ssl3_read_bytes:unexpected record when running --reneg

[hafedh-trimeche]

CHECKING HOST(S) AVAILABILITY

pgfserver:443 => 192.168.38.10 WARNING: Server requested optional client authentication

SCAN RESULTS FOR PGFSERVER:443 - 192.168.38.10

• Downgrade Attacks:
  TLS_FALLBACK_SCSV: OK - Supported

• OpenSSL Heartbleed:
  OK - Not vulnerable to Heartbleed

• TLS 1.2 Session Resumption Support:
  With Session IDs: OK - Supported (5 successful resumptions out of 5 attempts).
  With TLS Tickets: OK - Supported.

• Elliptic Curve Key Exchange:
  Supported curves: sect283k1, prime256v1, sect283r1, secp384r1, sect409k1, secp521r1, sect409r1, sect571k1, sect571r1, secp256k1
  Rejected curves: sect239k1, prime192v1, secp160k1, sect163r1, secp160r1, sect163r2, secp160r2, sect163k1, sect193r1, secp192k1, X25519, sect193r2, secp224k1, X448, sect233k1, secp224r1, sect233r1

• Deflate Compression:
  OK - Compression disabled

• SSL 3.0 Cipher Suites:
  Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

• TLS 1.3 Cipher Suites:
  Attempted to connect using 5 cipher suites; the server rejected all cipher suites.

• TLS 1.2 Cipher Suites:
  Attempted to connect using 156 cipher suites.

  The server accepted the following 7 cipher suites:
  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256
  TLS_RSA_WITH_AES_256_GCM_SHA384 256
  TLS_RSA_WITH_AES_256_CBC_SHA256 256
  TLS_RSA_WITH_AES_256_CBC_SHA 256
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)

  The group of cipher suites supported by the server has the following properties:
  Forward Secrecy OK - Supported
  Legacy RC4 Algorithm OK - Not Supported

• TLS 1.0 Cipher Suites:
  Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

• TLS 1.1 Cipher Suites:
  Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

• OpenSSL CCS Injection:
  OK - Not vulnerable to OpenSSL CCS injection

• ROBOT Attack:
  OK - Not vulnerable.

• SSL 2.0 Cipher Suites:
  Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

• Certificates Information:
  Hostname sent for SNI: pgfserver
  Number of certificates detected: 1

  Certificate #0 ( _RSAPublicKey )
  SHA1 Fingerprint: 739556e5329a18a9d0d078d18861ff3f7faa6eb4
  Common Name: Strong Data Services
  Issuer: Strong Data Services
  Serial Number: 1791252245
  Not Before: 2021-01-30
  Not After: 2086-01-14
  Public Key Algorithm: _RSAPublicKey
  Signature Algorithm: sha256
  Key Size: 1024
  Exponent: 65537
  DNS Subject Alternative Names: []

  Certificate #0 - Trust
  Hostname Validation: FAILED - Certificate does NOT match server hostname
  Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
  Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):FAILED - Certificate is NOT Trusted: self signed certificate
  Java CA Store (jdk-13.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
  Mozilla CA Store (2021-01-24): FAILED - Certificate is NOT Trusted: self signed certificate
  Windows CA Store (2021-01-24): FAILED - Certificate is NOT Trusted: self signed certificate
  Symantec 2018 Deprecation: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain: Strong Data Services --> Strong Data Services
  Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
  Received Chain Order: OK - Order is valid
  Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)

  Certificate #0 - Extensions
  OCSP Must-Staple: NOT SUPPORTED - Extension not found
  Certificate Transparency: NOT SUPPORTED - Extension not found

  Certificate #0 - OCSP Stapling
  NOT SUPPORTED - Server did not send back an OCSP response

• Error when running --reneg:
  You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

