sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard

Published 20 hours ago verified publisher icon rbsec

connected to service but Displaying all TLS Protocol disabled.

Open mansoorsajjad76 opened this issue 3 years ago • 7 comments

When connecting to some services i receive following message: Connected to x.x.x.x

Testing SSL server x.x.x.x on port 443 using SNI name x.x.x.x

SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 disabled TLSv1.1 disabled TLSv1.2 disabled TLSv1.3 disabled

TLS Fallback SCSV: Connection failed - unable to determine TLS Fallback SCSV support

TLS renegotiation: Session renegotiation not supported

TLS Compression: Compression disabled

Heartbleed:

Supported Server Cipher(s): Unable to parse certificate Unable to parse certificate Unable to parse certificate Unable to parse certificate Certificate information cannot be retrieved.

mansoorsajjad76 avatar Nov 01 '22 06:11 mansoorsajjad76

Does that port actually have a functional SSL service running that accepts connections? If so, can you share a pcap?

rbsec avatar Nov 01 '22 10:11 rbsec

@mansoorsajjad76 : if the target service is available on the public Internet, what's its IP & port? I can try debugging the issue if I get that info.

jtesta avatar Jan 19 '23 18:01 jtesta

i have the exact same issue here. i wanted to check the current version of TLS of an internal host only.

SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 disabled TLSv1.1 disabled TLSv1.2 disabled TLSv1.3 disabled

but if i use testssh.sh (under WSL) to scan i get the correct results:

SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) TLS 1.3 not offered and downgraded to a weaker protocol NPN/SPDY not offered ALPN/HTTP2 h2, http/1.1 (offered)

the above is a test from my environment. for the environment i need to test this in i don't have the luxury of using WSL. it's all windows based.

wizdude avatar Apr 04 '23 01:04 wizdude

What is the target machine's OS/software stack? Is there any special configuration it uses? The more information you can provide, the more likely we'll be able to reproduce and fix the issue.

jtesta avatar Apr 04 '23 02:04 jtesta

this server is running Windows 2019 with IIS 10.0. this specific server also runs Exchange 2019, but i'm not sure if that's important.

the server has TLS 1.0 and TLS 1.1 disabled and is only running TLS 1.2

wizdude avatar Apr 04 '23 02:04 wizdude

i've provided the external hostname of this machine to you via twitter dm.

wizdude avatar Apr 04 '23 02:04 wizdude

@wizdude : I just submitted a PR that fixes this issue. Giving me the hostname of the target that reproduces the problem was key in getting this fixed quickly. Thanks!!

@mansoorsajjad76 : this PR may fix your issue as well. We never received enough information from you to reproduce your issue, but you can give this patch a try and see what happens. If its still not fixed, providing the hostname/IP of the target you're using would be a big help.

jtesta avatar Apr 04 '23 18:04 jtesta