BENCHMARK TEST RESULTS
NO ATTACK | TLS MiTM using an anonymous server | Client Heartbleed | Reject TLS/SSL handshake | Reject TLS handshake | Early CCS | TLS cert for wrong hostname | Self-signed TLS cert | TLS MiTM by replacing SSL servers key | superfishmitm | |
NORMAL TLS CONNECTION | OK | SSL exception: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'no shared cipher')] | Handshake fail | Handshake fail | Handshake fail | Client not vulnerable | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] | Client not vulnerable | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] |
HTTPS REQUEST WITHOUT SSL CERTIFICATE CHAIN-OF-TRUST CHECK | OK | SSL exception: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'no shared cipher')] | Handshake fail | Handshake fail | Handshake fail | Client not vulnerable | Handshake fail | NG | Client not vulnerable | NG |
HTTPS REQUEST WITHOUT SSL CERTIFICATE HOSTNAME VERIFICATION | OK | SSL exception: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'no shared cipher')] | Handshake fail | Handshake fail | Handshake fail | Client not vulnerable | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] | Client not vulnerable | SSL exception: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate unknown')] |
HTTPS REQUEST WITHOUT SERVER AUTHENTICATION | OK | SSL exception: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'no shared cipher')] | Handshake fail | Handshake fail | Handshake fail | Client not vulnerable | NG | NG | Client not vulnerable | NG |
OK = No vulnerability detects, and HTTP request succeeded.
NG = HTTP request succeeded and MiTM attack success.
SSL Exception = HTTP request failed due to SSL exception. Not vulnerable to attack.
Handshake Fail = HTTP request failed due to handshake failure. Not vulnerable to attack.
Client not vulnerable = HTTP request succeeded but not vulnerable to attack.
My Question is
Why HTTPS REQUEST WITHOUT SSL CERTIFICATE HOSTNAME VERIFICATION is not showing any Vulnerability to any of the attack??
According to my understanding it should be Vulnerable to "TLS cert for wrong hostname". It should show MiTM attack success in the server log
FYI
I tried to modify NoSslCertificateHostnameVerificationTest.java class
i commented //SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
and added
SSLSocketFactory sslSocketFactory = TlsUtils.getTrustAllSSLSocketFactory();
And the output was expected, HTTPS REQUEST WITHOUT SSL CERTIFICATE HOSTNAME VERIFICATION was Vulnerable to "TLS cert for wrong hostname" ( MiTM attack success)
Regards,
Swaraj Waikar
--
You received this message because you are subscribed to the Google Groups "nogotofail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nogotofail+...@googlegroups.com.
To post to this group, send email to nogot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nogotofail/f45a4cef-2581-4db9-bc44-38f38b995ea4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.