From 564dd63efc25b2c33a262983d724b9fe8aa486d8 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 6 Jun 2022 13:07:00 -0400 Subject: [PATCH] Reorganize ciphers_by_strength() This commit modifies ciphers_by_strength() and run_server_preference() so that the message indicating that ciphers are listed by strength is not printed until the list of supported ciphers has been determined. This is in support of #1311, as it will allow the message to be modified based on the set of supported ciphers. This commit also modifies both ciphers_by_strength() and cipher_pref_check() so that the order in which ciphers are listed (by strength or server preference) is not printed if the server does not support the protocol. --- testssl.sh | 58 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/testssl.sh b/testssl.sh index 3117ecb..c7cb54e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4220,7 +4220,7 @@ run_allciphers() { # are good or bad) and list them in order to encryption strength. ciphers_by_strength() { local proto="$1" proto_hex="$2" proto_text="$3" - local using_sockets="$4" wide="$5" + local using_sockets="$4" wide="$5" serverpref_known="$6" local ossl_ciphers_proto local -i nr_ciphers nr_ossl_ciphers nr_nonossl_ciphers success local n sslvers auth mac hexc sslv2_ciphers="" cipher @@ -4229,20 +4229,21 @@ ciphers_by_strength() { local -i i bundle end_of_bundle bundle_size num_bundles local -a ciphers_found ciphers_found2 sigalg ossl_supported index local dhlen supported_sslv2_ciphers ciphers_to_test tls13_ciphers_to_test addcmd temp - local available + local available proto_supported=false local id local has_dh_bits="$HAS_DH_BITS" # for local problem if it happens "$wide" || out " " - if ! "$using_sockets" && ! locally_supported "$proto"; then - pr_local_problem "Your $OPENSSL does not support $proto" + if ! "$using_sockets" && ! sclient_supported "$proto"; then + "$wide" && outln + pr_local_problem "$OPENSSL does not support $proto" "$wide" && outln return 0 fi if [[ $(has_server_protocol "${proto:1}") -eq 1 ]]; then - "$wide" && outln " - " + "$wide" && outln "\n - " return 0 fi @@ -4333,15 +4334,17 @@ ciphers_by_strength() { for (( i=0 ; i$TMPFILE 2>$ERRFILE