  * Server: pgfserver:443 - 192.168.38.10
  * Scan command: session_renegotiation
  
  Traceback (most recent call last):
    File "D:\a\sslyze\sslyze\sslyze\scanner.py", line 264, in get_results
    File "D:\a\sslyze\sslyze\sslyze\plugins\session_renegotiation_plugin.py", line 100, in result_for_completed_scan_jobs
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\_base.py", line 432, in result
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\_base.py", line 388, in __get_result
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\concurrent\futures\thread.py", line 57, in run
    File "D:\a\sslyze\sslyze\sslyze\plugins\session_renegotiation_plugin.py", line 151, in _test_client_renegotiation
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\site-packages\nassl\legacy_ssl_client.py", line 78, in do_renegotiate
    File "C:\hostedtoolcache\windows\Python\3.8.6\x64\lib\site-packages\nassl\ssl_client.py", line 182, in do_handshake
  nassl._nassl.OpenSSLError: error:140940F5:SSL routines:ssl3_read_bytes:unexpected record
  

[nabla-c0d3]

Hello, @hafedh-trimeche , do you know what kind of server software triggered this issue ("pgfserver") ? Otherwise I won't be able to fix it. Thanks!

[hafedh-trimeche]

Hello,
It's a Indy TCP Server under delphi and SSL Handler patched as:

const
  SSL_OP_CLEAR                                    =
    SSL_OP_LEGACY_SERVER_CONNECT                  or
    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION      ;
  SSL_OP_STRONG                                   =
    SSL_OP_ALL                                    or
    SSL_OP_NO_SSLv2                               or
    SSL_OP_NO_SSLv3                               or
    SSL_OP_NO_TLSv1                               or
    SSL_OP_NO_TLSv1_1                             or
    SSL_OP_NO_COMPRESSION                         or
    SSL_OP_CIPHER_SERVER_PREFERENCE               or
    SSL_OP_SINGLE_DH_USE                          or
    SSL_OP_SINGLE_ECDH_USE                        or
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ;
   
  SSLServerCiphers =
    'AES256-GCM-SHA384:'           +
    'AES256-SHA:'      +
    'AES256-SHA256:'   +
    'CAMELLIA256-SHA:' +
    'DHE-DSS-AES256-GCM-SHA384:'+
    'DHE-PSK-AES256-CCM:'+
    'DHE-PSK-AES256-GCM-SHA384:'+
    'DHE-PSK-CHACHA20-POLY1305:'+
    'DHE-RSA-AES256-CCM:'+
    'DHE-RSA-AES256-CCM8:'+
    'DHE-RSA-AES256-GCM-SHA384:'+
    'DHE-RSA-AES256-GCM-SHA512:'+
    'DHE-RSA-CHACHA20-POLY1305:'+
    'ECDHE-ECDSA-AES256-CCM:'+
    'ECDHE-ECDSA-AES256-CCM8:'+
    'ECDHE-ECDSA-AES256-GCM-SHA384:'+
    'ECDHE-ECDSA-CHACHA20-POLY1305:'+
    'ECDHE-PSK-CHACHA20-POLY1305:'+
    'ECDHE-RSA-AES256-GCM-SHA384:' +
    'ECDHE-RSA-AES256-GCM-SHA384:'+
    'ECDHE-RSA-AES256-GCM-SHA512:'+
    'ECDHE-RSA-AES256-SHA:'        +
    'ECDHE-RSA-AES256-SHA384:'+
    'ECDHE-RSA-CHACHA20-POLY1305:'+
    'TLS_AES_256_GCM_SHA384:'+
    /////////////////////////////////
    '!aNULL:'       +
    '!eNULL:'       +
    '!RC4:'         +
    '!DES:'         +
    '!MD5@STRENGTH' ;

    SSL_CTX_set_options(FSSLCtx,SSL_OP_STRONG);
    SSL_CTX_clear_options(FSSLCtx,SSL_OP_CLEAR);

The Server uses an authentication mechanism (not with Client Certificate) witch disconnects any non verified RSA Token.

Best regards.

[nabla-c0d3]

@hafedh-trimeche Thanks - any chance there's such a server online that I can use for troubleshooting? If yes can you email it to me?

[nabla-c0d3]

Thanks for all the information - I have pushed a fix just now.

[nabla-c0d3]

Fix released as part of v4.0.3.