test-rsa-sigs-on-certificate-verify.py connection refused
matteounitn opened this issue · comments
Bug Report
System Information
Type | Version/Name |
---|---|
Operating System Name | KDE Neon |
Operating System Version: | 5.18 |
Python version | 3.6.9 |
tlslite-ng version | '0.8.0-alpha37' |
tlsfuzzer revision | 3 |
Problem description
I was trying to reproduce a SLOTH Vulnerability, checking with both tls-certificate-verify.py and test-rsa-sigs-on-certificate-verify.py.
I tried tls-certificate-verify.py and it worked, but test-rsa-sigs-on-certificate-verify.py didn't work, saying connection denied.
Describe how to reproduce the problem
(if the issue is interaction with some other system/library/application,
please provide relevant version numbers or commit IDs of it too.)
Steps to reproduce the behaviour:
- python3 test-rsa-sigs-on-certificate-verify.py -k user.key -c user.crt -h google.com
Expected behaviour
10 PASS Test.
Include errors or backtraces
Certificate Verify test version 4
sanity ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c84685f8> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha1 w/sha384 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c83fa780> (child: ClientHelloGenerator(ciphers=[157, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha384 w/sha256 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c8472be0> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha1 w/sha256 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c84720b8> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha512 w/sha256 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c83fa1d0> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha512 w/sha384 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c83fd8d0> (child: ClientHelloGenerator(ciphers=[157, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha256 w/sha256 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c8472630> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha256 w/sha384 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c83fad30> (child: ClientHelloGenerator(ciphers=[157, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
check sha384 w/sha384 PRF ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c83fd320> (child: ClientHelloGenerator(ciphers=[157, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
sanity ...
Error encountered while processing node <tlsfuzzer.messages.Connect object at 0x7fc9c84685f8> (child: ClientHelloGenerator(ciphers=[47, 255], compression=[0], extensions={13: SignatureAlgorithmsExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa)]), 50: SignatureAlgorithmsCertExtension(sigalgs=[rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_pkcs1_sha224, rsa_pkcs1_sha1, (md5, rsa), rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512])})) with last message being: None
Error while processing
Traceback (most recent call last):
File "test-rsa-sigs-on-certificate-verify.py", line 210, in main
runner.run()
File "tlsfuzzer/tlsfuzzer/runner.py", line 186, in run
node.process(self.state)
File "tlsfuzzer/tlsfuzzer/messages.py", line 86, in process
sock.connect((self.hostname, self.port))
ConnectionRefusedError: [Errno 111] Connection refused
Test end
====================
TOTAL: 10
SKIP: 0
PASS: 0
XFAIL: 0
FAIL: 10
XPASS: 0
====================
FAILED:
'check sha1 w/sha256 PRF'
'check sha1 w/sha384 PRF'
'check sha256 w/sha256 PRF'
'check sha256 w/sha384 PRF'
'check sha384 w/sha256 PRF'
'check sha384 w/sha384 PRF'
'check sha512 w/sha256 PRF'
'check sha512 w/sha384 PRF'
'sanity'
'sanity'
python3 test-rsa-sigs-on-certificate-verify.py -k user.key -c user.crt -h google.com
this is missing the port number, -p
, the default it uses is 4433
python3 test-rsa-sigs-on-certificate-verify.py -k user.key -c user.crt -h google.com
this is missing the port number,
-p
, the default it uses is 4433
I've just tried:
python3 test-rsa-sigs-on-certificate-verify.py -h google.com -k user.key -c user.crt -p 443
same output, connection refused.
yes, there's a bug in option parsing in this and few other scripts, please check #661, that should fix it