read the session ticket lifetime and based on that emit a proper output
This commit is contained in:
Dirk Wetter 2017-08-30 12:54:52 +02:00
parent 3e2d321e68
commit 2b055e4425
1 changed files with 8 additions and 3 deletions

View File

@ -6488,9 +6488,14 @@ run_server_defaults() {
else else
lifetime=$(grep -a lifetime <<< "$sessticket_lifetime_hint" | sed 's/[A-Za-z:() ]//g') lifetime=$(grep -a lifetime <<< "$sessticket_lifetime_hint" | sed 's/[A-Za-z:() ]//g')
unit=$(grep -a lifetime <<< "$sessticket_lifetime_hint" | sed -e 's/^.*'"$lifetime"'//' -e 's/[ ()]//g') unit=$(grep -a lifetime <<< "$sessticket_lifetime_hint" | sed -e 's/^.*'"$lifetime"'//' -e 's/[ ()]//g')
out "$lifetime $unit " out "$lifetime $unit"
prln_svrty_low "(PFS requires session ticket keys to be rotated <= daily)" if [[ $((3600 * 24)) -lt $lifetime ]]; then
fileout "session_ticket" "LOW" "TLS session ticket RFC 5077 valid for $lifetime $unit (PFS requires session ticket keys to be rotated at least daily)" prln_svrty_low " but: PFS requires session ticket keys to be rotated < daily !"
fileout "session_ticket" "LOW" "TLS session ticket RFC 5077 valid for $lifetime $unit but PFS requires session ticket keys to be rotated at least daily!"
else
outln ", session tickets keys seems to be rotated < daily"
fileout "session_ticket" "INFO" "TLS session ticket RFC 5077 valid for $lifetime $unit only (PFS requires session ticket keys are rotated at least daily)"
fi
fi fi
pr_bold " SSL Session ID support " pr_bold " SSL Session ID support "