SSLTLS Introspection

I tried to consider taking on a new project where I could deep dive, do something interesting, learn along the way, and perhaps create something of benefit for everyone else.  As a security lead on the Java team at Oracle, I thought it would interesting to build a tool that lets me see what’s happening within SSLTLS application server sessions.  I named this tool DeepViolet.  Essentially, DeepViolet connects to an application server like a web browser and displays properties of the encrypted connection.

Following is a quick summary of the report sections.

Report run information, basic information about when the report was run, version of program, date report was run, the target url selected.  Useful for reference when referring back to results.

Host information, host and ip address information along with canonicalized names.

Connection characteristics, various properties about the SSLTLS session to the application server.

Host supported server cipher suites, these are the various encryption ciphers supported by the server.  Some ciphers are a stronger or weaker than others so I try to make an assessment of server supported cipher strength.  I also add some convenience by mapping the encryption cipher to the transport protocol.  For example, TLS_RSA_WITH_AES_128_CBC_SHA maps to TLS1.2.  The transport mappings are provided by IANA.

Server certificate information, next the server certificate is printed along with it’s properties.   Most browsers provide capabilities to optionally display connection information (e.g., green lock on Chrome).  I also test the chain for trust status.

Server certificate chain, two sections are included in the chain the summary for quick reference and details for each cert.

Chain summary, chain summary is a very quick text based visualization for the certificate chain.  The chain begins with the server certificate and terminates in the root.

Chain details, last but not least the details for each of the certificates in the server chain are provided.  Currently, I only provide the information returned in the session.  So for example, I don’t open the keystore and print the Java root.

Following is a anonymized report from DeepViolet.

[Report Run Information]
DeepViolet V0.1
Report generated on Mon Jul 21 23:39:58 PDT 2014
Target url https://www.foo.com

[Host information]
host=www.foo.com [192.168.1.146], canonical=hkg03s13-in-f18.foo.com
host=www.foo.com [192.168.1.145], canonical=hkg03s13-in-f17.foo.com
host=www.foo.com [192.168.1.144], canonical=hkg03s13-in-f16.foo.com
host=www.foo.com [192.168.1.147], canonical=hkg03s13-in-f19.foo.com
host=www.foo.com [192.168.1.148], canonical=hkg03s13-in-f20.foo.com
host=www.foo.com [1111:1111:1111:1111:1111:0:0:1111], canonical=hkg03s11-in-x11.foo.com

[Connection characteristics]
SO_KEEPALIVE=false
SO_RECBUF=131874
SO_LINGER=-1
SO_TIMEOUT=0
Traffic Class=0
Client Auth Required=false
SO_REUSEADDR=false
TCP_NODELAY=false

[Host supported server cipher suites]
SSLv3
TLS1.0
TLS1.1
TLS1.2
  – (SUPPORTED) TLS_RSA_WITH_AES_128_CBC_SHA (STRENGTH=STRONG )
Uncategorized
  – (SUPPORTED) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (STRENGTH=STRONG )
  – (SUPPORTED) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (STRENGTH=STRONG )
  – (SUPPORTED) TLS_RSA_WITH_AES_128_CBC_SHA (STRENGTH=STRONG )
  – (SUPPORTED) TLS_ECDHE_RSA_WITH_RC4_128_SHA (STRENGTH=STRONG )
  – (SUPPORTED) SSL_RSA_WITH_RC4_128_SHA (STRENGTH=STRONG )
  – (SUPPORTED) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (STRENGTH=STRONG )
  – (SUPPORTED) TLS_RSA_WITH_AES_128_GCM_SHA256 (STRENGTH=STRONG )
  – (SUPPORTED) TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (STRENGTH=STRONG )
  – (SUPPORTED) SSL_RSA_WITH_3DES_EDE_CBC_SHA (STRENGTH=STRONG )
  – (SUPPORTED) SSL_RSA_WITH_RC4_128_MD5 (STRENGTH=STRONG )

[Server certificate information]
Trusted Status=TRUSTED
Validity Status= VALID.  Certificate valid between Wed Jul 02 06:38:55 PDT 2014 and Mon Sep 29 17:00:00 PDT 2014
SubjectDN=CN=www.foo.com, O=Shmo Inc, L=San Jose, ST=California, C=US
IssuerDN=CN=Joe Shmo CA, O=Shmo Inc, C=US
Serial Number=6593427055677612812
Signature Algorithm=SHA1withRSA
Signature Algorithm OID=1.2.840.113549.1.1.5
Certificate Version =3
SHA1 Fingerprint=0x91:04:06:02:F5:74:20:7B:CC:26:DF:31:B3:3A:D8:CB:77:37:1B:DD
MD5 Fingerprint=0x48:A5:56:5C:CC:11:55:CA:1A:55:A0:3C:C6:23:D6:06

