mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
Additional fixes for no cipher mapping file
Client simulations can still use sockets even if the cipher mapping file is missing. If the cipher file is present, then `parse_tls_serverhello()` write the RFC name for the cipher and then `run_client_simulation()` converts that to the OpenSSL name (so that the output is the same as if OpenSSL were used). This PR changes `parse_tls_serverhello()` so that it writes the OpenSSL name for the cipher if the mapping file is missing, which `run_client_simulation()` can then just display. This PR also unsets `ADD_RFC_STR` if the mapping file is missing, so that `neat_list()` won't try to display the RFC names for the ciphers.
This commit is contained in:
parent
08384920a9
commit
3c107b543e
17
testssl.sh
17
testssl.sh
@ -3317,13 +3317,10 @@ run_client_simulation() {
|
|||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
|
|
||||||
outln
|
outln
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
|
||||||
if "$using_sockets"; then
|
if "$using_sockets"; then
|
||||||
pr_headlineln " Running browser simulations via sockets (experimental) "
|
pr_headlineln " Running browser simulations via sockets (experimental) "
|
||||||
else
|
else
|
||||||
pr_headline " Running browser simulations via openssl (experimental) "
|
pr_headline " Running browser simulations via openssl (experimental) "
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && pr_warning ". Cipher mapping not available, Doing a fallback to openssl "
|
|
||||||
outln
|
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
@ -3393,7 +3390,7 @@ run_client_simulation() {
|
|||||||
fi
|
fi
|
||||||
#FiXME: awk
|
#FiXME: awk
|
||||||
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && cipher="$(rfc2openssl "$cipher")"
|
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]] && cipher="$(rfc2openssl "$cipher")"
|
||||||
out "$proto $cipher"
|
out "$proto $cipher"
|
||||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
||||||
"$HAS_DH_BITS" && read_dhbits_from_file $TMPFILE
|
"$HAS_DH_BITS" && read_dhbits_from_file $TMPFILE
|
||||||
@ -6604,10 +6601,14 @@ parse_tls_serverhello() {
|
|||||||
echo "Protocol : TLSv1.$((0x$tls_protocol2-0x0301))" >> $TMPFILE
|
echo "Protocol : TLSv1.$((0x$tls_protocol2-0x0301))" >> $TMPFILE
|
||||||
fi
|
fi
|
||||||
echo "===============================================================================" >> $TMPFILE
|
echo "===============================================================================" >> $TMPFILE
|
||||||
if [[ "${tls_cipher_suite:0:2}" == "00" ]]; then
|
if [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||||
rfc_cipher_suite="$(show_rfc_style "x${tls_cipher_suite:2:2}")"
|
if [[ "${tls_cipher_suite:0:2}" == "00" ]]; then
|
||||||
|
rfc_cipher_suite="$(show_rfc_style "x${tls_cipher_suite:2:2}")"
|
||||||
|
else
|
||||||
|
rfc_cipher_suite="$(show_rfc_style "x${tls_cipher_suite:0:4}")"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
rfc_cipher_suite="$(show_rfc_style "x${tls_cipher_suite:0:4}")"
|
rfc_cipher_suite="$($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' | grep -i " 0x${tls_cipher_suite:0:2},0x${tls_cipher_suite:2:2} " | awk '{ print $3 }')"
|
||||||
fi
|
fi
|
||||||
echo "Cipher : $rfc_cipher_suite" >> $TMPFILE
|
echo "Cipher : $rfc_cipher_suite" >> $TMPFILE
|
||||||
if [[ "0x${tls_protocol2:2:2}" -le "0x03" ]]; then
|
if [[ "0x${tls_protocol2:2:2}" -le "0x03" ]]; then
|
||||||
@ -8398,7 +8399,7 @@ get_install_dir() {
|
|||||||
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && pr_warningln "\nNo cipher mapping file in \$TESTSSL_INSTALL_DIR/etc/ found"
|
[[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && unset ADD_RFC_STR && pr_warningln "\nNo cipher mapping file in \$TESTSSL_INSTALL_DIR/etc/ found"
|
||||||
debugme echo "$CIPHERS_BY_STRENGTH_FILE"
|
debugme echo "$CIPHERS_BY_STRENGTH_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user