Author Topic: Your SSL client is Bad(SOLVED!)  (Read 6879 times)

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Your SSL client is Bad(SOLVED!)
« on: May 29, 2014, 05:35:02 am »
I am using Peppermint since a few hours. I used it earlier with great satisfaction. Now I saw in Windows with another laptop the site:https://www.howsmyssl.com/ Now I got this:

Your SSL client is Bad.

Check out the sections below for information about the SSL/TLS client you used to render this page.

Yeah, we really mean "TLS", not "SSL".
Version

Bad Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.

Learn More
Ephemeral Key Support

Good Ephemeral keys are used in some of the cipher suites your client supports. This means your client may be used to provide forward secrecy if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up large amounts of encrypted traffic and store them until their attacks (or their computers) improve.

Learn More
Session Ticket Support

Good Session tickets are supported in your client. Services you use will be able to scale out their TLS connections more easily with this feature.

Learn More
TLS Compression

Good Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the CRIME attack.

Learn More
BEAST Vulnerability

Good Your client is not vulnerable to the BEAST attack. While it's using TLS 1.0 in conjunction with Cipher-Block Chaining cipher suites, it has implemented the 1/n-1 record splitting mitigation.

Learn More
Insecure Cipher Suites

Bad Your client supports cipher suites that are known to be insecure:

    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher was meant to die with SSL 3.0 and is of unknown safety.

Learn More
Given Cipher Suites

The cipher suites your client said it supports, in the order it sent them, are:

    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_RSA_WITH_RC4_128_SHA
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_SEED_CBC_SHA
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_RC4_128_MD5
    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA

Learn More

What can I do to solve this?
« Last Edit: May 31, 2014, 08:27:10 am by molen »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #1 on: May 29, 2014, 04:57:37 pm »
Make sure the "security" repository is enabled .. and run a full system update:-

Open a terminal (Ctrl+Alt+T) and run these commands in sequence:
Code: [Select]
sudo apt-get updatethen
Code: [Select]
sudo apt-get upgradethen
Code: [Select]
sudo apt-get dist-upgradethen REBOOT.

Now test your link.



If your link still says there's a problem .. post the output from:
Code: [Select]
dpkg -l | grep openssland
Code: [Select]
openssl version -a | grep built


My Peppermint 4 system is running
openssl                                       1.0.1c-4ubuntu8.2
from the security repo .. and the website you linked to states:-
Your SSL client is Probably Okay
« Last Edit: May 29, 2014, 05:11:07 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #2 on: May 29, 2014, 11:56:27 pm »
Still the same after your suggestion:
After: dpkg -l | grep openssl I got this:
ii  openssl                              1.0.1c-4ubuntu8.2                        i386         Secure Socket Layer (SSL) binary and related cryptographic tools
ii  python-openssl                       0.13-2ubuntu3.1                          i386         Python 2 wrapper around the OpenSSL library
After: openssl version -a | grep built
built on: Wed Jan  8 20:52:33 UTC 2014

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #3 on: May 30, 2014, 09:13:12 am »
Update to the 13.10 versions of openssl and libssl1.0.0

The following instructions are for Peppermint 4 32bit ONLY

Run these commands in sequence:
Code: [Select]
mkdir ~/Desktop/saucy-opensslthen
Code: [Select]
cd ~/Desktop/saucy-opensslthen
Code: [Select]
wget https://launchpad.net/ubuntu/+archive/primary/+files/openssl_1.0.1e-3ubuntu1.3_i386.deb https://launchpad.net/ubuntu/+archive/primary/+files/libssl1.0.0_1.0.1e-3ubuntu1.3_i386.debthen
Code: [Select]
suso dpkg -i *.debthen REBOOT.

Now test your link.
https://www.howsmyssl.com

Also check that:
Code: [Select]
openssl version -a | grep builtreports:-
built on: Fri May  2 20:24:08 UTC 2014



In reality, unless you're running a web server this is all unnecessary .. but it won't hurt either ;)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #4 on: May 30, 2014, 09:26:11 am »
The first command doesn't work. It says: may directory '/ home / bert / Desktop / saucy-openssl' not create: No such file or directory does not exist What now to do?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #5 on: May 30, 2014, 09:42:22 am »
Copy and paste the commands into the terminal
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #6 on: May 30, 2014, 09:59:00 am »
The laptop keeps on saying the same after typing these commands in the terminal!! What now?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #7 on: May 30, 2014, 10:20:14 am »
Explain better please .. "doing the same" ? .. what does that mean ?

it's not accepting the command, or the link still says the same after successfully installing ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #8 on: May 31, 2014, 12:55:34 am »
it's not accepting the command. So what now?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #9 on: May 31, 2014, 01:40:54 am »
are you copying and pasting these commands, because it *should* accept those commands.

unless for some reason you don't have a "Desktop" directory.

can you post the EXACT output that's returned when you try to run the command.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #10 on: May 31, 2014, 01:49:12 am »
The command I get translated is the following:
mkdir: can '/ home / bert / Desktop / saucy-openssl' not create: No such file or directory does not exist
I hope you can help me!!Thank you for your efforts.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #11 on: May 31, 2014, 02:59:22 am »
I don't want it translated .. I want it EXACTLY how the terminal presents it.

What you're showing me has spaces where there shouldn't be any.

Are you copying the commands and pasting them into the terminal ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #12 on: May 31, 2014, 03:26:29 am »
I have tried again and got some success:
After I typed: dpkg -l | grep openssl  + openssl version -a | grep built I got this result:
ii  openssl                              1.0.1e-3ubuntu1.3                        i386         Secure Socket Layer (SSL) binary and related cryptographic tools
ii  python-openssl                       0.13-2ubuntu3.1                          i386         Python 2 wrapper around the OpenSSL library

built on: Fri May  2 20:24:08 UTC 2014
Is that enough, because when I ran How'sMYSSL.COM I got the same result as before. What now?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Your SSL client is Bad
« Reply #13 on: May 31, 2014, 03:34:59 am »
Well that's a patched version of SSL .. so I don't know why that site is still giving you the same result unless it's coming from your web cache.

have you tried clearing the browsers cache.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline molen

  • Newly Subscribed
  • *
  • Posts: 23
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 4
Re: Your SSL client is Bad
« Reply #14 on: May 31, 2014, 06:57:53 am »
Hello PCNETSPEC,
First of all I want to thank you for your efforts to help me!! I cleared the cache of Firefox, but the result give the same result.  I hear further from you.