Fix RFC 7919 DH groups

This PR fixes three issues related to the testing for RFC 7919 DH groups in run_pfs():

* If the RFC 7919 DH groups are supported for both TLSv1.3 cipher suites and non-TLSv1.3 cipher suites, then the list of supported groups is printed twice.

* The finding that is used for CSV/JSON files includes the word "offered" after the list of groups, which is inconsistent with other findings.

* Since the $ffdhe_offered is only used to determine whether to test for use of RFC 7919 DH groups with non-TLSv1.3 ciphers, this flag should only be set if a non-TLSv1.3 ciphers that uses ephemeral DH is found.
This commit is contained in:
David Cooper 2018-04-10 12:40:49 -04:00 committed by GitHub
parent a0c17fda9f
commit 2c792fdc00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -7983,9 +7983,11 @@ run_pfs() {
fi fi
fi fi
fi fi
if [[ "${ciph[i]}" == "DHE-"* ]] || [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]] ); then if [[ "${ciph[i]}" == "DHE-"* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]] ); then
ffdhe_offered=true ffdhe_offered=true
ffdhe_cipher_list_hex+=", ${hexcode[i]}" ffdhe_cipher_list_hex+=", ${hexcode[i]}"
elif [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]]; then
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
fi fi
fi fi
if "$WIDE"; then if "$WIDE"; then
@ -8161,6 +8163,7 @@ run_pfs() {
[[ $i -eq $nr_curves ]] && break [[ $i -eq $nr_curves ]] && break
supported_curve[i]=true supported_curve[i]=true
done done
done
curves_offered="" curves_offered=""
for (( i=0; i < nr_curves; i++ )); do for (( i=0; i < nr_curves; i++ )); do
"${supported_curve[i]}" && curves_offered+="${ffdhe_groups_output[i]} " "${supported_curve[i]}" && curves_offered+="${ffdhe_groups_output[i]} "
@ -8168,9 +8171,8 @@ run_pfs() {
if [[ -n "$curves_offered" ]]; then if [[ -n "$curves_offered" ]]; then
pr_bold " RFC 7919 DH groups offered: " pr_bold " RFC 7919 DH groups offered: "
outln "$curves_offered" outln "$curves_offered"
fileout "RFC7919_DH_groups" "INFO" "$curves_offered offered" fileout "RFC7919_DH_groups" "INFO" "$curves_offered"
fi fi
done
fi fi
outln outln