- enabling TLS 1.2 via sockets

- enabling sockets in run_protocols STARTTLS per default
- minor output polishing

testssl.sh

@@ -616,6 +616,7 @@ pr_italicln()     { pr_italic "$1" ; outln; }
 pr_strikethru()   { [[ "$COLOR" -ne 0 ]] && out "\033[9m$1" || out "$1"; pr_off; }                          # ugly!
 pr_strikethruln() { pr_strikethru "$1" ; outln; }
 pr_underline()    { [[ "$COLOR" -ne 0 ]] && out "\033[4m$1" || out "$1"; pr_off; }
+pr_underlineln()  { pr_underline "$1"; outln; }
 pr_reverse()      { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off; }
 pr_reverse_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[7m\033[1m$1" || out "$1"; pr_off; }
 
@@ -2626,7 +2627,7 @@ run_allciphers() {
 
      outln
      if "$using_sockets"; then
-          pr_headlineln " Testing $nr_ciphers_tested via OpenSSL and sockets against the server, ordered by encryption strength "
+          pr_headlineln " Testing $nr_ciphers_tested ciphers via OpenSSL plus sockets against the server, ordered by encryption strength "
      else
           pr_headlineln " Testing all $nr_ciphers_tested locally available ciphers against the server, ordered by encryption strength "
           [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
@@ -2803,7 +2804,7 @@ run_cipher_per_proto() {
 
      outln
      if "$using_sockets"; then
-          pr_headlineln " Testing per protocol via OpenSSL and sockets against the server, ordered by encryption strength "
+          pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
      else
           pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
           [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
@@ -4214,18 +4215,13 @@ run_protocols() {
 
      if "$SSL_NATIVE"; then
           using_sockets=false
-          pr_headlineln "(via native openssl)"
-     else
-          if [[ -n "$STARTTLS" ]]; then
-               pr_headlineln "(via openssl, SSLv2 via sockets) "
-               using_sockets=false
+          pr_underlineln "via native openssl"
      else
           using_sockets=true
-               if "$EXPERIMENTAL"; then
-                    pr_headlineln "(via sockets except SPDY+HTTP2) "
+          if [[ -n "$STARTTLS" ]]; then
+               pr_underlineln "via sockets "
           else
-                    pr_headlineln "(via sockets except TLS 1.2, SPDY+HTTP2) "
-               fi
+               pr_underlineln "via sockets except SPDY+HTTP2 "
           fi
      fi
      outln
@@ -4429,7 +4425,7 @@ run_protocols() {
      esac
 
      pr_bold " TLS 1.2    ";
-     if "$using_sockets" && "$EXPERIMENTAL"; then               #TODO: IIS servers do have a problem here with our handshake
+     if "$using_sockets"; then
           tls_sockets "03" "$TLS12_CIPHER"
      else
           run_prototest_openssl "-tls1_2"
@@ -4549,7 +4545,7 @@ run_std_cipherlists() {
 read_dhbits_from_file() {
      local bits what_dh temp curve=""
      local add=""
-     local old_fart=" (openssl cannot show DH bits)"
+     local old_fart=" (your $OPENSSL cannot show DH bits)"
 
      temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$1")        # extract line
      what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
@@ -5252,7 +5248,7 @@ determine_trust() {
      if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]] && \
           [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.0" ]] && \
           [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.1" ]]; then
-          addtl_warning="(Your openssl <= 1.0.2 might be too unreliable to determine trust)"
+          addtl_warning="(Your $OPENSSL <= 1.0.2 might be too unreliable to determine trust)"
           fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning"
      fi
      debugme outln
@@ -6500,7 +6496,7 @@ run_pfs() {
      [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
 
      outln
-     pr_headlineln " Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 "
+     pr_headline " Testing robust (perfect) forward secrecy"; pr_underlineln ", (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 "
      if ! "$using_sockets"; then
           [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
           if ! "$HAS_DH_BITS" && "$WIDE"; then