[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SSL server experiment
Here is a perl script which connects to a netscape-style "https" server.
The results of running it with "https.pl home1.mcom.com 443" is:
Attempting connection to 198.93.93.10
Connected
Sent message, length 40
Received length = 502
Message type = 4
Session ID Hit flag = 0
Certificate type = 1
Server version = 2
Certificate length = 472
Cipher specs length = 3
Conn ID length = 16
Supported ciphers:
RC4_EXPORT40, 128 bits
This way you can see which of the 5 cipher options (RC4 or RC2 in full
and export versions, plus IDEA) are supported by any given server. You
always use port 443 and just specify the machine name. I was a
little surprised that Netscape's own server is only running the 40 bit
version. I hope the export restrictions will not prevent the use of
full strength ciphers.
Here is the script, which I call https.pl:
#!/usr/local/bin/perl
# Perl script to test connection to http ssl port
# Usage: https machine port
# Standard internet stuff
$AF_INET = 2;
$SOCK_STREAM = 1;
($name, $aliases, $proto) = getprotobyname('tcp');
$sockaddr = 'S n a4 x8';
# Parse
if (@ARGV == 2) {
($them, $port) = @ARGV;
} else {
die "Usage: $0 machine port\n";
}
select (S); $| = 1; select (STDOUT);
socket (S, $AF_INET, $SOCK_STREAM, $proto) || die "socket: $!";
($name, $aliases, $type, $len, $thataddr) = gethostbyname($them);
$that = pack ($sockaddr, $AF_INET, $port, $thataddr);
@thataddr = unpack('C4', $thataddr);
$thataddr = join('.', @thataddr);
print "Attempting connection to $thataddr\n";
die $! unless connect (S, $that);
print "Connected\n";
$cli_hello = 1;
$vers = 2;
$msg = pack ("C n4", $cli_hello, $vers, 5*3, 0, 16);
$challenge = pack ("d2", rand, rand); #16 bytes
$cspecs = pack ("Cn"x5, 1, 128, 2, 128, 3, 128, 4, 128, 5, 128);
$len = 1+8+5*3+0+16 + 32768;
$h = pack("n", $len);
$totmsg = pack("a2 a9 a15 a16", $h, $msg, $cspecs, $challenge);
print S $totmsg;
print "Sent message, length ", $len-32768, "\n";
# Now for the interesting part
read (S, $phd, 2);
($slen) = unpack ("n", $phd);
print "Received length = ", $slen-32768, "\n";
read (S, $pm1, 11);
($smsg, $ssess, $scert, $sver, $sclen, $scspeclen, $scidlen) =
unpack ("C3 n4", $pm1);
print "Message type = $smsg\n";
print "Session ID Hit flag = $ssess\n";
print "Certificate type = $scert\n";
print "Server version = $sver\n";
print "Certificate length = $sclen\n";
print "Cipher specs length = $scspeclen\n";
print "Conn ID length = $scidlen\n";
if ($sclen) {
read (S, $scert, $sclen);
}
read (S, $pspecs, $scspeclen);
$nscspecs = $scspeclen / 3;
@scspecs = unpack ("Cn" x $nscspecs, $pspecs);
@ciphernames = ( "(undefined)", "RC4", "RC4_EXPORT40", "RC2",
"RC2_EXPORT40", "IDEA" );
print "Supported ciphers:\n";
for ($i=0; $i<$nscspecs; ++$i) {
printf ("\t%s, %d bits\n", @ciphernames[@scspecs[2*$i]],
@scspecs[2*$i+1]);
}
read (S, $scid, $scidlen);
close S;
exit 0;