You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, sslscan only verifies if the ServerHello message was successfully received, and if so, then the given signature algorithm is considered to have been accepted by the server.
/* If the server accepted our bogus signature ID, then we can conclude that it will accept all of them (and not test any further). Some servers in the wild do this for some reason... */
if (sig_id==BOGUS_SIG_ALG_ID) {
printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_RED, RESET);
However, TLS1.3 now makes use of the CertificateVerify message:
TL;DR: If the server does not support any of the signature algorithms offered by the client, it continues the handshake and may use a different signature algorithm.
...
Servers MUST send this message when authenticating via a certificate.
...
If the CertificateVerify message is sent by a server, the signature algorithm MUST be one offered in the client's "signature_algorithms" extension unless no valid certificate chain can be produced without unsupported algorithms (see Section 4.2.3).
"If the server cannot produce a certificate chain that is signed only via the indicated supported algorithms, then it SHOULD continue the handshake by sending the client a certificate chain of its choice that may include algorithms that are not known to be supported by the client. This fallback chain SHOULD NOT use the deprecated SHA-1 hash algorithm in general, but MAY do so if the client's advertisement permits it, and MUST NOT do so otherwise."
As such, it fails to obtain the CertificateVerify message sent by the server and verify if the signature algorithm specified by the client was accepted, or if the server using a different one.
Summary
sslscan may return a False Positive
'Server accepts all signature algorithms'for TLS1.3.Example
Signature Algorithm =
RSA+SHA256 (rsa_pkcs1_sha256)Not supported by
aws.amazon.com.However, sslscan reports as
'Server accepts all signature algorithms'.Explanation
Currently, sslscan only verifies if the ServerHello message was successfully received, and if so, then the given signature algorithm is considered to have been accepted by the server.
sslscan/sslscan.c
Lines 6011 to 6044 in b31459e
However, TLS1.3 now makes use of the CertificateVerify message:
TL;DR: If the server does not support any of the signature algorithms offered by the client, it continues the handshake and may use a different signature algorithm.
As such, it fails to obtain the CertificateVerify message sent by the server and verify if the signature algorithm specified by the client was accepted, or if the server using a different one.
Remediation
When receiving a CertificateVerify message from the server, verify if the signature algorithm matches the one sent by the client.
The text was updated successfully, but these errors were encountered: