* misleading warning for DH bits for Negotiated cipher omitted if no DH or EC and OPENSSL <= 1.0.1

2025-01-31 04:41:15 +01:00 · 2015-07-14 19:58:04 +02:00 · 2015-07-14 19:58:04 +02:00 · 2e40c2bde6
commit 2e40c2bde6
parent 32325d0643
1 changed files with 9 additions and 7 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -1383,12 +1383,6 @@ read_dhbits_from_file() {
 	local add=""
 	local old_fart=" (openssl is too old to show DH bits)"

-	if ! $HAS_DH_BITS; then
-		if [[ -z "$2" ]]; then
-			pr_litemagenta "$old_fart"
-		fi
-		return 0
-	fi
 	bits=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$1")					# extract line
 	bits=$(echo $bits | sed -e 's/, P-...//' -e 's/,//g' -e 's/bits//' -e 's/ //g') # now: ??DH [number]    K??
 	what_dh=$(echo $bits | tr -d '[0-9]')
@ -1396,6 +1390,14 @@ read_dhbits_from_file() {

 	debugme echo ">$what_dh|$bits<"

+	if ! $HAS_DH_BITS && [[ -z "what_dh" ]]; then
+		if [[ -z "$2" ]]; then
+			pr_litemagenta "$old_fart"
+		fi
+		return 0
+	fi
+
+
 	[[ -n "$bits" ]] && [[ -z "$2" ]] && out ", "
 	if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]] ; then
 		[[ -z "$2" ]] && add="bit DH"
@ -4439,4 +4441,4 @@ fi
 exit $ret


-#  $Id: testssl.sh,v 1.312 2015/07/14 15:13:57 dirkw Exp $
+#  $Id: testssl.sh,v 1.313 2015/07/14 17:58:03 dirkw Exp $