diff --git a/testssl.sh b/testssl.sh index cc6a8ab..617056a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1602,7 +1602,11 @@ test_just_one(){ neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg" fi if [[ $? -eq 0 ]]; then # string matches, so we can ssl to it: - $OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE $ERRFILE >$TMPFILE $ERRFILE >$TMPFILE >$ERRFILE) @@ -1656,6 +1661,12 @@ run_allciphers() { outln neat_header + if "$HAS_SSL2"; then + $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $ERRFILE) + done < <($OPENSSL ciphers $ossl_ciphers_proto -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE) # Split ciphers into bundles of size 4**n, starting with the smallest # "n" that leaves the ciphers in one bundle, and then reducing "n" by @@ -1809,7 +1833,12 @@ run_cipher_per_proto() { ciphers_to_test="${ciphers_to_test}:${ciph[j]}" done ciphers_found[child]=false - $OPENSSL s_client -cipher "${ciphers_to_test:1}" $proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE + if [[ "$sslvers" == "SSLv2" ]]; then + $OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 $TMPFILE 2>$ERRFILE + else + $OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $TMPFILE 2>$ERRFILE + fi sclient_connect_successful $? $TMPFILE sclient_success=$? # here we may have a fp with openssl < 1.0, TBC if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then