fropert_FTNT
Staff
Created on 03-01-2017 06:40 AM Edited on 06-02-2022 09:37 AM By Anonymous
Article Id
196363
Description
The automatic scanner tools mentioned below have been identified to incorrectly report FortiGate web admin GUI support "Secure Client-Initiated Renegotiation" or "Client-initiated Renegotiations".
a) testssl.sh (v2.8rc3 https://testssl.sh/) report
b) sslyze (https://github.com/iSECPartners/sslyze) report
c) thc-ssl-doc (v1.4 http://www.thc.org/thc-ssl-dos) report
d) openssl report
a) testssl.sh (v2.8rc3 https://testssl.sh/) report
Supposed result:
Secure Client-Initiated Renegotiation not vulnerable (OK)
Result aganist FortiGate web admin GUI:
"Secure Client-Initiated Renegotiation" - "VULNERABLE (NOT ok), DoS threat"
b) sslyze (https://github.com/iSECPartners/sslyze) report
Supposed result:
"Client-initiated Renegotiations: Rejected"
Result aganist FortiGate web admin GUI:
"Client-initiated Renegotiations: Honored" (v0.8) or
"Client-initiated Renegotiation: VULNERABLE - Server honors client-initiated renegotiations"
c) thc-ssl-doc (v1.4 http://www.thc.org/thc-ssl-dos) report
Supposed result:
Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].
Result against FortiGate web admin GUI:
Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
......
d) openssl report
Supposed result:
---
R
RENEGOTIATING
140565523859104:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:599:
#
Result aganist FortiGate web admin GUI:
---
R
RENEGOTIATING
depth=0 O = Fortinet Ltd., CN = FGVM00UNLICENSED
verify error:num=18:self signed certificate
verify return:1
depth=0 O = Fortinet Ltd., CN = FGVM00UNLICENSED
verify return:1
read:errno=0
#
(The connection will be terminated after the "read:errno=0" message)
Scope
All FortiGate versions starting from v4.3.12.
Solution
The web admin GUI has the SSL/TLS renegotiation support disabled in a special way since FortiGate 4.3.12 which may result in scanning tools incorrectly reporting that "Secure Client-Initiated Renegotiation" is supported, so such reports are false positives. Hence the FortiGate web admin GUI SSL/TLS service port (by default it is 443) will not be vulnerable by related DOS attacks.
Labels: