O-Saft/Documentation

O-Saft
This is O-Saft's documentation as you get with: o-saft.pl --help

NAME

 * o-saft.pl - OWASP SSL audit for testers
 * OWASP SSL advanced forensic tool

DESCRIPTION

 * This tools lists information about remote target's  SSL  certificate
 * and tests the remote target according given list of ciphers.
 * Note: Throughout this description    is used as an alias for the
 * program name.
 * program name.

SYNOPSIS

 * o-saft.pl [COMMANDS ..] [OPTIONS ..] target [target target ...]
 * Where [COMMANDS]  and  [OPTIONS]  are described below  and
 * is a hostname either as full qualified domain name or as IP address.
 * Multiple commands and targets may be combined.
 * All commands  and  options  can also be specified in a  rc-file, see
 * RC-FILE below.
 * All commands  and  options  can also be specified in a  rc-file, see
 * RC-FILE below.

QUICKSTART

 * Before going into a detailed description  of the  purpose and usage,
 * here are some examples of the most common use cases:


 * Show supported (enabled) ciphers of target:

o-saft.pl +cipher --enabled example.tld


 * Show details of certificate and connection of target:

o-saft.pl +info example.tld


 * Check certificate, ciphers and SSL connection of target:

o-saft.pl +check example.tld


 * List all available commands:

o-saft.pl --help=commands


 * For more specialised test cases, refer to the COMMANDS and OPTIONS
 * sections below.


 * If no command is given, +cipher  is used.

WHY?

 * Why a new tool for checking SSL security and configuration when there
 * are already a dozen or more such tools in existence (circa 2012)?
 * Currently available tools suffer from some or all of following issues:


 * *  lack of tests of unusual ciphers


 * *  lack of tests of unusual SSL certificate configurations


 * *  may return different results for the same checks on a given target
 * *  missing tests for modern SSL/TLS functionality


 * *  missing tests for specific, known SSL/TLS vulnerabilities


 * *  no support for newer, advanced, features e.g. CRL, OCSP, EV


 * *  limited capability to create your own customised tests


 * Other reasons or problems  are that they are either binary and hence
 * not portable to other (newer) platforms.


 * In contrast to (all?) most other tools, including openssl, it can be
 * used to `ask simple questions' like `does target support STS' just by
 * calling:

o-saft.pl +cipher +hsts_sts example.tld


 * For more, please see EXAMPLES  section below.

RESULTS

 * For the results, we have to distinguish those returned by  +cipher
 * command and those from all other tests and checks like  +check  or
 * +info command.

+cipher

 * The cipher checks will return one line for each tested cipher. It
 * contains at least the cipher name,    or     whether it's
 * supported or not, and a security qualification. It may look like:

AES256-SHA      yes    HIGH NULL-SHA        no     weak


 * Depending on the used --legacy=*  option the format may differ
 * and also contain more information. For details see  --legacy=*
 * option below.


 * The text for security qualifications are mainly those returned by
 * openssl (version 1.0.1): LOW, MEDIUM, HIGH and WEAK.
 * The same texts but with all lower case characters are used if the
 * qualification was adapted herein.

+check

 * These tests return a line with a label describing the test and a
 * test result for it. The  idea is to report     if the result
 * is considered "secure" and report the reason why it is considered
 * insecure otherwise. Example of a check considered secure:

Label of the performed check:          yes
 * Example of a check considered insecure:

Label of the performed check:          no (reason why)


 * Note that there are tests where the results appear confusing when
 * first viewed, like for www.wi.ld:

Certificate is valid according given hostname: no (*.wi.ld) Certificate's wildcard does not match hostname: yes
 * This can for example occur with:

Certificate Common Name:               *.wi.ld        Certificate Subject's Alternate Names:  DNS:www.wi.ld


 * Please check the result with the +info  command also to verify
 * if the check sounds reasonable.

+info

 * The test result contains detailed information.  The labels there
 * are mainly the same as for the "+check"  command.


 * ll output is designed to make it easily parsable by postprocessors.
 * lease see OUTPUT  section below for details.

COMMANDS

 * There are commands for various tests according the SSL connection to
 * the target, the targets certificate and the used ciphers.


 * All commands are preceded by a    to easily distinguish from other
 * arguments and options. However, some --OPT  options are treated as
 * commands for historical reason or compatibility to other programs.


 * The most important commands are (in alphabetical order):

+check +cipher +info +http +list +quick +sni +sni_check +version

 * A list of all available commands will be printed with

o-saft.pl --help=cmd


 * The summary and internal commands return requested information or the
 * results of checks. These are described below.
 * The description of all other commands will be printed with

o-saft.pl --help=commands

Commands for information about this tool

 * All these commands will exit after execution (cannot be used together
 * with other commands).

+ciphers

 * Show ciphers offerd by local SSL implementation.

+list

 * Show all ciphers known by this tool.  This includes cryptogrphic
 * details of the cipher and some internal details about the rating.


 * Use --v option to show more details.

+abbr +abk

 * Show common abbreviation used in the world of security.

+version

 * Show version information for both the program and the Perl modules
 * that it uses, then exit.


 * Use --v option to show more details.

+libversion

 * Show version of openssl.

+todo

 * Show known problems and bugs.

Commands to check SSL details

 * Following (summary, internal) commands are simply a shortcut for
 * a list of other commands. For details of the list use:

o-saft.pl --help=intern

+check

 * Check the SSL connection for security issues. This is the same as
 * +info +cipher +sizes --sslv2 --sslv3 --tls1
 * but also gives some kind of scoring for security issues if any.

+http

 * Perform HTTP checks (like STS, redirects etc.).

+info

 * Overview of most important details of the SSL connection.


 * Use --v option to show details also, which span multiple lines.

+info--v

 * Overview of all details of the SSL connection. This is a shortcut
 * for all commands listed below but not including +cipher.


 * This command is intended for debugging as it prints some details
 * from the used Net::SSLinfo  module.

