mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Merge branch '2.9dev' into mass_testing_command_line_error
This commit is contained in:
commit
01fb0ba9a2
56
testssl.sh
56
testssl.sh
@ -3556,23 +3556,23 @@ run_client_simulation() {
|
|||||||
else
|
else
|
||||||
pr_headline " Running client simulations via openssl "
|
pr_headline " Running client simulations via openssl "
|
||||||
prln_warning " Depending on your openssl client you may get false results"
|
prln_warning " Depending on your openssl client you may get false results"
|
||||||
fileout "client_simulation" "WARNING" "Depending on your openssl client you may false results"
|
fileout "client_simulation" "WARNING" "Depending on your openssl client you may encounter false results"
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
debugme tmln_out
|
debugme echo
|
||||||
|
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
out " Browser Protocol Cipher Suite Name (OpenSSL) "
|
out " Browser Protocol Cipher Suite Name (OpenSSL) "
|
||||||
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
||||||
outln
|
outln
|
||||||
out "------------------------------------------------------------------------------"
|
out "--------------------------------------------------------------------------"
|
||||||
else
|
else
|
||||||
out " Browser Protocol Cipher Suite Name (RFC) "
|
out " Browser Protocol Cipher Suite Name (RFC) "
|
||||||
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
||||||
outln
|
outln
|
||||||
out "----------------------------------------------------------------------------------------------"
|
out "------------------------------------------------------------------------------------------"
|
||||||
fi
|
fi
|
||||||
( "$using_sockets" || "$HAS_DH_BITS") && out "----------------------"
|
( "$using_sockets" || "$HAS_DH_BITS") && out "----------------------"
|
||||||
outln
|
outln
|
||||||
@ -3581,7 +3581,7 @@ run_client_simulation() {
|
|||||||
if ${current[i]} ; then
|
if ${current[i]} ; then
|
||||||
# for ANY we test this service or if the service we determined from STARTTLS matches
|
# for ANY we test this service or if the service we determined from STARTTLS matches
|
||||||
if [[ "${service[i]}" == "ANY" ]] || grep -q "$client_service" <<< "${service[i]}"; then
|
if [[ "${service[i]}" == "ANY" ]] || grep -q "$client_service" <<< "${service[i]}"; then
|
||||||
out " $(printf -- "%-33s" "${names[i]}")"
|
out " $(printf -- "%-29s" "${names[i]}")"
|
||||||
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
||||||
client_simulation_sockets "${handshakebytes[i]}"
|
client_simulation_sockets "${handshakebytes[i]}"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
@ -3593,7 +3593,7 @@ run_client_simulation() {
|
|||||||
[[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE
|
[[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
! "$HAS_NO_SSL2" && protos[i]="$(sed 's/-no_ssl2//' <<< "${protos[i]}")"
|
"$HAS_NO_SSL2" || protos[i]="$(sed 's/-no_ssl2//' <<< "${protos[i]}")"
|
||||||
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
||||||
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
@ -3638,17 +3638,11 @@ run_client_simulation() {
|
|||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
if [[ $sclient_success -eq 0 ]]; then
|
if [[ $sclient_success -eq 0 ]]; then
|
||||||
case "$tls" in
|
case "$tls" in
|
||||||
"-tls1_2")
|
"-tls1_2") break ;;
|
||||||
break
|
"-tls1_1") proto="TLSv1.1"
|
||||||
;;
|
break ;;
|
||||||
"-tls1_1")
|
"-tls1") proto="TLSv1.0"
|
||||||
proto="TLSv1.1"
|
break ;;
|
||||||
break
|
|
||||||
;;
|
|
||||||
"-tls1")
|
|
||||||
proto="TLSv1.0"
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -3664,9 +3658,9 @@ run_client_simulation() {
|
|||||||
if ! "$WIDE"; then
|
if ! "$WIDE"; then
|
||||||
out "$proto $cipher"
|
out "$proto $cipher"
|
||||||
elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
out "$(printf -- "%-7s %-33s" "$proto" "$cipher")"
|
out "$(printf -- "%-7s %-34s" "$proto" "$cipher")"
|
||||||
else
|
else
|
||||||
out "$(printf -- "%-7s %-49s" "$proto" "$cipher")"
|
out "$(printf -- "%-7s %-50s" "$proto" "$cipher")"
|
||||||
fi
|
fi
|
||||||
if ! "$WIDE"; then
|
if ! "$WIDE"; then
|
||||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
||||||
@ -11283,32 +11277,34 @@ EOF
|
|||||||
prepare_arrays() {
|
prepare_arrays() {
|
||||||
local hexc mac ossl_ciph
|
local hexc mac ossl_ciph
|
||||||
local ossl_supported_tls="" ossl_supported_sslv2=""
|
local ossl_supported_tls="" ossl_supported_sslv2=""
|
||||||
|
local -i i=0
|
||||||
|
|
||||||
if [[ -e "$CIPHERS_BY_STRENGTH_FILE" ]]; then
|
if [[ -e "$CIPHERS_BY_STRENGTH_FILE" ]]; then
|
||||||
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
||||||
ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
ossl_supported_tls="$($OPENSSL ciphers -tls1 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
||||||
while read hexc n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] mac TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do
|
while read hexc n TLS_CIPHER_OSSL_NAME[i] TLS_CIPHER_RFC_NAME[i] TLS_CIPHER_SSLVERS[i] TLS_CIPHER_KX[i] TLS_CIPHER_AUTH[i] TLS_CIPHER_ENC[i] mac TLS_CIPHER_EXPORT[i]; do
|
||||||
TLS_CIPHER_HEXCODE[TLS_NR_CIPHERS]="$hexc"
|
TLS_CIPHER_HEXCODE[i]="$hexc"
|
||||||
TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=false
|
TLS_CIPHER_OSSL_SUPPORTED[i]=false
|
||||||
if [[ ${#hexc} -eq 9 ]]; then
|
if [[ ${#hexc} -eq 9 ]]; then
|
||||||
# >= SSLv3 ciphers
|
# >= SSLv3 ciphers
|
||||||
if [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
if [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
||||||
[[ ":${ossl_supported_tls}:" =~ ":${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
[[ ":${ossl_supported_tls}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
|
||||||
else
|
else
|
||||||
ossl_ciph="$(awk '/\<'"$hexc"'\>/ { print $3 }' <<< "$ossl_supported_tls")"
|
ossl_ciph="$(awk '/\<'"$hexc"'\>/ { print $3 }' <<< "$ossl_supported_tls")"
|
||||||
if [[ -n "$ossl_ciph" ]]; then
|
if [[ -n "$ossl_ciph" ]]; then
|
||||||
TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
TLS_CIPHER_OSSL_SUPPORTED[i]=true
|
||||||
[[ "$ossl_ciph" != "${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}" ]] && TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]="$ossl_ciph"
|
[[ "$ossl_ciph" != "${TLS_CIPHER_OSSL_NAME[i]}" ]] && TLS_CIPHER_OSSL_NAME[i]="$ossl_ciph"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
||||||
[[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
[[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
|
||||||
else
|
else
|
||||||
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[TLS_NR_CIPHERS]=true
|
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[i]=true
|
||||||
fi
|
fi
|
||||||
TLS_NR_CIPHERS+=1
|
i+=1
|
||||||
done < "$CIPHERS_BY_STRENGTH_FILE"
|
done < "$CIPHERS_BY_STRENGTH_FILE"
|
||||||
fi
|
fi
|
||||||
|
TLS_NR_CIPHERS=i
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user