Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-08 09:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove EXPERIMENTAL check in run_pfs()

Browse Source
This commit is contained in:
Dirk 2018-11-05 18:54:52 +01:00
parent 474c28e42b
commit 34ec2b83c3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@ -225,7 +225,7 @@ OFFENSIVE=${OFFENSIVE:-true} # do you want to include offensive vulne
########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>" ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>"
# #
EXPERIMENTAL=${EXPERIMENTAL:-false} EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=proxy reverses this DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=proxy reverses this
IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out
@ -8795,7 +8795,7 @@ run_pfs() {
fi fi
fi fi
fi fi
if "$using_sockets" && ( "$pfs_tls13_offered" || ( "$ffdhe_offered" && "$EXPERIMENTAL" ) ); then if "$using_sockets" && ( "$pfs_tls13_offered" || "$ffdhe_offered" ); then
# find out what groups are supported. # find out what groups are supported.
nr_curves=0 nr_curves=0
for curve in "${ffdhe_groups_output[@]}"; do for curve in "${ffdhe_groups_output[@]}"; do
@ -8805,7 +8805,7 @@ run_pfs() {
done done
protos_to_try="" protos_to_try=""
"$pfs_tls13_offered" && protos_to_try="04" "$pfs_tls13_offered" && protos_to_try="04"
if "$ffdhe_offered" && "$EXPERIMENTAL"; then if "$ffdhe_offered"; then
if "$pfs_tls13_offered"; then if "$pfs_tls13_offered"; then
protos_to_try="04 03" protos_to_try="04 03"
else else
@ -8845,7 +8845,7 @@ run_pfs() {
"${supported_curve[i]}" && curves_offered+="${ffdhe_groups_output[i]} " "${supported_curve[i]}" && curves_offered+="${ffdhe_groups_output[i]} "
done done
curves_offered="$(strip_trailing_space "$curves_offered")" curves_offered="$(strip_trailing_space "$curves_offered")"
if "$ffdhe_offered" && "$EXPERIMENTAL" && [[ -z "$curves_offered" ]] && [[ -z "$curve_found" ]]; then if "$ffdhe_offered" && [[ -z "$curves_offered" ]] && [[ -z "$curve_found" ]]; then
# Some servers will fail if the supported_groups extension is present. # Some servers will fail if the supported_groups extension is present.
tls_sockets "03" "${ffdhe_cipher_list_hex:2}, 00,ff" "ephemeralkey" tls_sockets "03" "${ffdhe_cipher_list_hex:2}, 00,ff" "ephemeralkey"
sclient_success=$? sclient_success=$?