- prettyprint_local now also can do word pattern matching
- help improved - put the stripping of leading 0 into normalize_cipher_code where it belonged - the latter makes a modified mapping-rfc.txt necessary!
This commit is contained in:
parent
f45d85617b
commit
049a945abc
47
testssl.sh
47
testssl.sh
|
@ -431,27 +431,33 @@ normalize_ciphercode() {
|
||||||
fi
|
fi
|
||||||
HEXC="$part1$part2$part3"
|
HEXC="$part1$part2$part3"
|
||||||
fi
|
fi
|
||||||
HEXC=`echo $HEXC | tr 'A-Z' 'a-z'` #tolower
|
HEXC=`echo $HEXC | tr 'A-Z' 'a-z' | sed 's/0x/x/'` #tolower + strip leading 0
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
prettyprint_local() {
|
prettyprint_local() {
|
||||||
if [ -z "$1" ]; then
|
blue "--> Displaying all local ciphers";
|
||||||
blue "--> Displaying all local ciphers"; outln "\n"
|
if [ ! -z "$1" ]; then
|
||||||
|
blue "matching word pattern "\"$1\"" (ignore case)";
|
||||||
fi
|
fi
|
||||||
|
outln "\n"
|
||||||
|
|
||||||
neat_header
|
neat_header
|
||||||
|
|
||||||
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslversmin kx auth enc mac export; do
|
if [ -z "$1" ]; then
|
||||||
normalize_ciphercode $hexcode
|
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslvers kx auth enc mac export ; do
|
||||||
if [ -n "$1" ]; then
|
normalize_ciphercode $hexcode
|
||||||
echo $HEXC | grep -iq "$1" || continue
|
neat_list $HEXC $ciph $kx $enc | strings
|
||||||
fi
|
done
|
||||||
neat_list $HEXC $ciph $kx $enc
|
else
|
||||||
outln
|
for arg in `echo $@ | sed 's/,/ /g'`; do
|
||||||
done
|
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslvers kx auth enc mac export ; do
|
||||||
|
normalize_ciphercode $hexcode
|
||||||
|
neat_list $HEXC $ciph $kx $enc | strings | grep -wai "$arg"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -566,14 +572,13 @@ neat_header(){
|
||||||
}
|
}
|
||||||
|
|
||||||
neat_list(){
|
neat_list(){
|
||||||
hexc=`echo $1 | sed 's/0x/x/'`
|
|
||||||
kx=`echo $3 | sed 's/Kx=//g'`
|
kx=`echo $3 | sed 's/Kx=//g'`
|
||||||
enc=`echo $4 | sed 's/Enc=//g'`
|
enc=`echo $4 | sed 's/Enc=//g'`
|
||||||
strength=`echo $enc | sed -e 's/.*(//' -e 's/)//'` # strength = encryption bits
|
strength=`echo $enc | sed -e 's/.*(//' -e 's/)//'` # strength = encryption bits
|
||||||
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305/ly1305/g'` # workaround for empty bits ChaCha20-Poly1305
|
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305/ly1305/g'` # workaround for empty bits ChaCha20-Poly1305
|
||||||
enc=`echo $enc | sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g'` # workaround for empty bits ChaCha20-Poly1305
|
enc=`echo $enc | sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g'` # workaround for empty bits ChaCha20-Poly1305
|
||||||
echo "$export" | grep -iq export && strength="$strength,export"
|
echo "$export" | grep -iq export && strength="$strength,export"
|
||||||
$ECHO " %-7s %-30s %-10s %-11s%-11s${MAP_RFC_FNAME:+ %-48s}${SHOW_EACH_C:+ }" "$hexc" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
|
$ECHO " %-7s %-30s %-10s %-11s%-11s${MAP_RFC_FNAME:+ %-48s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
|
||||||
}
|
}
|
||||||
|
|
||||||
test_just_one(){
|
test_just_one(){
|
||||||
|
@ -1488,7 +1493,7 @@ $PRG <options>
|
||||||
<-b|--banner> displays banner + version
|
<-b|--banner> displays banner + version
|
||||||
<-v|--version> same as above
|
<-v|--version> same as above
|
||||||
<-V|--local> pretty print all local ciphers
|
<-V|--local> pretty print all local ciphers
|
||||||
<-V|--local> <hexcode> what cipher is <pattern hexcode>?
|
<-V|--local> <pattern> what local cipher with <pattern> is a/v?
|
||||||
|
|
||||||
$PRG <options> URI
|
$PRG <options> URI
|
||||||
|
|
||||||
|
@ -1510,13 +1515,13 @@ $PRG <options> URI
|
||||||
<-H|--header|--headers> check for HSTS, HPKP and server/application banner string
|
<-H|--header|--headers> check for HSTS, HPKP and server/application banner string
|
||||||
|
|
||||||
<-t|--starttls> host:port <ftp|smtp|pop3|imap|xmpp|telnet> <SNI hostname> *)
|
<-t|--starttls> host:port <ftp|smtp|pop3|imap|xmpp|telnet> <SNI hostname> *)
|
||||||
|
*) for telnet STARTTLS support you need the supplied patched openssl
|
||||||
|
|
||||||
|
<URI> is host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
|
||||||
|
|
||||||
|
<pattern> is an ignore case word pattern of cipher hexcode or any other string in the name, kx, bits
|
||||||
|
|
||||||
|
|
||||||
<URI> is host|host:port|URL|URL:port
|
|
||||||
(port 443 is assumed unless otherwise specified)
|
|
||||||
|
|
||||||
|
|
||||||
*) for telnet STARTTLS support you need the supplied patched openssl version
|
|
||||||
|
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
@ -1954,7 +1959,7 @@ case "$1" in
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.138 2014/11/18 09:29:10 dirkw Exp $
|
# $Id: testssl.sh,v 1.139 2014/11/18 10:03:01 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue