Separate SSL and SRVSSL options for client and server connections

Author: Chocapikk

documentation/modules/auxiliary/server/capture/ftp.md

@@ -19,10 +19,11 @@ This module creates a mock FTP server which accepts credentials before throwing
   * `Serv-U FTP Server v15.0 ready...`
   * `ProFTPD 1.3.4a Server (FTP-Server)`
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used, making this FTPS.  FTPS is typically run on port 990.  If `SSLCert` is not set, a certificate
-  will be automatically generated.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server, making this FTPS.  FTPS is typically run on port 990.  If `SSLCert` is not set,
+  a certificate will be automatically generated.  Default is `False`. Note: This option is separate from the `SSL` option which
+  controls client connections.
 
 ### SSLCert
 
@@ -147,8 +148,8 @@ mVuIIRbrDW/sOgu2Viis
 msf > use auxiliary/server/capture/ftp
 msf auxiliary(server/capture/ftp) > set srvport 990
 srvport => 990
-msf auxiliary(server/capture/ftp) > set ssl true
-ssl => true
+msf auxiliary(server/capture/ftp) > set srvssl true
+srvssl => true
 msf auxiliary(server/capture/ftp) > set sslcert /root/metasploit-framework/selfsigned.pem
 sslcert => /root/metasploit-framework/selfsigned.pem
 msf auxiliary(server/capture/ftp) > run

documentation/modules/auxiliary/server/capture/http_basic.md

@@ -23,10 +23,11 @@ This module creates a mock web server which, utilizing a HTTP 401 response, prom
 
   After the user enters a set of credentials, their browser will be redirected to this address.  Default is ``.
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used, making this HTTPS.  HTTPS is typically run on port 443.  If `SSLCert` is not set, a certificate
-  will be automatically generated.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server, making this HTTPS.  HTTPS is typically run on port 443.  If `SSLCert` is not set,
+  a certificate will be automatically generated.  Default is `False`. Note: This option is separate from the `SSL` option which
+  controls client connections.
 
 ### SSLCert
 
@@ -156,8 +157,8 @@ Oj6N43ld9EONST6BhP3v1buoWHi1FMouocrUkUDuahiHoLlK4ERSUrb4uNnwko24
 WdNCCmA8APA1qf2BYVqs
 -----END CERTIFICATE-----
 msf > use auxiliary/server/capture/http_basic 
-msf auxiliary(server/capture/http_basic) > set ssl true
-ssl => true
+msf auxiliary(server/capture/http_basic) > set srvssl true
+srvssl => true
 msf auxiliary(server/capture/http_basic) > set srvport 443
 srvport => 443
 msf auxiliary(server/capture/http_basic) > set sslcert /root/metasploit-framework/selfsigned.pem

documentation/modules/auxiliary/server/capture/imap.md

@@ -20,10 +20,11 @@ This module creates a mock IMAP server which accepts credentials.
   * `The Microsoft Exchange IMAP4 service is ready.`
   * `Microsoft Exchange Server 2003 IMAP4rev1 server versino 6.5.7638.1 (domain.local) ready.`
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used, making this Secure IMAP.  Secure IMAP is typically run on port 993.  If `SSLCert` is not set, a certificate
-  will be automatically generated.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server, making this Secure IMAP.  Secure IMAP is typically run on port 993.
+  If `SSLCert` is not set, a certificate will be automatically generated.  Default is `False`. Note: This option is separate
+  from the `SSL` option which controls client connections.
 
 ### SSLCert
 
@@ -144,8 +145,8 @@ l/m7Kka0n7lXnKo+IFSJ0dTooBvwaV7+4tEGuHxWJsNO+2aex9qFCuDUdBFxyWyK
 uBVlsY6F7EjTfWpxwyVP
 -----END CERTIFICATE-----
 msf > use auxiliary/server/capture/imap 
-msf auxiliary(server/capture/imap) > set ssl true
-ssl => true
+msf auxiliary(server/capture/imap) > set srvssl true
+srvssl => true
 msf auxiliary(server/capture/imap) > set sslcert /root/metasploit-framework/selfsigned.pem
 sslcert => /root/metasploit-framework/selfsigned.pem
 msf auxiliary(server/capture/imap) > set srvport 993

documentation/modules/auxiliary/server/capture/mysql.md

@@ -24,9 +24,9 @@ This module creates a mock MySQL server which accepts credentials.  Upon receivi
 
   The MySQL version to print in the login banner.  Default is `5.5.16`.
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server.  Default is `False`. Note: This option is separate from the `SSL` option which controls client connections.
 