[Server certificate chain]
Chain summary
|
|
End-Enity Certificate—>CN=www.foo.com, O=Shmo Inc, L=San Jose, ST=California, C=US
   |
   |
   Intermediate CA—>CN=Joe Shmo CA, O=Shmo Inc, C=US
      |
      |
      Intermediate CA—>CN=Super Global CA CA, O=Super Global Inc., C=US
            |
            |
            Root CA(Java CACERTS)—>OU=Centrex Secure Certificate Authority, O=Centrex, C=US

Chain details
Validity Status= VALID.  Certificate valid between Wed Jul 02 06:38:55 PDT 2014 and Mon Sep 29 17:00:00 PDT 2014
SubjectDN=CN=www.foo.com, O=Shmo Inc, L=San Jose, ST=California, C=US
IssuerDN=CN=Joe Shmo CA, O=Shmo Inc, C=US
Serial Number=6593427055677612812
Signature Algorithm=SHA1withRSA
Signature Algorithm OID=1.2.840.113549.1.1.5
Certificate Version =3
SHA1 Fingerprint=0x91:04:06:02:F5:74:20:7B:CC:26:DF:31:B3:3A:D8:CB:77:37:1B:DD
MD5 Fingerprint=0x48:A5:56:5C:CC:11:55:CA:1A:55:A0:3C:C6:23:D6:06

Validity Status= VALID.  Certificate valid between Fri Apr 05 08:15:55 PDT 2013 and Sat Apr 04 08:15:55 PDT 2015
SubjectDN=CN=Joe Shmo CA, O=Shmo Inc, C=US
IssuerDN=CN=Super Global CA, O=Super Global Inc., C=US
Serial Number=146345
Signature Algorithm=SHA1withRSA
Signature Algorithm OID=1.2.840.113549.1.1.5
Certificate Version =3
SHA1 Fingerprint=0x91:04:06:02:F5:74:20:7B:CC:26:DF:31:B3:3A:D8:CB:77:37:1B:DD
MD5 Fingerprint=0x48:A5:56:5C:CC:11:55:CA:1A:55:A0:3C:C6:23:D6:06

Validity Status= VALID.  Certificate valid between Mon May 20 21:00:00 PDT 2002 and Mon Aug 20 21:00:00 PDT 2018
SubjectDN=CN=Super Global CA, O=Super Global Inc., C=US
IssuerDN=CN=Super Global CA, O=Super Global Inc., C=US
Serial Number=123458643
Signature Algorithm=SHA1withRSA
Signature Algorithm OID=1.2.840.113549.1.1.5
Certificate Version =3
SHA1 Fingerprint=0x91:04:06:02:F5:74:20:7B:CC:26:DF:31:B3:3A:D8:CB:77:37:1B:DD
MD5 Fingerprint=0x48:A5:56:5C:CC:11:55:CA:1A:55:A0:3C:C6:23:D6:06

Ok, so what’s left to do?  You might think this is a lot of information but in fact much more information is available.  Possible ideas I have for further improvement.
– Test revocation status (OCSP and CRL).  Perhaps explore and display some of the information coming back from revocation services.
– Display the various OIDs associated with each certificate.  Incidentally, I didn’t see any good definitions for the OIDs but I’m sure they are available somewhere.  If you have an references please comment or send me a Tweet.
– Research the root termination.  I notice the Java APIs I’m calling to return the certificate chain returns a non-Java self-signed root (IssuerDN == SubjectDN and IssuerDN not in the Java keystore)  It’s possible this a root in popular browsers but not included in Java.  Not sure what’s happening but need to check.
– I could also include some assessment information like check for vulnerabilities like HEARTBLEED, BEAST, LUCKY13, CRIME, and perhaps others.  Not sure if I want to include these capabilities but it’s an idea.

I have also considered another corollary program, PanoramicViolet (for lack of a better name).  The idea of a this tool is to produce a wider SSLTLS assessment.  For example, it would be interesting to see the ciphers most popularly deployed throughout industry, average number of certificates in most chains, maximum number of certificates in the largest chain, which CA’s are most popular, how often revocation services respond to requests, etc.  However, I need to finish up my current project before I start a new project.  The good news is the work on the current tool will benefit PanoramicViolet if I decide to take up the effort.  The inspiration for this project is Qualys SSL Labs  SSL Server Test.  Hat tip for the great server and client tools.  Most of the information provided by DeepViolet is available elsewhere.  I don’t think I am doing anything particularly innovative or breaking new ground.  This is more of an educational effort.

In closing, I realize in anonymizing some of the report data it’s not consistent.  For example, the root in the sample report is self-signed but the trust status shows that it’s trusted.  I also realized I have not provided a link to any source.  The code is pretty messy at this point, I’m sure there are bugs, mis-spellings, etc.  Perhaps if there is interest I will check it into GITHUB when I get it cleaned up.

Update September 3, project code checked in on github.

For more information on DeepViolet see my follow-up post, More Improvements to DeepViolet.

–Milton

Author: milton

For bio see, https://www.securitycurmudgeon.com/about/