Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Speedup cipher_pref_check()

Browse Source 
While OpenSSL 1.0.2-chacha supports more than 128 cipher suites, other versions of OpenSSL tend to support far fewer than that.

Calling check_tls12_pref() adds to the run time of cipher_pref_check(), but is only needed if OpenSSL would otherwise send a ClientHello with more than 128 cipher suites. So, this commit adds another check and only calls check_tls12_pref() if the server has the size limit bug and OpenSSL supports more than 127 ciphers.
This commit is contained in:
David Cooper 2021-10-26 15:48:19 -04:00
parent dc074ebdf1
commit 15e3d61ddc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
testssl.sh
View File

@ -6957,7 +6957,8 @@ cipher_pref_check() {
fi fi
if ( [[ $proto != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $proto != ssl3 ]] || "$HAS_SSL3" ); then if ( [[ $proto != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $proto != ssl3 ]] || "$HAS_SSL3" ); then
if [[ $proto == tls1_2 ]] && "$SERVER_SIZE_LIMIT_BUG"; then if [[ $proto == tls1_2 ]] && "$SERVER_SIZE_LIMIT_BUG" && \
[[ "$(count_ciphers "$(actually_supported_osslciphers "ALL:COMPLEMENTOFALL" "" "")")" -gt 127 ]]; then
order="$(check_tls12_pref "$wide")" order="$(check_tls12_pref "$wide")"
[[ "${order:0:1}" == \ ]] && order="${order:1}" [[ "${order:0:1}" == \ ]] && order="${order:1}"
ciphers_found="$order" ciphers_found="$order"