Merge branch '2.9dev' into openssl_location
This commit is contained in:
commit
43a4358442
20
testssl.sh
20
testssl.sh
|
@ -2443,7 +2443,7 @@ neat_list(){
|
|||
fi
|
||||
}
|
||||
|
||||
test_just_one(){
|
||||
run_cipher_match(){
|
||||
local hexc n auth export ciphers_to_test supported_sslv2_ciphers s
|
||||
local -a hexcode normalized_hexcode ciph sslvers kx enc export2 sigalg
|
||||
local -a ciphers_found ciphers_found2 ciph2 rfc_ciph rfc_ciph2 ossl_supported
|
||||
|
@ -10603,7 +10603,7 @@ help() {
|
|||
single check as <options> ("$PROG_NAME URI" does everything except -E):
|
||||
-e, --each-cipher checks each local cipher remotely
|
||||
-E, --cipher-per-proto checks those per protocol
|
||||
-f, --ciphers checks common cipher suites
|
||||
-s, --std, --standard tests certain lists of cipher suites by strength
|
||||
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
|
||||
-y, --spdy, --npn checks for SPDY/NPN
|
||||
-Y, --http2, --alpn checks for HTTP2/ALPN
|
||||
|
@ -10628,7 +10628,7 @@ single check as <options> ("$PROG_NAME URI" does everything except -E):
|
|||
-F, --freak tests for FREAK vulnerability
|
||||
-J, --logjam tests for LOGJAM vulnerability
|
||||
-D, --drown tests for DROWN vulnerability
|
||||
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
|
||||
-f, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
|
||||
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
||||
|
||||
tuning / connect options (most also can be preset via environment variables):
|
||||
|
@ -11848,7 +11848,7 @@ initialize_globals() {
|
|||
do_ssl_poodle=false
|
||||
do_sweet32=false
|
||||
do_tls_fallback_scsv=false
|
||||
do_test_just_one=false
|
||||
do_cipher_match=false
|
||||
do_tls_sockets=false
|
||||
do_client_simulation=false
|
||||
do_display_only=false
|
||||
|
@ -11892,7 +11892,7 @@ query_globals() {
|
|||
for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
||||
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
||||
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
||||
do_sweet32 do_client_simulation do_test_just_one do_tls_sockets do_mass_testing do_display_only; do
|
||||
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do
|
||||
[[ "${!gbl}" == "true" ]] && let true_nr++
|
||||
done
|
||||
return $true_nr
|
||||
|
@ -11905,7 +11905,7 @@ debug_globals() {
|
|||
for gbl in do_allciphers do_vulnerabilities do_beast do_lucky13 do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
||||
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
||||
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
||||
do_sweet32 do_client_simulation do_test_just_one do_tls_sockets do_mass_testing do_display_only; do
|
||||
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do
|
||||
printf "%-22s = %s\n" $gbl "${!gbl}"
|
||||
done
|
||||
printf "%-22s : %s\n" URI: "$URI"
|
||||
|
@ -11973,7 +11973,7 @@ parse_cmd_line() {
|
|||
fi
|
||||
;;
|
||||
-x|-x=*|--single[-_]cipher|--single[-_]cipher=*)
|
||||
do_test_just_one=true
|
||||
do_cipher_match=true
|
||||
single_cipher=$(parse_opt_equal_sign "$1" "$2")
|
||||
[[ $? -eq 0 ]] && shift
|
||||
;;
|
||||
|
@ -12009,7 +12009,7 @@ parse_cmd_line() {
|
|||
-Y|--http2|--alpn)
|
||||
do_http2=true
|
||||
;;
|
||||
-f|--ciphers)
|
||||
-s|--std|--standard)
|
||||
do_std_cipherlists=true
|
||||
;;
|
||||
-S|--server[-_]defaults)
|
||||
|
@ -12099,7 +12099,7 @@ parse_cmd_line() {
|
|||
do_rc4=true
|
||||
let "VULN_COUNT++"
|
||||
;;
|
||||
-s|--pfs|--fs|--nsa)
|
||||
-f|--pfs|--fs|--nsa)
|
||||
do_pfs=true
|
||||
;;
|
||||
--devel) ### this development feature will soon disappear
|
||||
|
@ -12349,7 +12349,7 @@ lets_roll() {
|
|||
|
||||
$do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets "" "true"; echo "$?" ; exit 0; }
|
||||
$do_tls_sockets && [[ $TLS_LOW_BYTE -ne 22 ]] && { tls_sockets "$TLS_LOW_BYTE" "$HEX_CIPHER" "all"; echo "$?" ; exit 0; }
|
||||
$do_test_just_one && test_just_one ${single_cipher} && time_right_align
|
||||
$do_cipher_match && run_cipher_match ${single_cipher} && time_right_align
|
||||
|
||||
# all top level functions now following have the prefix "run_"
|
||||
fileout_section_header $section_number false && ((section_number++))
|
||||
|
|
Loading…
Reference in New Issue