Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2

This commit is contained in:
David Cooper 2016-06-17 16:17:31 -04:00
commit 0a51239cda
2 changed files with 15 additions and 15 deletions

View File

@ -343,9 +343,9 @@ xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

View File

@ -1464,14 +1464,14 @@ show_rfc_style(){
#[[ -z "$1" ]] && return 0 #[[ -z "$1" ]] && return 0
local rfcname local rfcname
rfcname="$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/')" rfcname="$(grep -iw "$1" "$MAPPING_FILE_RFC" | awk '{ print $2 }')"
[[ -n "$rfcname" ]] && out "$rfcname" [[ -n "$rfcname" ]] && out "$rfcname"
return 0 return 0
} }
neat_header(){ neat_header(){
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n" printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
printf -- "%s-------------------------------------------------------------------------${ADD_RFC_STR:+-------------------------------------------------}\n" printf -- "%s------------------------------------------------------------------------${ADD_RFC_STR:+---------------------------------------------------}\n"
} }
@ -1489,7 +1489,7 @@ neat_list(){
strength=$(sed -e 's/.*(//' -e 's/)//' <<< "$enc") # strength = encryption bits strength=$(sed -e 's/.*(//' -e 's/)//' <<< "$enc") # strength = encryption bits
strength="${strength//ChaCha20-Poly1305/ly1305}" strength="${strength//ChaCha20-Poly1305/ly1305}"
enc=$(sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g' <<< "$enc") # workaround for empty bits ChaCha20-Poly1305 enc=$(sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g' <<< "$enc") # workaround for empty bits ChaCha20-Poly1305
echo "$export" | grep -iq export && strength="$strength,export" echo "$export" | grep -iq export && strength="$strength,exp"
#printf -- "%q" "$kx" | xxd | head -1 #printf -- "%q" "$kx" | xxd | head -1
# length correction for color escape codes (printf counts the escape color codes!!) # length correction for color escape codes (printf counts the escape color codes!!)
@ -1503,7 +1503,7 @@ neat_list(){
done done
fi fi
#echo "${#kx}" # should be always 20 / 13 #echo "${#kx}" # should be always 20 / 13
printf -- " %-7s %-30s %-10s %-11s%-11s${ADD_RFC_STR:+ %-48s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style "$hexcode")" printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style "$hexcode")"
} }
test_just_one(){ test_just_one(){
@ -1669,10 +1669,10 @@ run_allciphers() {
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if ${ciphers_found[child]}; then if ${ciphers_found[child]}; then
available="available" available="available"
pr_cyan " available" pr_cyan "$available"
else else
out " not a/v"
available="not a/v" available="not a/v"
out "$available"
fi fi
fi fi
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
@ -1788,13 +1788,13 @@ run_cipher_per_proto() {
fi fi
fi fi
neat_list "$HEXC" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "$HEXC" "${ciph[i]}" "${kx[i]}" "${enc[i]}"
available="available"
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if ${ciphers_found[child]}; then if ${ciphers_found[child]}; then
pr_cyan " available" available="available"
pr_cyan "$available"
else else
out " not a/v"
available="not a/v" available="not a/v"
out "$available"
fi fi
fi fi
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
@ -6727,7 +6727,7 @@ determine_optimal_proto() {
pr_bold " $NODEIP:$PORT " pr_bold " $NODEIP:$PORT "
fi fi
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
pr_boldln "doesn't seem a TLS/SSL enabled server"; pr_boldln "doesn't seem to be a TLS/SSL enabled server";
ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? " ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? "
[[ $? -ne 0 ]] && exit -2 [[ $? -ne 0 ]] && exit -2
fi fi
@ -7512,4 +7512,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.499 2016/06/09 13:56:51 dirkw Exp $ # $Id: testssl.sh,v 1.502 2016/06/15 19:31:09 dirkw Exp $