Test 1 failed: Configures ssl cert, proto, cipher_list correctly #1
Description
I want to test the SSLProxy with this tool, but whenever I want to run a test. I get the following errors I do not know if I'm doing something wrong or if it's a bug or something else.
With the ssl_testset_1.json
[16:00:21] [WARN] testproxy: SSLproxy tests
[16:00:21] [WARN] testproxy: Start test harness 1: SSL tests
[16:00:21] [WARN] MGR.h1.s1.c1: Start test set 1 for test config 1: Tests for SSL configuration
[16:00:21] [ERROR] MGR.h1.s1.c1: Test 1 failed: Configures ssl cert, proto, cipher_list correctly
[16:00:21] [ERROR] testproxy: Test set h1.s1 failed
[16:00:21] [ERROR] testproxy: Test harness 1 failed: SSL tests
With the http_testset_1.json
[15:53:05] [ERROR] SRV.h1.s1.c1.t1.0: TCP stream connect timed out
[15:53:05] [ERROR] MGR.h1.s1.c1: Test 1 failed: Removes any extra SSLproxy line, and appends Connection: close
[15:53:05] [ERROR] testproxy: Test set h1.s1 failed
[15:53:05] [ERROR] testproxy: Test harness 1 failed: SSL tests
This is the harness.json file i use
{
"comment": "SSLproxy tests",
"testharnesses": {
"1": {
"comment": "SSL tests",
"testsets": {
"1": "ssl_testset_1.json"
}
}
}
}
I used the ssl and http test in the examples folder to try it out
{
"comment": "Tests for SSL configuration",
"configs": {
"1": {
"proto": {
"proto": "ssl",
"tcp_nodelay": "yes",
"ip_ttl": "15",
"connect_timeout": "1000",
"read_timeout": "50",
"write_timeout": "50",
"verify_peer": "no",
"cipher_list": "MEDIUM:HIGH",
"no_ssl2": "yes",
"no_ssl3": "yes",
"no_tls10": "yes",
"no_tls11": "yes",
"no_tls12": "yes",
"no_tls13": "yes",
"min_proto_version": "ssl3",
"max_proto_version": "tls13",
"ecdhcurve": "prime256v1",
"use_sni": "no",
"verify_hostname": "no",
"compression": "no"
},
"client": {
"ip": "127.0.0.1",
"port": "8443",
"crt": "/TestProxy/target/debug/server.crt",
"key": "/TestProxy/target/debug/server.key",
"cipher_list": "MEDIUM",
"use_sni": "yes",
"sni_servername": "comixwall.org",
"verify_hostname": "yes",
"no_tls10": "no",
"max_proto_version": "tls11"
},
"server": {
"ip": "127.0.0.1",
"port": "9443",
"crt": "/TestProxy/target/debug/server.crt",
"key": "/TestProxy/target/debug/server.key",
"cipher_list": "HIGH",
"no_tls12": "no",
"min_proto_version": "tls12",
"compression": "yes"
}
}
},
"tests": {
"1": {
"comment": "Configures ssl cert, proto, cipher_list correctly",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: comixwall.org\r\n\r\n",
"assert": {
"current_cipher_name": {
"match": [
"^DHE-\\w+-\\w+-\\w+",
"\\w+-\\w+-SEED-\\w+",
"\\w+-\\w+-\\w+-SHA$"
],
"!match": [
"ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+",
"[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+",
"[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384"
]
},
"current_cipher_version": {
"==": [
"SSLv3",
"TLSv1"
],
"!match": [
"^TLSv1\\.[1-3]?$"
]
},
"ssl_proto_version": {
"==": [
"TLSv1"
],
"!=": [
"SSLv3"
],
"!match": [
"^TLSv1\\.[1-3]?$"
]
},
"ssl_state": {
"==": [
"SSLOK "
]
},
"peer_certificate": {
"==": [
"TR, Antalya, Serik, ComixWall, SSLproxy, comixwall.org, sonertari@gmail.com"
]
},
"peer_certificate_not_before": {
">=": [
"-2"
],
"<=": [
"0"
]
},
"peer_certificate_not_after": {
">=": [
"363"
],
"<=": [
"365"
]
}
}
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: comixwall.org\r\nConnection: close\r\n\r\n",
"assert": {
"current_cipher_name": {
"match": [
"ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+",
"[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+",
"[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384"
],
"!match": [
"^DHE-\\w+-\\w+-\\w+",
"\\w+-\\w+-SEED-\\w+",
"\\w+-\\w+-\\w+-SHA$"
]
},
"current_cipher_version": {
"==": [
"TLSv1.2"
],
"!match": [
"^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
]
},
"ssl_proto_version": {
"==": [
"TLSv1.2"
],
"!match": [
"^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
]
},
"ssl_state": {
"==": [
"SSLOK "
]
},
"sni_servername": {
"==": [
"comixwall.org"
]
}
}
}
}
}
}
}
This is how i start the sslproxy
sudo sslproxy -D4 -k /SSLproxy/server.key -c /SSLproxy/server.crt -l connect.log -J -S /SSLproxy/log -Y /SSLproxy/pcap ssl 127.0.0.1 8443 up:1212
for the lp i you use that on in the test dir.
At least the output of the proxy says that it has received something.
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]
EOF on outbound connection before connection establishment
SSL_free() in state 0000000c = 000c = TWCH (SSLv3/TLS write client hello) [connect socket]