From 411accb66ddca0d10e8025f9c701b2536b171774 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 2 Oct 2017 14:55:57 +0200 Subject: [PATCH] manually resolved conflict from #839 + change it to new logic --- testssl.sh | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index cf63c8c..127e4ba 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3972,16 +3972,21 @@ run_prototest_openssl() { # arg1: protocol # arg2: available (yes) or not (no) add_tls_offered() { +<<<<<<< HEAD if [[ "$PROTOS_OFFERED" =~ $1: ]]; then # the ":" is mandatory here (and @ other palces), otherwise e.g. tls1 will match tls1_2 : else PROTOS_OFFERED+="${1}:$2 " fi +======= + [[ "$PROTOS_OFFERED" =~ "$1 " ]] || PROTOS_OFFERED+="$1 " +>>>>>>> af15bd0f002c0523579b3807949fa54c05c793e3 } # function which checks whether SSLv2 - TLS 1.2 is being offereed, see add_tls_offered() has_server_protocol() { +<<<<<<< HEAD local proto_val_pair if [[ "$PROTOS_OFFERED" =~ $1: ]]; then @@ -3999,6 +4004,9 @@ has_server_protocol() { else # if empty echo 2, hinting to the caller to check at additional cost/connect echo 2 +======= + if [[ "$PROTOS_OFFERED" =~ "$1 " ]]; then +>>>>>>> af15bd0f002c0523579b3807949fa54c05c793e3 return 0 fi } @@ -4881,6 +4889,7 @@ run_server_preference() { cipher[i]="" fi fi + [[ -n "${cipher[i]}" ]] && add_tls_offered "$proto" yes i=$((i + 1)) done @@ -4997,7 +5006,7 @@ cipher_pref_check() { pr_bold " Cipher order" - tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n" | while read p proto_hex proto; do + while read p proto_hex proto; do order=""; ciphers_found_with_sockets=false if [[ $p == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\""; @@ -5168,12 +5177,13 @@ cipher_pref_check() { fi if [[ -n "$order" ]]; then + add_tls_offered "$p" yes outln out "$(printf " %-10s " "$proto: ")" out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)" fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order" fi - done + done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n")" outln outln @@ -10808,9 +10818,17 @@ run_beast(){ # first determine whether it's mitigated by higher protocols for proto in tls1_1 tls1_2; do - $OPENSSL s_client -state -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>>$ERRFILE >$TMPFILE >$ERRFILE >$TMPFILE $TMPFILE 2>>$ERRFILE