检测服务器是否开启重协商功能（用于CVE-2011-1473漏洞检测）

背景

　　由于服务器端的重新密钥协商的开销至少是客户端的10倍，因此攻击者可利用这个过程向服务器发起拒绝服务攻击。OpenSSL 1.0.2及以前版本受影响。

方法

　　使用OpenSSL（linux系统基本都自带）连接服务器进行测试：

　　　　- openssl s_client -connect ip:port
　　　　- HEAD / HTTP/1.0
　　　　- R

示例

　　服务器443端口开启重协商，使用openssl s_client -connect 172.31.0.22:443 连接测试（删除了部分证书信息）：

[root@localhost ~]# openssl s_client -connect 172.31.0.22:
CONNECTED()
depth= CN = HTTPS-Self-Signed-Certificate
verify error:num=:self signed certificate
verify return:
depth= CN = HTTPS-Self-Signed-Certificate
verify return:
---
Certificate chain
  s:/CN=HTTPS-Self-Signed-Certificate
   i:/CN=HTTPS-Self-Signed-Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
subject=/CN=HTTPS-Self-Signed-Certificate
issuer=/CN=HTTPS-Self-Signed-Certificate
---
No client certificate CA names sent
Server Temp Key: DH,  bits
---
SSL handshake has read  bytes and written  bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is  bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: AAF98A92D700189C29EEFE766769E6E5641BAC6A9AB96BC7D1302AE79D21CA06
    Session-ID-ctx:
    Master-Key: 36FC13A9ADBC82EB9E0CC60F9981E2A3D6A2BEC093A0415AFB2A843880174709BB1A87946AA698D95DA3788C72D621CB
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint:  (seconds)
    TLS session ticket:
    Start Time:
    Timeout   :  (sec)
    Verify return code:  (self signed certificate)
---
HEAD / HTTP/1.0
R
RENEGOTIATING
140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:

　　SSL握手完成后，输入HEAD / HTTP/1.0，然后回车，输入‘R’触发重协商，此时服务器报错并断开连接：

140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:

　　说明服务器重协商功能被关闭。

　　服务器4443端口开启重协商，使用openssl s_client -connect 172.31.0.22:4443 连接测试（删除了部分证书信息）：

[root@localhost ~]# openssl s_client -connect 172.31.0.22:
CONNECTED()
depth= CN = HTTPS-Self-Signed-Certificate
verify error:num=:self signed certificate
verify return:
depth= CN = HTTPS-Self-Signed-Certificate
verify return:
---
Certificate chain
  s:/CN=HTTPS-Self-Signed-Certificate
   i:/CN=HTTPS-Self-Signed-Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
subject=/CN=HTTPS-Self-Signed-Certificate
issuer=/CN=HTTPS-Self-Signed-Certificate
---
No client certificate CA names sent
---
SSL handshake has read  bytes and written  bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is  bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.
    Cipher    : AES256-SHA
    Session-ID: 6D0DF6EFC8491C9DEEB0161B85A47C101CF5DA9A9CD4EAA4EFCEEF46571A2A2F
    Session-ID-ctx:
    Master-Key: B3BBD776EA24230B37E7EF4B2EAF02D6D66185F12D3C87640308FB1996E0BDA4A94CDB35455D0E98A5C34AAAF6EA1C7F
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint:  (seconds)
    TLS session ticket:
    ......
    Start Time:
    Timeout   :  (sec)
    Verify return code:  (self signed certificate)
---
HEAD / HTTP/1.0
R
RENEGOTIATING
depth= CN = HTTPS-Self-Signed-Certificate
verify error:num=:self signed certificate
verify return:
depth= CN = HTTPS-Self-Signed-Certificate
verify return:
HEAD / HTTP/1.0

HTTP/1.1  Bad request
Date: Wed,  Sep  ::
Content-Length: 

^C

　　使用和上方所述相同的操作，发送‘R’触发重协商，可以看到重协商成功，连接正常，此时再次发送HEAD / HTTP/1.0 ，敲两次回车，得到服务器响应400。说明服务器重协商功能开启。

总结

　　通过OpenSSL连接服务器测试重协商功能，如果服务器重协商功能关闭则终端发送‘R’后会报错并断开连接。

参考资料

　　https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU

　　https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html