+quick

 * Quick overview of checks. Implies --enabled and  --short.

+sts +hsts

 * Various checks according STS HTTP header.
 * This option implies --http,  means that  --no-http is ignored.

+sni

 * Check for Server Name Indication (SNI) usage.

+sni_check +check_sni

 * Check for Server Name Indication (SNI) usage and validity of all
 * names (CN, subjectAltName, FQDN, etc.).

+bsi

 * Various checks according BSI TR-02102-2 compliance.

+ev

 * Various checks according certificate's extended Validation (EV).


 * Hint: use option --v --v to get information about failed checks.

+sizes

 * Check length, size and count of some values in the certificate.

+s_client

 * Dump data retrieved from   call. Should be
 * used for debugging only.
 * It can be used just like openssl itself, for example:

openssl s_client -connect host:443 -no_sslv2

+dump

 * Dumps internal data for SSL connection and target certificate.
 * This is mainly for debugging and should not be used together with
 * other commands (except +cipher).
 * Each key-value pair is enclosed in  and.


 * Using --trace --trace dumps data of Net::SSLinfo  too.

+exec

 * Command used internally when requested to use other libraries.
 * This command should not be used directly.

+cipher

 * Check target for ciphers, either all ciphers or ciphers specified
 * with --cipher=* option.


 * Note that ciphers not supported  by the local SSL implementation
 * are not checked by default, use --local option for that.

+cipherall

 * Check target for all possible ciphers.
 * Does not depend on local SSL implementation.


 * WARNING: needs to be extensively tested (04/2014)

Commands to test SSL connection to target

 * Please see:

o-saft.pl --help=commands

Commands to show details of the target's certificate

 * Please see:

o-saft.pl --help=commands

OPTIONS

 * All options are written in lowercase. Words written in all capital in
 * the description here is text provided by the user.

--help

 * WYSIWYG


 * Note: The documentation is written with perl's POD format and uses
 * perl's POD module to print it. Unfortunately  the first line
 * written by POD  is:

'User Contributed Perl Documentation'
 * which may be a bit misleading because all descriptions of the
 * documentation belong to this tool itself.

--help=cmd

 * Show available commands.

--help=commands

 * Show available commands with short description.

--help=checks

 * Show available checks.

--help=legacy

 * Show possible legacy formats (used as value in --legacy=KEY).

--help=compliance

 * Show available compliance checks.

--help=intern

 * Show internal commands.

--help=score

 * Show score value for each check.
 * Value is printed in format to be used for --cfg_score=KEY=SCORE.


 * Note that the sequence  of options  is important.  Use the options
 * --trace and/or  --cfg_score=KEY=SCORE  before  --help=score.

--help=text

 * Show texts used in various messages.

--help=text-cfg

 * Show texts used in various messages ready for use in in RC-FILE or
 * as option.

--help=regex

 * Show regular expressions used internally.

--dns

 * Do DNS lookups to map given hostname to IP, do a reverse lookup.

--no-dns

 * Do not make DNS lookups.
 * Note that the corresponding IP and reverse hostname may be missing
 * in some messages then.

--host=HOST

 * Specify HOST as target to be checked. Legacy option.

--port=PORT

 * Specify target's PORT to be used. Legacy option.

--host=HOST and --port=PORT and HOST:PORT and HOST

 * When giving more than one HOST argument, the sequence of the given
 * HOST argument and the given --port=PORT  and the given --host=HOST
 * options are important.
 * The rule how ports and hosts are mapped is as follows:
 * HOST:PORT arguments are uses as is (connection to HOST on PORT)
 * only HOST is given, then previous specified --port=PORT is used
 * Note that URLs are treated as HOST:PORT, if they contain a port.
 * Example:

o-saft.pl +cmd host-1 --port 23 host-2 host-3:42 host-4
 * will connect to:

host-1:443 host-2:23 host-3:42 host-4:23

--proxyhost=PROXYHOST --proxy=PROXYHOST:PROXYPORT

 * Make all connection to target using PROXYHOST.

--proxyuser=PROXYUSER

 * Specify username for proxy authentication.

--proxypass=PROXYPASS

 * Specify password for proxy authentication.
 * --proxy=PROXYUSER:PROXYPASS@PROXYHOST:PROXYPORT is also possible.

--proxyport=PROXYPORT

 * Make all connection to target using PROXYHOST:PROXYPORT.

--s_client

 * Use   call to retrieve more informations from
 * the SSL connection. This is disabled by default on Windows because
 * of performance problems. Without this option following informations
 * are missing on Windows:

compression, expansion, renegotiation, resumption, selfsigned, verify, chain, protocols
 * See  for details.


 * If used together with --trace, s_client data will also be printed
 * in debug output of.

--no-openssl

 * Do not use external  tool to retrieve informations. Use of
 * is disabled by default on Windows.
 * Note that this results in some missing informations.

--openssl=TOOL

 * TOOL     can be a path to openssl executable;  default: openssl

--force-openssl

 * Use openssl to check for supported ciphers; default: IO::Socket


 * This option forces to use   to
 * check if a cipher is supported by the remote target. This is useful
 * if the --lib=PATH option doesn't work (for example due to changes
 * of the API or other incompatibilities).

--exe-path=PATH --exe=PATH

 * PATH     is a full path where to find openssl.

--lib-path=PATH --lib=PATH

 * PATH     is a full path where to find libssl.so and libcrypto.so


 * See HACKER's INFO below for a detailed description how it works.

--envlibvar=NAME

 * NAME is the name of the environment variable containing additional
 * paths for searching dynamic shared libraries.
 * Default is LD_LIBRARY_PATH.


 * Check your system for the proper name, i.e.:
 * DYLD_LIBRARY_PATH, LIBPATH, RPATH, SHLIB_PATH.

--ssl-lazy

 * if the --lib=PATH option doesn't work (for example due to changes
 * I.g. this tools tries to identify available functionality according
 * SSL versions from the underlaying libraries. Unsupported  versions
 * are then disables and a warning is shown.
 * Unfortunately some libraries have not implemented all functions to
 * check availability of a specific SSL version, which then results in
 * a compile error.


