- enabling TLS 1.2 via sockets
- enabling sockets in run_protocols STARTTLS per default - minor output polishing
This commit is contained in:
parent
edb358b3e0
commit
0d993427a3
26
testssl.sh
26
testssl.sh
|
@ -616,6 +616,7 @@ pr_italicln() { pr_italic "$1" ; outln; }
|
|||
pr_strikethru() { [[ "$COLOR" -ne 0 ]] && out "\033[9m$1" || out "$1"; pr_off; } # ugly!
|
||||
pr_strikethruln() { pr_strikethru "$1" ; outln; }
|
||||
pr_underline() { [[ "$COLOR" -ne 0 ]] && out "\033[4m$1" || out "$1"; pr_off; }
|
||||
pr_underlineln() { pr_underline "$1"; outln; }
|
||||
pr_reverse() { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off; }
|
||||
pr_reverse_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[7m\033[1m$1" || out "$1"; pr_off; }
|
||||
|
||||
|
@ -2626,7 +2627,7 @@ run_allciphers() {
|
|||
|
||||
outln
|
||||
if "$using_sockets"; then
|
||||
pr_headlineln " Testing $nr_ciphers_tested via OpenSSL and sockets against the server, ordered by encryption strength "
|
||||
pr_headlineln " Testing $nr_ciphers_tested ciphers via OpenSSL plus sockets against the server, ordered by encryption strength "
|
||||
else
|
||||
pr_headlineln " Testing all $nr_ciphers_tested locally available ciphers against the server, ordered by encryption strength "
|
||||
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
|
||||
|
@ -2803,7 +2804,7 @@ run_cipher_per_proto() {
|
|||
|
||||
outln
|
||||
if "$using_sockets"; then
|
||||
pr_headlineln " Testing per protocol via OpenSSL and sockets against the server, ordered by encryption strength "
|
||||
pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
|
||||
else
|
||||
pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
|
||||
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
|
||||
|
@ -4214,18 +4215,13 @@ run_protocols() {
|
|||
|
||||
if "$SSL_NATIVE"; then
|
||||
using_sockets=false
|
||||
pr_headlineln "(via native openssl)"
|
||||
else
|
||||
if [[ -n "$STARTTLS" ]]; then
|
||||
pr_headlineln "(via openssl, SSLv2 via sockets) "
|
||||
using_sockets=false
|
||||
pr_underlineln "via native openssl"
|
||||
else
|
||||
using_sockets=true
|
||||
if "$EXPERIMENTAL"; then
|
||||
pr_headlineln "(via sockets except SPDY+HTTP2) "
|
||||
if [[ -n "$STARTTLS" ]]; then
|
||||
pr_underlineln "via sockets "
|
||||
else
|
||||
pr_headlineln "(via sockets except TLS 1.2, SPDY+HTTP2) "
|
||||
fi
|
||||
pr_underlineln "via sockets except SPDY+HTTP2 "
|
||||
fi
|
||||
fi
|
||||
outln
|
||||
|
@ -4429,7 +4425,7 @@ run_protocols() {
|
|||
esac
|
||||
|
||||
pr_bold " TLS 1.2 ";
|
||||
if "$using_sockets" && "$EXPERIMENTAL"; then #TODO: IIS servers do have a problem here with our handshake
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "03" "$TLS12_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-tls1_2"
|
||||
|
@ -4549,7 +4545,7 @@ run_std_cipherlists() {
|
|||
read_dhbits_from_file() {
|
||||
local bits what_dh temp curve=""
|
||||
local add=""
|
||||
local old_fart=" (openssl cannot show DH bits)"
|
||||
local old_fart=" (your $OPENSSL cannot show DH bits)"
|
||||
|
||||
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$1") # extract line
|
||||
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
|
||||
|
@ -5252,7 +5248,7 @@ determine_trust() {
|
|||
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]] && \
|
||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.0" ]] && \
|
||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.1" ]]; then
|
||||
addtl_warning="(Your openssl <= 1.0.2 might be too unreliable to determine trust)"
|
||||
addtl_warning="(Your $OPENSSL <= 1.0.2 might be too unreliable to determine trust)"
|
||||
fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning"
|
||||
fi
|
||||
debugme outln
|
||||
|
@ -6500,7 +6496,7 @@ run_pfs() {
|
|||
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
||||
|
||||
outln
|
||||
pr_headlineln " Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 "
|
||||
pr_headline " Testing robust (perfect) forward secrecy"; pr_underlineln ", (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 "
|
||||
if ! "$using_sockets"; then
|
||||
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
|
||||
if ! "$HAS_DH_BITS" && "$WIDE"; then
|
||||
|
|
Loading…
Reference in New Issue