mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Binary string washer (0x00 bytes) (probably) after completed ClientHello
This commit proactively tries to address cases where the server side adds Null Bytes after or during ClientHello in cases where it should be text only. Now VAR2=$(< $VAR1) is being replaced by VAR2=$(cat -v $VAR1) which is normally not best practice and also considered a useless use of "cat", see https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter. Especially with bash 3.2 (Mac OS X) AND when on the server side binary chars it was reported to not work ok, see #1292. Performance measurements showed no to barely measureable penalty (at max 1s displayed difference in 9 tries).
This commit is contained in:
parent
92654b2899
commit
5874a722d8
13
testssl.sh
13
testssl.sh
@ -1262,7 +1262,14 @@ strip_trailing_space() {
|
|||||||
# retrieve cipher from ServerHello (via openssl)
|
# retrieve cipher from ServerHello (via openssl)
|
||||||
get_cipher() {
|
get_cipher() {
|
||||||
local cipher=""
|
local cipher=""
|
||||||
local server_hello="$(< "$1")"
|
local server_hello="$(cat -v "$1")"
|
||||||
|
# This and two other following instances are not best practice and normally a useless use of "cat", see
|
||||||
|
# https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter
|
||||||
|
# However there seem to be cases where the preferred $(< "$1") logic has a problem.
|
||||||
|
# Esepcially with bash 3.2 (Mac OS X) and when on the server side binary chars
|
||||||
|
# are returned, see https://stackoverflow.com/questions/7427262/how-to-read-a-file-into-a-variable-in-shell#22607352
|
||||||
|
# and https://github.com/drwetter/testssl.sh/issues/1292
|
||||||
|
# Performance measurements showed no to barely measureable penalty (1s displayed in 9 tries).
|
||||||
|
|
||||||
if [[ "$server_hello" =~ Cipher\ *:\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]]; then
|
if [[ "$server_hello" =~ Cipher\ *:\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]]; then
|
||||||
cipher="${BASH_REMATCH##* }"
|
cipher="${BASH_REMATCH##* }"
|
||||||
@ -1275,7 +1282,7 @@ get_cipher() {
|
|||||||
# retrieve protocol from ServerHello (via openssl)
|
# retrieve protocol from ServerHello (via openssl)
|
||||||
get_protocol() {
|
get_protocol() {
|
||||||
local protocol=""
|
local protocol=""
|
||||||
local server_hello="$(< "$1")"
|
local server_hello="$(cat -v "$1")"
|
||||||
|
|
||||||
if [[ "$server_hello" =~ Protocol\ *:\ (SSLv[23]|TLSv1(\.[0-3])?) ]]; then
|
if [[ "$server_hello" =~ Protocol\ *:\ (SSLv[23]|TLSv1(\.[0-3])?) ]]; then
|
||||||
protocol="${BASH_REMATCH##* }"
|
protocol="${BASH_REMATCH##* }"
|
||||||
@ -6938,7 +6945,7 @@ tls_time() {
|
|||||||
# returns 0 if connect was successful, 1 if not
|
# returns 0 if connect was successful, 1 if not
|
||||||
#
|
#
|
||||||
sclient_connect_successful() {
|
sclient_connect_successful() {
|
||||||
local server_hello="$(<"$2")"
|
local server_hello="$(cat -v "$2")"
|
||||||
local re='Master-Key: ([^\
|
local re='Master-Key: ([^\
|
||||||
]*)'
|
]*)'
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user