 * This option disables the strict check of availability.
 * If the underlaying library doesn't support the required SSL version
 * at all, following error may occour:

Can't locate auto/Net/SSLeay/CTX_v2_new.al in @INC ...

--cipher=CIPHER

 * CIPHER   can be any string accepeted by openssl or following:


 * yeast    use all ciphers from list defined herein, see +list


 * Beside the cipher names accepted by openssl, CIPHER can be the name
 * of the constant or the (hex) value as defined in openssl's files.
 * Currently supported are the names and constants of openssl 1.0.1c.
 * Example:

--cipher=DHE_DSS_WITH_RC4_128_SHA --cipher=0x03000066 --cipher=66
 * will be mapped to  DHE-DSS-RC4-SHA


 * Note: if more than one cipher matches, just one will be selected.
 * Default is  as specified in Net::SSLinfo
 * Default is  as specified in Net::SSLinfo

--no-md5-cipher

 * Do not use *-MD5 ciphers for other protocols than SSLv2.
 * This option is only effective with +cipher  command.


 * The purpose is to avoid warnings from IO::Socket::SSL  like:

Use of uninitialized value in subroutine entry at lib/IO/Socket/SSL.pm line 430.
 * which occours with some versions of IO::Socket::SSL  when a  *-MD5
 * ciphers will be used with other protocols than SSLv2.


 * Note that these ciphers will be checked for SSLv2 only.

--no-SSL

 * SSL      can be any of:  ssl, ssl2, ssl3, sslv2, sslv3, tls1,
 * tls1, tls11, tls1.1, tls1-1, tlsv1, tlsv11, tlsv1.1, tlsv1-1
 * (and similar variants for tlsv1.2).
 * For example --tls1  --tlsv1  --tlsv1_1  are all the same.


 * (--SSL variants):   Test ciphers for this SSL/TLS version.
 * (--no-SSL variants): Don't test ciphers for this SSL/TLS version.

--nullsslv2

 * This option forces  to assume that  SSLv2  is enabled  even if the
 * target does not accept any ciphers.


 * The target server may accept connections with SSLv2  but not allow
 * any cipher. Some checks verify if SSLv2  is enabled at all,  which
 * then would result in a failed test.
 * The default behaviour is to assume that SSLv2 is not enabled if no
 * ciphers are accepted.

--http

 * Make a HTTP request if cipher is supported.


 * If used twice debugging will be enabled using environment variable

--no-http

 * Do not make HTTP request.
 * Do not make HTTP request.

--sni

 * Make SSL connection in SNI mode.
 * Make SSL connection in SNI mode.

--no-sni

 * Do not make SSL connection in SNI mode (default: SNI mode).
 * Do not make SSL connection in SNI mode (default: SNI mode).

--force-sni

 * Do not check if SNI seems to be supported by Net::SSLeay.
 * Older versions of openssl and its libries do not support SNI or the
 * SNI support is implemented buggy. By default it's checked if SNI is
 * properly supported. With this option this check can be disabled.


 * Be warned that this may result in improper results.

--no-cert

 * Do not get data from target's certificate, return empty string.
 * Do not get data from target's certificate, return empty string.

--no-cert --no-cert

 * Do not get data from target's certificate, return Net::SSLinfo.pm's
 * default string (see --no-cert-text TEXT  option).
 * default string (see --no-cert-text TEXT  option).

--no-cert-text TEXT

 * Set TEXT  to be returned from    if no certificate
 * data is collected due to use of --no-cert.
 * data is collected due to use of --no-cert.

--ca-depth INT

 * Check certificate chain to depth INT (like openssl's -verify).
 * Check certificate chain to depth INT (like openssl's -verify).

--ca-file FILE

 * Use FILE  with bundle of CAs to verify target's certificate chain.
 * Use FILE  with bundle of CAs to verify target's certificate chain.

--ca-path DIR

 * Use DIR  where to find CA certificates in PEM format.
 * Use DIR  where to find CA certificates in PEM format.

--no-nextprotoneg

 * Do not use    option for openssl.
 * Do not use    option for openssl.

--no-reconnect

 * Do not use    option for openssl.
 * Do not use    option for openssl.

--no-tlsextdebug

 * Do not use    option for openssl.
 * Do not use    option for openssl.

--sclient-opt=VALUE

 * Argument or option passed to openssl s_client command.
 * Argument or option passed to openssl s_client command.

Options for checks and results

 * Options used for +check  command:
 * Options used for +check  command:

--enabled

 * Only print result for ciphers accepted by target.
 * Only print result for ciphers accepted by target.

--disabled

 * Only print result for ciphers not accepted by target.
 * Only print result for ciphers not accepted by target.

--ignorecase

 * Checks are done case insensitive.
 * Checks are done case insensitive.

--no-ignorecase

 * Checks are done case sensitive. Default: case insensitive.
 * Currently only checks according CN, alternate names in the target's
 * certificate compared to the given hostname are effected.

--short

 * Use short less descriptive text labels for +check   and  +info
 * command.
 * command.

--legacy=TOOL

 * For compatibility with other tools, the output format used for the
 * result of the +cipher command can be adjusted to mimic the format
 * of other SSL testing tools.


 * The argument to the --legacy=TOOL option is the name of the tool
 * to be simulated.


 * Following TOOLs are supported:


 * sslaudit       format of output similar to  sslaudit


 * sslcipher      format of output similar to  ssl-cipher-check


 * ssldiagnos     format of output similar to  ssldiagnos


 * sslscan        format of output similar to  sslscan


 * ssltest        format of output similar to  ssltest


 * ssltestg       format of output similar to  ssltest -g


 * ssltest-g      format of output similar to  ssltest -g


 * sslyze         format of output similar to  sslyze


 * ssl-cipher-check     same as sslcipher


 * ssl-cert-check format of output similar to  ssl-cert-check


 * testsslserver  format of output similar to  TestSSLServer.jar


 * thcsslcHeck    format of output similar to  THCSSLCheck


 * Note that these legacy formats only apply to output of the checked
 * ciphers. Other texts like headers and footers are adapted slightly.


 * Please don't expect identical output as the TOOL, it's a best guess
 * and should be parsable in a very similar way.


 * TOOL may also be set to any of following internally defined values:


 * compact


 * Mainly avoid tabs and spaces format is as follows

Some Label:<-- anything right of colon is data


 * full


 * Pretty print: each label in its  own line, followed by  data in
 * next line prepended by tab character (useful for +info only)


 * quick


 * Use tab as separator; print ciphers with bit length (--tab not necessary)


 * simple


 * Default format

--format=FORM

 * FORM may be one of follwoing:


 * raw


 * Print raw data as passed from Net::SSLinfo.
 * Note: all data will be printed as is,  without additional label
 * or formatting. It's recommended to use the option in conjunction
 * with exactly one command. Otherwise the user needs  to know how
 * to `read' the printed data.


 * hex


 * Convert some data to hex: 2 bytes separated by.

--header

 * Print formatting header. Default for  +check, +info, +quick.
 * and +cipher  only.
 * and +cipher  only.

--no-header

 * Do not print formatting header.
 * Usefull if raw output should be passed to other programs.

--score

 * Print scoring results. Default for +check.
 * Print scoring results. Default for +check.

--no-score

 * Do not print scoring results.
 * Do not print scoring results.

--sep=CHAR

 * CHAR     will be used as separator between  label and value of the
 * printed results. Default is :
 * printed results. Default is :

--tab

 * TAB character (0x09, \t) will be used  as separator between  label
 * and value of the printed results.
 * As label and value are already separated by a TAB  character, this
 * options is only useful in conjunction with the  --legacy=compact
 * option.

--showhost

 * Prefix each printed line with the given hostname (target).
 * The hostname will be followed by the separator character.

--win-CR

 * Print windows-Style with CR LF as end of line. Default is NL only.
 * Print windows-Style with CR LF as end of line. Default is NL only.

Options for compatibility with other programs

 * Please see other programs for detailed description (if not obvious:).
 * Note that only the long form options are accepted as most short form
 * options are ambiguous.


 * --capath DIR     (curl)           same as --ca-path DIR
 * --CApath=DIR     (openssl)        same as --ca-path DIR
 * --ca-directory=DIR       (wget)   same as --ca-path DIR:
 * --cacert FILE    (curl)           same as --ca-file DIR
 * --CAfile=FILE    (openssl)        same as --ca-file DIR
 * --ca-certificate=FILE    (wget)   same as --ca-path DIR
 * -c PATH          (ssldiagnos)     same as --ca-path DIR
 * --hide_rejected_ciphers (sslyze)  same as --disabled
 * --http_get       (ssldiagnos)     same as --http
 * --printcert      (ssldiagnos)     same as +ciphers
 * --protocol SSL   (ssldiagnos)     same as --SSL
 * --no-failed      (sslscan)        same as --disabled
 * --regular        (sslyze)         same as --http
 * --reneg          (sslyze)         same as +renegotiation
 * --resum          (sslyze)         same as +resumtion
 * -h, -h=HOST      (various tools)  same as --host HOST
 * -p, -p=PORT      (various tools)  same as --port PORT
 * -t HOST          (ssldiagnos)     same as --host HOST
 * -noSSL                            same as --no-SSL
 * -no_SSL                           same as --no-SSL


 * For definition of    see  --SSL  and  --no-SSL  above.


 * --insecure       (cnark.pl)       ignored
 * --nopct --nocolor (ssldiagnos)    ignored
 * --ism, --pci -x  (ssltest.pl)     ignored
 * --timeout, --grep (ssltest.pl)    ignored
 * -r, -s,  -t      (ssltest.pl)     ignored
 * -connect, --fips, -H, -u, -url, -U ignored

Options for customization

 * For general descriptions please see CUSTOMIZATION  section below.
 * For general descriptions please see CUSTOMIZATION  section below.

--cfg_cmd=CMD=LIST

 * Redefine list of commands. Sets %cfg{cmd-CMD}  to  LIST.  Commands
 * are written without the leading +.
 * CMD      can be any of:  bsi, check, http, info, quick, sni, sizes
 * Example:
 * --cfg_cmd=sni=sni hostname


 * To get a list of commands and their settings, use:

o-saft.pl --help=intern


 * Main purpose is to reduce list of commands or print them sorted.

--cfg_score=KEY=SCORE

 * Redefine value for scoring. Sets %checks{KEY}{score}  to  SCORE.
 * Most score values are set to 10 by default. Values  ..   are
 * allowed.


 * To get a list of current score settings, use:

o-saft.pl --help=score


 * For deatils how scoring works, please see SCORING  section.


 * Use the --trace-key  option for the  +info  and/or  +check
 * command to get the values for KEY.

--cfg_checks=KEY=TEXT --cfg_data=KEY=TEXT

 * Redefine texts used for labels in output. Sets %data{KEY}{txt}  or
 * %checks{KEY}{txt} to  TEXT.


 * To get a list of preconfigured labels, use:

o-saft.pl --help=cfg_checks o-saft.pl --help=cfg_data

--cfg_text=KEY=TEXT

 * Redefine general texts used in output. Sets %text{KEY}  to  TEXT.


 * To get a list of preconfigured texts, use:

o-saft.pl --help=cfg_text


 * Note that \n, \r and \t are replaced by the corresponding character
 * when read from RC-FILE.

--call=METHOD

 * See Options for SSL tool
 * See Options for SSL tool

--usr

 * Execute functions defined in o-saft-usr.pm.
 * Execute functions defined in o-saft-usr.pm.

--n

 * Do not execute, just show commands (only useful in conjunction with
 * using openssl).
 * using openssl).

--verbose

 * Print more information about checks.
 * Note that this option should be first otherwise some debug messages
 * are missing.
 * Note that this option should be first otherwise some debug messages
 * are missing.

--v --v

 * Print remotely checked ciphers.
 * Print remotely checked ciphers.

--v --v --v

 * Print remotely checked ciphers one per line.
 * Print remotely checked ciphers one per line.

--v --v --v --v

 * Print processed ciphers (check, skip, etc.).
 * Print processed ciphers (check, skip, etc.).

--trace

 * Print debugging messages.
 * Print debugging messages.

--trace --trace

 * Print more debugging messages and pass  to Net::SSLeay and
 * Net::SSLinfo.
 * Net::SSLinfo.

--trace --trace --trace

 * Print more debugging messages and pass  to Net::SSLeay and
 * Net::SSLinfo.
 * Net::SSLinfo.

--trace --trace --trace --trace

 * Print processing of all command line arguments.
 * Print processing of all command line arguments.

--trace-arg

 * Print command line argument processing.
 * Print command line argument processing.

--trace-cmd

 * Trace execution of command processing (those given as +*).
 * Trace execution of command processing (those given as +*).

--trace-key

 * Print some internal variable names in output texts (labels).
 * Variable names are prefixed to printed line and enclosed in.
 * Example without --trace-key :

Certificate Serial Number:         deadbeef


 * Example with   --trace-key :

#serial#         Certificate Serial Number:          deadbeef

--trace=VALUE

 * --trace=1                         same as --trace
 * --trace=2                         same as --trace --trace
 * --trace=arg                       same as --trace-arg
 * --trace=cmd                       same as --trace-cmd
 * --trace=key                       same as --trace-key
 * --trace=key                       same as --trace-key

--trace=FILE

 * Use FILE instead of the default rc-file (.o-saft.pl, see RC-FILE).
 * Use FILE instead of the default rc-file (.o-saft.pl, see RC-FILE).

--trace-sub +traceSUB

 * Print formatted list of internal functions with their description.
 * Not to be intended in conjunction with any target check.
 * Not to be intended in conjunction with any target check.

--trace vs. --v

 * While --v  is used to print more data, --trace is used to print
 * more information about internal data such as procedure names and/or
 * variable names and program flow.
 * variable names and program flow.

--no-warning

 * Do not print warning messages (**WARNING:).
 * Do not print warning messages (**WARNING:).

Options vs. Commands

 * For compatibility with other programs and lazy users, some arguments
 * looking like options are silently taken as commands. This means that
 * --THIS becomes  +THIS  then. These options are:
 * --help
 * --abbr
 * --todo
 * --chain
 * --default
 * --fingerprint
 * --list
 * --version
 * Take care that this behaviour may be removed in future versions as it
 * conflicts with those options and commands which actually exist, like:
 * --sni vs.  +sni
 * Take care that this behaviour may be removed in future versions as it
 * conflicts with those options and commands which actually exist, like:
 * --sni vs.  +sni
 * --sni vs.  +sni
 * --sni vs.  +sni

LAZY SYNOPSIS

 * We support following options, which are all identical, for lazy users
 * and for compatibility with other programs.
 * and for compatibility with other programs.

Option Variants

 * --port PORT
 * --port=PORT
 * This applies to most such options, --port  is just an example.
 * When used in the RC-FILE, the --OPTION=VALUE variant must be used.
 * This applies to most such options, --port  is just an example.
 * When used in the RC-FILE, the --OPTION=VALUE variant must be used.

Option Names

 * Dash    and/or  underscore     in option names are optional.
 * --no-dns
 * --no_dns
 * --nodns
 * This applies to all such options, --no-dns is just an example.
 * This applies to all such options, --no-dns is just an example.
 * This applies to all such options, --no-dns is just an example.

Targets
o-saft.pl http://some.tld other.tld:3889/some/path?a=b
 * Following syntax is supported also:
 * Following syntax is supported also:
 * Note that only the hostname and the port are used from an URL.
 * Note that only the hostname and the port are used from an URL.

Options vs. Commands

 * See Options vs. Commands  in  OPTIONS  section above
 * See Options vs. Commands  in  OPTIONS  section above

CHECKS

 * All SSL related check performed by the tool will be described here in
 * the near future (Any help appreciated ...).
 * the near future (Any help appreciated ...).

General Checks

 * Lookup the IP of the given hostname (FQDN), and then tries to reverse
 * resolve the FQDN again.
 * resolve the FQDN again.

SSL Ciphers

 * Check which ciphers are supported by target. Please see RESULTS for
 * details of this check.
 * details of this check.

heartbeat

 * Check if heartbleed extension is supported by target.
 * Check if heartbleed extension is supported by target.

ADH

 * Check if ciphers for anonymous key exchange are supported: ADH|DHA.
 * Such key exchanges can be sniffed.
 * Such key exchanges can be sniffed.

EDH

 * Check if ephemeral ciphers are supported: DHE|EDH.
 * They are necessary to support Perfect Forward Secrecy (PFS).
 * They are necessary to support Perfect Forward Secrecy (PFS).

BEAST

 * Currently (2014) only a simple check is used: only RC4 ciphers used.
 * Which is any cipher with RC4, ARC4 or ARCFOUR.
 * TLSv1.2 checks are not yet implemented.
 * TLSv1.2 checks are not yet implemented.

CRIME

 * Connection is vulnerable if target supports SSL-level compression.
 * Connection is vulnerable if target supports SSL-level compression.

HEARTBLEED

 * Check if target is vulnerable to heartbleed attack, see CVE-2014-0160
 * and http://heartbleed.com/.
 * and http://heartbleed.com/.

Lucky 13

 * NOT YET IMPLEMENTED
 * NOT YET IMPLEMENTED

RC4

 * Check if RC4 ciphers are supported.
 * They are assumed to be broken.
 * They are assumed to be broken.

