirror.
Protocol Details
DROWN No, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer
explanation
(2) Key usage data kindly provided by the Censys network search engine;
original DROWN website here
(3) Censys data is only indicative of possible key and certificate
reuse; possibly out-of-date and not complete
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) TLS 1.0: 0x2f
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Zombie POODLE No (more info) TLS 1.2 : 0x002f
GOLDENDOODLE No (more info) TLS 1.2 : 0x002f
OpenSSL 0-Length No (more info) TLS 1.2 : 0x002f
Sleeping POODLE No (more info) TLS 1.2 : 0x002f
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression No
RC4 No
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
Ticketbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) No (more info)
ROBOT (vulnerability) No (more info)
Forward Secrecy With some browsers (more info)
ALPN Yes http/1.1
NPN No
Session resumption (caching) Yes
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) Yes
max-age=15768000
HSTS Preloading Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP) No (more info)
Public Key Pinning Report-Only No
Public Key Pinning (Static) No (more info)
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No
DH public server param (Ys) reuse No
ECDH public server param reuse No
Supported Named Groups secp256r1, secp384r1, secp521r1, x25519, x448
(Server has no preference)
SSL 2 handshake compatibility Yes
0-RTT enabled No
Here is the diff of the protocol details for my not working internal
server and the artfiles openbsd mirror.
1d0
< Protocol Details
9c8
< BEAST attack Not mitigated server-side (more info) TLS 1.0: 0x2f
---
> BEAST attack Not mitigated server-side (more info) TLS 1.0: 0xc013
12,15c11,14
< Zombie POODLE No (more info) TLS 1.2 : 0x002f
< GOLDENDOODLE No (more info) TLS 1.2 : 0x002f
< OpenSSL 0-Length No (more info) TLS 1.2 : 0x002f
< Sleeping POODLE No (more info) TLS 1.2 : 0x002f
---
> Zombie POODLE No (more info) TLS 1.2 : 0xc027
> GOLDENDOODLE No (more info) TLS 1.2 : 0xc027
> OpenSSL 0-Length No (more info) TLS 1.2 : 0xc027
> Sleeping POODLE No (more info) TLS 1.2 : 0xc027
26c25
< Forward Secrecy With some browsers (more info)
---
> Forward Secrecy Yes (with most browsers) ROBUST (more info)
32,33c31
< Strict Transport Security (HSTS) Yes
< max-age=15768000
---
> Strict Transport Security (HSTS) No
45c43
< Supported Named Groups secp256r1, secp384r1, secp521r1, x25519, x448
(Server has no preference)
---
> Supported Named Groups x25519, secp256r1, x448, secp521r1, secp384r1
(server preferred order)
47d44
< 0-RTT enabled No
Best regards,
Sven
On 2/1/20 1:36 PM, Marc Espie wrote:
On Sat, Feb 01, 2020 at 12:48:40PM +0100, Sven Wolf wrote:
Hi,
I did some debugging on the server side.
Even with loglevel trace5 and also different TLS versions (I tested 1.1, 1.2
and 1.3) I didn't find the root cause.
In the attachment you'll find the export of the Apache error log with
loglevel trace5. Maybe it's helpfull for the libressl developers.
On the client side I just did an pkg_add -v bash
Best regards,
Sven
If you can expose that server to the outside world, try
https://www.ssllabs.com/
what does the report say, especially wrt session resumption ?
