openssl-ccs-cve-2014-0224.go

package main

import (
	"bufio"
	"my-tls"
	"flag"
	"fmt"
	"net"
	"os"
	"strings"
)

var protocol = "NONE"
var serverName = ""
var maxVersion uint16 = tls.VersionTLS12;

func submit_request(conn net.Conn) {
	switch {
	case protocol == "HTTP":
		submit_http_request(conn)
	case protocol == "NONE":
		// Do nothing.
		break
	}
}

func submit_http_request(conn net.Conn) {
	// Submit HTTP request.
	fmt.Printf("> GET / HTTP/1.0\n")
	fmt.Fprintf(conn, "GET / HTTP/1.0\r\n\r\n")

	// Read the first line of the HTTP response.
	firstline, err := bufio.NewReader(conn).ReadString('\n')
	if err != nil {
		fmt.Println("Error reading reasponse")
		os.Exit(0)
	}

	fmt.Printf("< %v\n", firstline)
}

func main() {
	var conf_protocol = flag.String("p", "NONE", "Select protocol; only HTTP supported at this time")
	var conf_servername = flag.String("n", "", "Server name to use in the SNI extension")
	var conf_tlsversion = flag.String("t", "", "Maximum TLS protocol version to use")

	flag.Parse()

	if (*conf_protocol != "HTTP") && (*conf_protocol != "NONE") {
		fmt.Printf("Unknown protocol: %v\n", *conf_protocol)
		os.Exit(9)
	} else {
		protocol = *conf_protocol
	}

	if *conf_servername != "" {
		serverName = *conf_servername
	}

	if *conf_tlsversion != "" {
		if *conf_tlsversion == "tlsv1_2" {
			maxVersion = tls.VersionTLS12
		} else
		if *conf_tlsversion == "tlsv1_1" {
			maxVersion = tls.VersionTLS11
		} else
		if *conf_tlsversion == "tlsv1" {
			maxVersion = tls.VersionTLS10
		} else {
			fmt.Printf("Unknown TLS protocol: %v\n", *conf_tlsversion)
			os.Exit(9)
		}
	}

	args := flag.Args()

	if len(args) != 1 {
		fmt.Fprintf(os.Stderr, "Please give hostname (and, optionally, a port) as the only argument.\n")
		os.Exit(9)
	}

	target := args[0]
	if !strings.Contains(target, ":") {
		target += ":443"
	}

	conn, err := tls.Dial("tcp", target, &tls.Config{InsecureSkipVerify: true, ServerName: serverName, MaxVersion: maxVersion})
	if err != nil {
		fmt.Printf("\x1b[33mNormal handshake failed. Cannot test.\x1b[0m\n")
		os.Exit(9)
	}
	conn.Close()

	conn, err = tls.Dial("tcp", target, &tls.Config{InsecureSkipVerify: true, ServerName: serverName, MaxVersion: maxVersion, EarlyCCS: 1})
	if err == nil {
		submit_request(conn)

		fmt.Printf("\x1b[31mServer is affected (1.0.1).\x1b[0m\n")
		os.Exit(1)
	}

	conn, err = tls.Dial("tcp", target, &tls.Config{InsecureSkipVerify: true, ServerName: serverName, MaxVersion: maxVersion, EarlyCCS: 2})
	if err == nil {
		submit_request(conn)

		fmt.Printf("\x1b[31mServer is affected (0.9.8 or 1.0.0).\x1b[0m\n")
		os.Exit(2)
	}

	fmt.Fprintf(os.Stderr, "Handshake failed with error: %s\n", err)
	fmt.Printf("\x1b[32mLooks ok.\x1b[0m\n")
	os.Exit(0)
}