PFS

 * Currently (2014) only a simple check is used: only DHE ciphers used.
 * Which is any cipher with DHE or ECDHE. SSLv2 does not support PFS.
 * TLSv1.2 checks are not yet implemented.
 * TLSv1.2 checks are not yet implemented.

Root CA

 * Provided certificate by target should not be a Root CA.
 * Provided certificate by target should not be a Root CA.

Self-signed Certificate

 * Certificate should not be self-signed.
 * Certificate should not be self-signed.

IP in CommonName or subjectAltname (RFC6125)

 * NOT YET IMPLEMENTED
 * NOT YET IMPLEMENTED

Basic Constraints

 * Certificate extension Basic Constraints should be CA:FALSE.
 * Certificate extension Basic Constraints should be CA:FALSE.

OCSP, CRL, CPS

 * Certificate should contain URL for OCSP and CRL.
 * Certificate should contain URL for OCSP and CRL.

Sizes and Lengths of Certificate Settings

 * Serial Number <= 20 octets (RFC5280, 4.1.2.2. Serial Number)
 * Serial Number <= 20 octets (RFC5280, 4.1.2.2. Serial Number)

DV-SSL - Domain Validation Certificate

 * The Certificate must provide:
 * Common Name  field
 * Common Name  in    or   field
 * Domain name in  or   field
 * Common Name  in    or   field
 * Domain name in  or   field

EV-SSL - Extended Validation Certificate

 * This check is performed according the requirements defined by the CA/
 * Browser Forum https://www.cabforum.org/contents.html.
 * The Certificate must provide:
 * DV - Domain Validation Certificate (see above)
 * Organization name  Cn subject field
 * Organization name must be less to 64 characters
 * Business Category  in   field
 * Registration Number  in   field
 * Address of Place of Business in  field
 * Required are:,  ,
 * Optional are: ,
 * Required are:,  ,
 * Optional are: ,
 * Optional are: ,
 * Optional are: ,


 * Validation period does not exceed 27 month
 * See LIMITATIONS  also.
 * See LIMITATIONS  also.
 * See LIMITATIONS  also.

STS header

 * Using STS is no perfect security. While the very first request using
 * http: is always prone to a MiTM attack, MiTM is possible to following
 * requests again, if STS is not well implemented on the server.
 * Request with http: should be redirected to https:
 * Redirects should use status code 301 (even others will work)
 * Redirect's Location header must contain schema https:
 * Redirect's Location header must redirect to same FQDN
 * Redirect may use Refresh instead of Location header (not RFC6797)
 * Redirects from HTTP must not contain STS header
 * Answer from redirected page (HTTPS) must contain STS header
 * Answer from redirected page for IP must not contain STS header
 * STS header must contain includeSubDirectoy directive
 * STS header max-age should be less than 1 month
 * STS header must contain includeSubDirectoy directive
 * STS header max-age should be less than 1 month

Publix Key Pins header

 * TBD - to be described ...
 * TBD - to be described ...

BSI TR-02102

 * Checks if connection and ciphers are compliant according TR-02102-2,
 * see https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen
 * /TechnischeRichtlinien/TR02102/BSI-TR-02102-2_pdf.pdf?__blob=publicationFile
 * (following headlines are taken from there)
 * 3.2.1 Empfohlene Cipher Suites
 * 3.2.2 Übergangsregelungen
 * RC4 allowed temporary for TLS 1.0. Only if TLS 1.1  and  TLS 1.2
 * cannot be supported.
 * 3.2.3 Mindestanforderungen für Interoperabilität
 * Must at least support: ECDHE-ECDSA-* and ECDHE-RSA-*
 * 3.3 Session Renegotation
 * Only server-side (secure) renegotiation allowed (see RFC5280).
 * 3.4 Zertifikate und Zertifikatsverifikation
 * Must have  or.
 * MUST have.
 * must not exceed three years for certificate and
 * must not exceed five years for CA certificates.
 * ,    and     must not contain
 * a wildcard.
 * Certificate itself must be valid according dates if validity.
 * Note that the validity check relies on the years provided by the
 * certificate's    and     values only. For example a
 * certificate valid from Jan 2013 to Mar 2016  is considered valid
 * even the validity is more than three years.
 * All certificates in the chain must be valid.
 * **NOT YET IMPLEMENTED**
 * Above conditions are not required for lazy checks.
 * 3.5 Domainparameter und Schlüssellängen
 * **NOT YET IMPLEMENTED**
 * 3.6 Schlüsselspeicherung
 * This requirement is not testable from remote.
 * 3.7 Umgang mit Ephemeralschlüsseln
 * This requirement is not testable from remote.
 * 3.8 Zufallszahlen
 * This requirement is not testable from remote.
 * Certificate itself must be valid according dates if validity.
 * Note that the validity check relies on the years provided by the
 * certificate's    and     values only. For example a
 * certificate valid from Jan 2013 to Mar 2016  is considered valid
 * even the validity is more than three years.
 * All certificates in the chain must be valid.
 * **NOT YET IMPLEMENTED**
 * Above conditions are not required for lazy checks.
 * 3.5 Domainparameter und Schlüssellängen
 * **NOT YET IMPLEMENTED**
 * 3.6 Schlüsselspeicherung
 * This requirement is not testable from remote.
 * 3.7 Umgang mit Ephemeralschlüsseln
 * This requirement is not testable from remote.
 * 3.8 Zufallszahlen
 * This requirement is not testable from remote.
 * 3.6 Schlüsselspeicherung
 * This requirement is not testable from remote.
 * 3.7 Umgang mit Ephemeralschlüsseln
 * This requirement is not testable from remote.
 * 3.8 Zufallszahlen
 * This requirement is not testable from remote.
 * This requirement is not testable from remote.
 * 3.8 Zufallszahlen
 * This requirement is not testable from remote.
 * 3.8 Zufallszahlen
 * This requirement is not testable from remote.
 * This requirement is not testable from remote.

SCORING

 * TBD Coming soon ...
 * TBD Coming soon ...

