Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client simulations send inappropriate ALPN to non-http services #2410

Open
ghen2 opened this issue Oct 6, 2023 · 1 comment
Open

Client simulations send inappropriate ALPN to non-http services #2410

ghen2 opened this issue Oct 6, 2023 · 1 comment
Labels
bug:minor

Comments

@ghen2
Copy link
Contributor

ghen2 commented Oct 6, 2023

I am running testssl.sh 3.2rc2 from https://testssl.sh/dev/, commit f0e1540.

I am running testssl.sh against a mail service (POP3 and IMAP) behind nginx as a reverse proxy. Since nginx 1.21.4, this results in incorrect "No connection" for many client simulations. This is because several client simulations include ALPN in their client hello with services "http/1.1" and "h2", which is not appropriate for non-http services, and recent nginx rejects this to mitigate an ALPACA attack (behaviour recommended by RFC 7301).

A minimal nginx config to reproduce this: (doesn't need an actual working auth_http backend)

pid /tmp/nginx.pid;

events {}

mail {
	auth_http localhost;

	server {
		listen 995 ssl;
		protocol pop3;
		ssl_certificate		server.pem;
		ssl_certificate_key	server.key;
	}
}

And run testssl -c localhost:995 against this:

 Android 6.0                  No connection
 Android 7.0 (native)         No connection
 Android 8.1 (native)         TLSv1.2   ECDHE-ECDSA-AES128-GCM-SHA256     253 bit ECDH (X25519)
 Android 9.0 (native)         No connection
 Android 10.0 (native)        No connection
 Android 11 (native)          No connection
 Android 12 (native)          No connection
 ...

This produces connection failures even if the server is configured with protocols/ciphers that in reality allow these clients. The simulation only fails because of the incorrect ALPN extension issued by testssl when using sockets.

The generic OS clients in client-simulation.txt should probably omit the ALPN extension in their handshake, or have an alternative handshake without ALPN for non-https testing (or with an application-specific ALPN if a mailclient eg. Thunderbird is observed to send it).

For comparison, testssl --ssl-native -c localhost:995 does not issue ALPN, and gives a more correct view on the client handshakes (within the limitations of the used openssl version).

Other mail servers (eg. postfix, dovecot, ...) ignore ALPN and can be tested just fine, only nginx recently added this extra check for security.
@ghen2 ghen2 changed the title client simulations on non-https uses incorrect ALPN Client simulations send inappropriate ALPN to non-http services Oct 6, 2023
@drwetter
Copy link
Owner

drwetter commented Oct 7, 2023

Hi Geert,

image

Looks like we want to remove the extension under some, to be defined, circumstances. If we don't want to remove that completely in ./etc/clientsimulation,txt it needs to be handled somewhere e.g. in client_simulation_sockets() or run_client_simulation.

The circumstances though are not quite clear to me. The best which popped up in my mind so far was to exclude port 995, 993, 465 and the like. The handshake would be not correct though when those ports are HTTPS.

It might be an issue with STARTTLS too.

Thanks! Dirk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug:minor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drwetter @ghen2