More SNI for NPN tests
Found another NPN test (for the case where server doesn't specify cipher order?) that wasn't using SNI. Also found a comment saying proxies don't support NPN => removed `$PROXY` from all modified lines.
This commit is contained in:
parent
382d22648a
commit
2573a9b8b8
|
@ -3324,7 +3324,7 @@ run_server_preference() {
|
|||
[[ -n "$PROXY" ]] && arg=" SPDY/NPN is"
|
||||
[[ -n "$STARTTLS" ]] && arg=" "
|
||||
if spdy_pre " $arg" ; then # is NPN/SPDY supported and is this no STARTTLS? / no PROXY
|
||||
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
if sclient_connect_successful $? $TMPFILE; then
|
||||
proto[i]=$(grep -aw "Next protocol" $TMPFILE | sed -e 's/^Next protocol://' -e 's/(.)//' -e 's/ //g')
|
||||
if [[ -z "${proto[i]}" ]]; then
|
||||
|
@ -3499,16 +3499,16 @@ cipher_pref_check() {
|
|||
if ! spdy_pre " SPDY/NPN: "; then # is NPN/SPDY supported and is this no STARTTLS?
|
||||
outln
|
||||
else
|
||||
npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g')
|
||||
npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g')
|
||||
for p in $npn_protos; do
|
||||
order=""
|
||||
$OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
$OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||
printf " %-10s %s " "$p:" "$cipher"
|
||||
tested_cipher="-"$cipher
|
||||
order="$cipher"
|
||||
while true; do
|
||||
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
sclient_connect_successful $? $TMPFILE || break
|
||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||
out "$cipher "
|
||||
|
|
Loading…
Reference in New Issue