OUTPUT

 * All output is designed to make it easily parsable by postprocessors.
 * Following rules are used:
 * Lines for formatting or header lines start with.
 * Lines for verbosity or tracing start with.
 * Errors and warnings start with.
 * Empty lines are comments ;-)
 * Label texts end with a separation character; default is.
 * Label and value for all checks are separated by at least one  TAB :character.
 * Texts for additional information are enclosed in    and.
 * is used when no proper informations was found or provided.
 * Replace   by whatever you think is adequate:  No answer,
 * Not available, Not applicable,  ...
 * When used in --legacy=full  or  --legacy=simple  mode, the output
 * may contain formatting lines for better (human) readability.
 * Label and value for all checks are separated by at least one  TAB :character.
 * Texts for additional information are enclosed in    and.
 * is used when no proper informations was found or provided.
 * Replace   by whatever you think is adequate:  No answer,
 * Not available, Not applicable,  ...
 * When used in --legacy=full  or  --legacy=simple  mode, the output
 * may contain formatting lines for better (human) readability.
 * Not available, Not applicable,  ...
 * When used in --legacy=full  or  --legacy=simple  mode, the output
 * may contain formatting lines for better (human) readability.
 * When used in --legacy=full  or  --legacy=simple  mode, the output
 * may contain formatting lines for better (human) readability.

Postprocessing Output

 * It is recommended to use the --legacy=quick  option, if the output
 * should be postprocessed, as it omits the default separation character
 * (, see above) and just uses on single tab character (0x09, \t  or
 * TAB) to separate the label text from the text of the result. Example:
 * TAB) to separate the label text from the text of the result. Example:

Label of the performed checkTABresult
 * More examples for postprocessing the output can be found here:
 * https://github.com/OWASP/O-Saft/blob/master/contrib
 * https://github.com/OWASP/O-Saft/blob/master/contrib

CUSTOMIZATION

 * This tools can be customized as follows:
 * Using command line options
 * This is a simple way to redefine specific settings.  Please  see
 * CONFIGURATION OPTIONS below.
 * Using Configuration file
 * A configuration file can contain multiple configuration settings.
 * Syntax is simply KEY=VALUE. Please see CONFIGURATION FILE below.
 * Using resource files
 * A resource file can contain multiple command line options. Syntax
 * is the same as for command line options iteself. Each  directory
 * may contain its own resource file. Please see RC-FILE  below.
 * Using debugging files
 * These files are --nomen est omen-- used for debugging purposes.
 * However, they can be (mis-)used to redefine all settings too.
 * Please see DEBUG-FILE  below.
 * Using user specified code
 * This file contains user specified  program code.  It can also be
 * (mis-)used to redefine all settings. Please see USER-FILE below.
 * Customization is done by redefining values in internal data structure
 * which are: %cfg,  %data,  %checks,  %text,  %scores.
 * Unless used in DEBUG-FILE  or  USER-FILE,  there is  no need to know
 * these internal data structures or the names of variables; the options
 * will set the proper values.  The key names being part of the option,
 * are printed in output with the --trace-key  option.
 * I.g. texts (values) of keys in %data are those used in output of the
 * section. Texts of keys in %checks are used for output
 * in  section.  And texts of keys in  %text  are used
 * for additional information lines or texts (mainly beginning with
 * (mis-)used to redefine all settings. Please see USER-FILE below.
 * Customization is done by redefining values in internal data structure
 * which are: %cfg,  %data,  %checks,  %text,  %scores.
 * Unless used in DEBUG-FILE  or  USER-FILE,  there is  no need to know
 * these internal data structures or the names of variables; the options
 * will set the proper values.  The key names being part of the option,
 * are printed in output with the --trace-key  option.
 * I.g. texts (values) of keys in %data are those used in output of the
 * section. Texts of keys in %checks are used for output
 * in  section.  And texts of keys in  %text  are used
 * for additional information lines or texts (mainly beginning with
 * I.g. texts (values) of keys in %data are those used in output of the
 * section. Texts of keys in %checks are used for output
 * in  section.  And texts of keys in  %text  are used
 * for additional information lines or texts (mainly beginning with

).

Configuration File vs. RC-FILE vs. DEBUG-FILE

 * CONFIGURATION FILE
 * Configuration Files must be specified with one of the  --cfg_*
 * options. The specified file can be a valid path. Please note that
 * only the characters: a-zA-Z_0-9,.\/-  are allowed as pathname.
 * Syntax in configuration file is: 'KEY=VALUE'  where 'KEY' is any
 * key as used in internal data structure.
 * the keys in output).
 * RC-FILE
 * Resource files are searched for and used automatically. They will
 * be searched for in the local (current working) directory only.
 * Syntax in resource file is: --cfg_CFG=KEY=VALUE as described in
 * OPTIONS section. 'CFG' is any of:  cmd,  check,  data,  text  or
 * score. where 'KEY'  is any key from internal data structure.
 * DEBUG-FILE
 * Debug files are searched for and used automatically. They will be
 * searched for in the current working or installation directory.
 * Syntax in these files is perl code. Perl's  'require'  directive
 * is used to include these files.
 * USER-FILE
 * The user program file is included only if the --usr option was
 * used. It will be be searched for in the current working directory
 * or the installation directory.
 * searched for in the current working or installation directory.
 * Syntax in these files is perl code. Perl's  'require'  directive
 * is used to include these files.
 * USER-FILE
 * The user program file is included only if the --usr option was
 * used. It will be be searched for in the current working directory
 * or the installation directory.
 * used. It will be be searched for in the current working directory
 * or the installation directory.

CONFIGURATION OPTIONS

 * Configuration options are used to redefine texts and labels or score
 * settings used in output. The options are:
 * --cfg_cmd=KEY=LIST
 * --cfg_score=KEY=SCORE
 * --cfg_checks=KEY=TEXT
 * --cfg_data=KEY=TEXT
 * --cfg_text=KEY=TEXT
 * Here   is the key used in the internal data structure and
 * is the value to be set for this key. Note that  unknown keys will be
 * ignored silently.
 * If    is an exiting filename,  all lines from that file are
 * read and set. For details see CONFIGURATION FILE  below.
 * --cfg_text=KEY=TEXT
 * Here   is the key used in the internal data structure and
 * is the value to be set for this key. Note that  unknown keys will be
 * ignored silently.
 * If    is an exiting filename,  all lines from that file are
 * read and set. For details see CONFIGURATION FILE  below.
 * If    is an exiting filename,  all lines from that file are
 * read and set. For details see CONFIGURATION FILE  below.
 * read and set. For details see CONFIGURATION FILE  below.

CONFIGURATION FILE

 * Note that the file can contain    pairs for the kind of the
 * configuration as given by the --cfg_CFG  option.
 * For example when used with  --cfg_text=file only values for  %text
 * will be set, when used with  --cfg_data=file only values for %data
 * will be set, and so on.    is not used when     is  an
 * existing filename. Though, it's recommended to use a non-existing key,
 * for example: --cfg-text=my_file=some/path/to/private/file.
 * existing filename. Though, it's recommended to use a non-existing key,
 * for example: --cfg-text=my_file=some/path/to/private/file.

RC-FILE

 * A rc-file  can contain any of the commands and options valid for the
 * tool itself. The syntax for them is the same as on command line. Each
 * command or option must be in a single line. Any empty or comment line
 * will be ignored. Comment lines start with    or.
 * Note that options with arguments must be used as.
 * All commands and options given on command line will overwrite  those
 * found in the rc-file.
 * The rc-file will be searched for in the working directory only.
 * The name of the rc-file is the name of the program file prefixed by a
 * , for example:.
 * The rc-file will be searched for in the working directory only.
 * The name of the rc-file is the name of the program file prefixed by a
 * , for example:.
 * The name of the rc-file is the name of the program file prefixed by a
 * , for example:.

DEBUG-FILE

 * All debugging functionality is defined in o-saft-dbx.pm, which will
 * be searched for in the current working directory or the installation
 * directory of the tool. For Details see DEBUG  below.
 * directory of the tool. For Details see DEBUG  below.

USER-FILE

 * All functions defined in o-saft-usr.pm  are called when the option
 * --usr was given. The functions are defined as empty stub, any code
 * can be inserted as need. Please see  perldoc o-saft-usr.pm  to see
 * when and how these functions are called.
 * when and how these functions are called.

CIPHER NAMES

 * While the SSL/TLS protocol uses integer numbers to identify ciphers,
 * almost all tools use some kind of `human readable'  texts for cipher
 * names.


 * These numbers (which are most likely written as hex values in source
 * code and documentations) are the only true identifier, and we have to
 * rely on the tools that they use the proper integers.


 * As such integer or hex numbers are difficult to handle by humans, we
 * decided to use human readable texts. Unfortunately no common standard
 * exists how to construct the names and map them to the correct number.
 * Some, but by far not all, oddities are described in Name Rodeo.


 * The rules for specifying cipher names are:


 * 1. textual names as defined by IANA (see [IANA])
 * 1. textual names as defined by IANA (see [IANA])


 * 2. mapping of names and numbers as defined by IANA (see [IANA])


 * 3.   and     are treated the same


 * 4. abbreviations are allowed, as long as they are unique
 * 5. beside IANA, openssl's cipher names are preferred
 * 6. name variants are supported, as long as they are unique
 * 7. hex numbers can be used
 * 6. name variants are supported, as long as they are unique
 * 7. hex numbers can be used
 * 7. hex numbers can be used


 * [IANA]   http://www.iana.org/assignments/tls-parameters/tls-parameters.txt September 2013


 * [openssl] ... openssl 1.0.1


 * If in any doubt, use +list --v  to get an idea about the mapping.
 * Use --help=regex  to see which regex  are used to handle all these
 * variants herein.


 * Mind the traps and dragons with cipher names and what number they are
 * actually mapped. In particular when --lib, --exe or --openssl
 * options are in use. Always use these options with +list command too.

Name Rodeo

 * As said above, the SSL/TLS protocol uses integer numbers to identify
 * ciphers, but almost all tools use some kind of human readable  texts
 * for cipher names.
 * for cipher names.


 * For example the cipher commonly known as  is identified
 * by  (in openssl) and has
 * as constant name. A definition is missing in IANA, but there is
 * It's each tool's responsibility to map the human readable cipher name
 * to the correct (hex, integer) identifier.
 * to the correct (hex, integer) identifier.


 * For example Firefox uses ,  which is what?


 * Furthermore, there are different acronyms for the same thing in use.
 * For example    and     both mean.
 * Comments in the openssl sources mention this. And for curiosity these
 * sources use both in cypher names but allow only   as shortcut in
 * openssl's `ciphers' command.


 * Next example is    which is also known as    or
 * or    or.


 * You think this is enough? Then have a look how many acronyms are used
 * for `Tripple DES'.


 * Compared to above, the interchangeable use of    vs.    in human
 * readable cipher names is just a very simple one. However, see openssl
 * again what following means (returns):

openssl ciphers -v RC4-MD5 openssl ciphers -v RC4+MD5 openssl ciphers -v RC4:-MD5 openssl ciphers -v RC4:!MD5 openssl ciphers -v RC4!MD5


 * Looking at all these oddities, it would be nice to have a common unique
 * naming scheme for cipher names. We have not. As the SSL/TLS protocol
 * just uses a number, it would be natural to use the number as uniq key
 * for all cipher names, at least as key in our internal sources.


 * Unfortunately, the assignment of ciphers to numbers changed over the
 * years, which means that the same number refers to a different cipher
 * depending on the standard, and/or tool, or version of a tool you use.


 * As a result, we cannot use human readable cipher names as identifier
 * (aka unique key), as there are to many aliases  for the same cipher.
 * And also the number cannot be used  as unique key, as a key may have
 * multiple ciphers assigned.

Content of this wiki page generated with: o-saft.pl --help=wiki