 ### SSLCert
 

documentation/modules/auxiliary/server/capture/postgresql.md

@@ -9,9 +9,9 @@ This module creates a mock PostgreSQL server which accepts credentials.  Upon re
 
 ## Options
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server.  Default is `False`. Note: This option is separate from the `SSL` option which controls client connections.
 
 ### SSLCert
 

documentation/modules/auxiliary/server/capture/telnet.md

@@ -12,9 +12,9 @@ This module creates a mock telnet server which accepts credentials.  Upon receiv
 
   The Banner which should be displayed.  Default is empty, which will display `Welcome`.
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server.  Default is `False`. Note: This option is separate from the `SSL` option which controls client connections.
 
 ### SSLCert
 

documentation/modules/auxiliary/server/capture/vnc.md

@@ -16,9 +16,9 @@ This module creates a mock VNC server which accepts credentials.  Upon receiving
 
   Write a file containing a John the Ripper format for cracking the credentials.  Default is ``.
 
-### SSL
+### SRVSSL
 
-  Boolean if SSL should be used.  Default is `False`.
+  Boolean if SSL/TLS should be used for the server.  Default is `False`. Note: This option is separate from the `SSL` option which controls client connections.
 
 ### SSLCert
 

lib/msf/core/exploit/remote/http_server.rb

@@ -111,22 +111,23 @@ def check_dependencies
   #   ServerPort => Override the server port to listen on (default to SRVPORT).
   #   Uri        => The URI to handle and the associated procedure to call.
   #
-  #
-  # TODO: This must be able to take an SSL parameter and not rely
-  # completely on the datastore. (See dlink_upnp_exec_noauth)
+  # SSL configuration for the server is controlled by the SRVSSL datastore option
+  # (separate from SSL which is used for client connections). The ssl() method
+  # returns the SRVSSL value, ensuring server and client SSL are independent.
+  # If opts['Ssl'] is provided, it will override the SRVSSL datastore option.
   def start_service(opts = {})
 
-    # Keep compatibility with modules that don't pass the ssl option to the start server but rely on the datastore instead.
-    opts['ssl'] = opts['ssl'].nil? ? datastore['SSL'] : opts['ssl']
-
     check_dependencies
 
+    # Use opts['Ssl'] if provided, otherwise use the SRVSSL datastore option
+    server_ssl = opts.has_key?('Ssl') ? opts['Ssl'] : ssl
+
     # Start a new HTTP server service.
     self.service = Rex::ServiceManager.start(
       Rex::Proto::Http::Server,
       (opts['ServerPort'] || bindport).to_i,
       opts['ServerHost'] || bindhost,
-      opts['ssl'],
+      server_ssl,
       {
         'Msf'        => framework,
         'MsfExploit' => self,
@@ -152,7 +153,7 @@ def start_service(opts = {})
       'Path' => opts['Path'] || resource_uri
     }.update(opts['Uri'] || {})
 
-    proto = (opts['ssl'] ? "https" : "http")
+    proto = (server_ssl ? "https" : "http")
 
     # SSLCompression may or may not actually be available. For example, on
     # Ubuntu, it's disabled by default, unless the correct environment
@@ -437,7 +438,8 @@ def get_uri(cli=self.cli)
     # The resource won't exist until the server is started
     return unless resource
 
-    ssl = !!(datastore["SSL"])
+    # Use ssl() method which returns SRVSSL (separate from SSL for client connections)
+    ssl = !!ssl()
     proto = (ssl ? "https://" : "http://")
     if datastore['URIHOST']
       host = datastore['URIHOST']

lib/msf/core/exploit/remote/socket_server.rb

@@ -20,6 +20,7 @@ def initialize(info = {})
       [
         OptAddressLocal.new('SRVHOST', [ true, 'The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.', '0.0.0.0' ]),
         OptPort.new('SRVPORT',    [ true, "The local port to listen on.", 8080 ]),
+        OptBool.new('SRVSSL', [ false, 'Negotiate SSL/TLS for the server (overrides SSL option for server-side connections)', false])
 
       ], Msf::Exploit::Remote::SocketServer
     )

lib/msf/core/exploit/remote/tcp_server.rb

@@ -18,7 +18,6 @@ def initialize(info = {})
 
     register_options(
       [
-        OptBool.new('SSL',        [ false, 'Negotiate SSL for incoming connections', false]),
         # SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
         OptPath.new('SSLCert',    [ false, 'Path to a custom SSL certificate (default is randomly generated)'])
       ], Msf::Exploit::Remote::TcpServer
@@ -111,10 +110,11 @@ def start_service(opts = {})
   end
 
   #
-  # Returns the SSL option
+  # Returns the SSL option for the server
+  # Uses SRVSSL which is separate from the SSL option (for client connections)
   #
   def ssl
-    datastore['SSL']
+    datastore['SRVSSL']
   end
 
   #