From 88129d810687a7f258ceb96935672de509323196 Mon Sep 17 00:00:00 2001 From: Josh Hall Date: Mon, 17 Aug 2020 20:01:02 -0400 Subject: [PATCH] add --start-tls option --- README.md | 5 +++++ Src/FullTest.cs | 48 ++++++++++++++++++++++++++++++++++++++++++-- Src/TestSSLServer.cs | 9 +++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c733786..d267536 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,11 @@ Options are: Using this extension may miss some supported cipher suites, if the server does not support EC-based suites without the client extension. + - `-st protocol` + + Negotiate TLS on ports that do not have always-on TLS. The supported + protocols at this time ar `FTP` and `SMTP`. + - `-text fname` Produce a text report (readable by humans) into the designated diff --git a/Src/FullTest.cs b/Src/FullTest.cs index 194f9eb..26e9d8b 100644 --- a/Src/FullTest.cs +++ b/Src/FullTest.cs @@ -196,6 +196,15 @@ internal int ConnectionWait { } } + internal string StartTls { + get { + return startTls; + } + set { + startTls = value; + } + } + bool verbose; TextWriter debugLog; int minVersion; @@ -210,6 +219,7 @@ internal int ConnectionWait { bool proxSSL; int readTimeout; int connectionWait; + string startTls; Report rp; SSLTestBuilder tb; @@ -601,6 +611,40 @@ internal Report Run() return rp; } + Stream PrepareStream(Stream stream) + { + if (startTls != null) { + StreamReader r = new StreamReader(stream); + StreamWriter w = new StreamWriter(stream); + switch (startTls) { + case "FTP": + w.AutoFlush = true; + r.ReadLine(); + w.WriteLine("AUTH TLS"); + r.ReadLine(); + break; + case "SMTP": + w.AutoFlush = true; + string response; + do {response = r.ReadLine();} while (response[3] == '-'); + w.WriteLine("EHLO TestSSLServer"); + bool TlsEnabled = false; + do { + response = r.ReadLine(); + TlsEnabled |= response.EndsWith("STARTTLS"); + } while (response[3] == '-'); + if (TlsEnabled) + { + w.WriteLine("STARTTLS"); + do { response = r.ReadLine(); } while (response[3] == '-'); + } + else throw new InvalidOperationException("TLS not supported"); + break; + } + } + return stream; + } + Stream OpenConnection() { if (connectionWait > 0) { @@ -609,7 +653,7 @@ Stream OpenConnection() if (proxName == null) { TcpClient tc = new TcpClient(serverName, serverPort); - return tc.GetStream(); + return PrepareStream(tc.GetStream()); } Stream ns = null; @@ -624,7 +668,7 @@ Stream OpenConnection() HTTPProx hp = new HTTPProx(); Stream ns2 = hp.DoProxy(ns, serverName, serverPort); ns = null; - return ns2; + return PrepareStream(ns2); } finally { if (ns != null) { try { diff --git a/Src/TestSSLServer.cs b/Src/TestSSLServer.cs index ec3794e..1abbbe4 100644 --- a/Src/TestSSLServer.cs +++ b/Src/TestSSLServer.cs @@ -38,6 +38,8 @@ static void Usage() Console.WriteLine( " -noec try connecting without a 'supported curves' extension"); Console.WriteLine( +" -st protocol negotiate TLS connection (FTP, SMTP)"); + Console.WriteLine( " -text fname write text report in file 'fname' ('-' = stdout)"); Console.WriteLine( " -json fname write JSON report in file 'fname' ('-' = stdout)"); @@ -187,6 +189,13 @@ static void Process(string[] args) } logName = args[i]; break; + case "-st": + case "--start-tls": + if (++ i >= args.Length) { + Usage(); + } + ft.StartTls = args[i].ToUpperInvariant(); + break; default: if (a.Length > 0 && a[0] == '-') { Usage();