Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:drwetter/testssl.sh

Browse Source
This commit is contained in:
Dirk 2016-07-26 20:18:37 +02:00
commit 5114a118f2
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -7812,7 +7812,7 @@ sclient_auth() {
#
determine_optimal_proto() {
local all_failed
local addcmd=""
local sni=""
#TODO: maybe query known openssl version before this workaround. 1.0.1 doesn't need this
@ -7830,8 +7830,9 @@ determine_optimal_proto() {
done
debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO"
else
for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2 ''; do
$OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI </dev/null >$TMPFILE 2>>$ERRFILE
for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do
[[ "$OPTIMAL_PROTO" =~ ssl ]] && sni="" || sni=$SNI
$OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $sni </dev/null >$TMPFILE 2>>$ERRFILE
if sclient_auth $? $TMPFILE; then
all_failed=1
break
@ -7839,6 +7840,11 @@ determine_optimal_proto() {
all_failed=0
done
debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO"
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
pr_magentaln "$NODEIP:$PORT appears to only support SSLv2."
ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
[[ $? -ne 0 ]] && exit -2
fi
fi
grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190