ZAP v2.1 - SSL 3.0 vs TLS 1.0

848 views
Skip to first unread message

Martin Moss

unread,
Jul 5, 2013, 5:13:38 AM7/5/13
to zaprox...@googlegroups.com
Hi,
 
I am very new user of ZAP, so apologies if any of the following is a bumb question!
 
I have configured ZAP as the proxy and all works fine when browsing sites (via Firefox) with the exception of the https pages on a particular server.
 
The issue appears to be that the server only accepts up to SSL 3.0, but ZAP is trying to connect via TLS 1.0 (and the connection is rejected). If I connect directly from Firefox to the server, I can see the first client helo with TLS, but then it downgrades to SSL 3.0 and the connection is made. With ZAP in the chain, it stops with TLS.
 
This happens even if I disable the tls option in firefox, so I am assuming that in this case Firefox will connect to ZAP at SSL 3.0, but ZAP is still trying to connect with TLS.
 
(its not feasible at the moment to enable TLS on the server).
 
Is there any way to let (or force) ZAP to use SSL 3.0?
 
Hope that makes sense?
 
appreciate any thoughts,
 
cheers,
 
Martin

thc202

unread,
Jul 15, 2013, 11:46:36 AM7/15/13
to zaprox...@googlegroups.com
Hi.

ZAP should be able to use SSLv3.

Would you mind access the site again with SSL/TLS debug enabled? this would allow to check why it's failing.
To enable SSL/TLS debug you have to start ZAP with:
-Djavax.net.debug=ssl

It should output something like (ZAP <-> Server handshake only):

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
ZAP-ProxyThread, setSoTimeout(20000) called
%% No cached client session
*** ClientHello, TLSv1
[...]
***
ZAP-ProxyThread, WRITE: TLSv1 Handshake, length = 163
ZAP-ProxyThread, READ: SSLv3 Handshake, length = 946
*** ServerHello, SSLv3
[...]
***
%% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
[...]
***
*** ECDH ServerKeyExchange
[...]
*** ServerHelloDone
*** ECDHClientKeyExchange
[...]
ZAP-ProxyThread, WRITE: SSLv3 Handshake, length = 70
[...]
ZAP-ProxyThread, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  [...]
***
ZAP-ProxyThread, WRITE: SSLv3 Handshake, length = 64
ZAP-ProxyThread, READ: SSLv3 Change Cipher Spec, length = 1
ZAP-ProxyThread, READ: SSLv3 Handshake, length = 64
*** Finished
verify_data:  [...]
***
%% Cached client session: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
ZAP-ProxyThread, WRITE: SSLv3 Application Data, length = 336
ZAP-ProxyThread, READ: SSLv3 Application Data, length = 3072

The previous example output is a successful handshake so in your case it should fail after sending the TLSv1 handshake:

ZAP-ProxyThread, WRITE: TLSv1 Handshake, length = 163

Hopefully there should be a reason of why it failed.



Is there any way to let (or force) ZAP to use SSL 3.0?

No, unfortunately.

Best regards.

Martin Moss

unread,
Jul 31, 2013, 7:08:54 AM7/31/13
to zaprox...@googlegroups.com
Hi, Many thanks for this.
 
Looking through the log I get the following:
 

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
ZAP-ProxyThread, READ: TLSv1 Handshake, length = 202

*** ClientHello, TLSv1
[...]
***
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: owasp_zap_root_ca
%% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
*** ServerHello, TLSv1
[...]
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_RC4_128_SHA
***
[...]
***
*** ECDH ServerKeyExchange
[...]
*** ServerHelloDone
ZAP-ProxyThread, WRITE: TLSv1 Handshake, length = 2151
ZAP-ProxyThread, READ: TLSv1 Handshake, length = 70
*** ECDHClientKeyExchange
[...]
ZAP-ProxyThread, READ: TLSv1 Change Cipher Spec, length = 1
ZAP-ProxyThread, READ: TLSv1 Handshake, length = 36
*** Finished
[...]
***
ZAP-ProxyThread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
***
ZAP-ProxyThread, WRITE: TLSv1 Handshake, length = 36
%% Cached server session: [Session-1, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
ZAP-ProxyThread, READ: TLSv1 Application Data, length = 1131
ZAP-ProxyThread, setSoTimeout(2500) called
[...]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
ZAP-ProxyThread, setSoTimeout(20000) called
%% No cached client session
*** ClientHello, TLSv1
[...]
***
ZAP-ProxyThread, WRITE: TLSv1 Handshake, length = 176
ZAP-ProxyThread, received EOFException: error
ZAP-ProxyThread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
ZAP-ProxyThread, SEND TLSv1 ALERT:  fatal, description = handshake_failure
ZAP-ProxyThread, WRITE: TLSv1 Alert, length = 2
[...]
 
Afraid, other than seeing it fails with TLS (which I know is not enabled on the server) I can't see why it is not trying to connect with SSL

thc202

unread,
Jul 31, 2013, 12:05:05 PM7/31/13
to zaprox...@googlegroups.com
Hi.

Thanks for taking a look into it.

If you don't mind, could you try the attached jar?
Attached the zap jar built from tag 2.1.0 but changed to always use SSLv3 (ZAP <-> Server only).

If it works correctly I guess we could add an option to allow to choose the enabled protocols (TLSv1 and/or SSLv3) to workaround that kind of issues.


Best regards.
zap.jar

Martin Moss

unread,
Aug 1, 2013, 10:15:57 AM8/1/13
to zaprox...@googlegroups.com
First test - this didn't work. I'll do some digging to see if I can find out what is happening,
 
cheers,
 
Martin

Martin Moss

unread,
Aug 1, 2013, 11:43:52 AM8/1/13
to zaprox...@googlegroups.com
Have been looking at the network traffic (using wireshark) between going through ZAP and not, using Firefox as the browser and using the revised JAR file. The only difference I have been able to identify so far is as follows:
 
When going through ZAP (handshake fails),
[...]
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
[...]
 
When bypassing ZAP (which works) - the SSL component of the client hello message is:
[...]
SSL v3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
[...]
 
Now this is beyond my level of knowledge, but it appears in both instances it is trying to use SSL 3, but they seem to be wrapped differently - TLS vs SSL
 

thc202

unread,
Aug 2, 2013, 9:43:15 AM8/2/13
to zaprox...@googlegroups.com
Hi.

That's odd, TLS is disabled so it should not be "wrapping" the message. From the tests I've done (against servers with only SSLv3 or TLSv1 and with both) it always worked as expected, that is, the message sent was always "SSLv3" ("SSLv3 Record Layer") and the handshake failed when the only protocol enabled in the server was TLSv1.

What version of Java are you using? in what OS?
Are you using an outgoing proxy?
Is that happening with other HTTPS servers?

Could you try request directly from ZAP ("Tools" > "Manual Request Editor...")?
Could you check the SSL debug to see if the message outputted is TLSv1 or SSLv3?


Thanks.
Best regards.

Martin Moss

unread,
Aug 12, 2013, 5:37:53 AM8/12/13
to zaprox...@googlegroups.com
Many thanks for the suggestions,
 
I was going via external proxy - will test with this removed and also directly from ZAP - keep you posted.
 
This is not working with any other HTTPS servers - but dont have any others  that are SSL 3 only. The operatings systems is Windows 7 professional, 64 bit, with Java 1.7, update 25.
 
If I recall correctly, it is the 32bit Java version installed (seem to recall there are issues with ZAP and 64bit Java)
 
will report back on how I get on with the other tests,
 
cheers,
 
Martin
Reply all
Reply to author
Forward
0 new messages