Merge branch 'master' into openss2rfc_rfc2openssl
Conflicts: testssl.sh
This commit is contained in:
commit
5a5424653b
|
@ -343,9 +343,9 @@ xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
|
xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
|
xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD
|
xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
|
xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
||||||
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||||
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
|
23
testssl.sh
23
testssl.sh
|
@ -1490,14 +1490,14 @@ show_rfc_style(){
|
||||||
#[[ -z "$1" ]] && return 0
|
#[[ -z "$1" ]] && return 0
|
||||||
|
|
||||||
local rfcname
|
local rfcname
|
||||||
rfcname="$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/')"
|
rfcname="$(grep -iw "$1" "$MAPPING_FILE_RFC" | awk '{ print $2 }')"
|
||||||
[[ -n "$rfcname" ]] && out "$rfcname"
|
[[ -n "$rfcname" ]] && out "$rfcname"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
neat_header(){
|
neat_header(){
|
||||||
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
|
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
|
||||||
printf -- "%s-------------------------------------------------------------------------${ADD_RFC_STR:+-------------------------------------------------}\n"
|
printf -- "%s------------------------------------------------------------------------${ADD_RFC_STR:+---------------------------------------------------}\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1515,7 +1515,7 @@ neat_list(){
|
||||||
strength=$(sed -e 's/.*(//' -e 's/)//' <<< "$enc") # strength = encryption bits
|
strength=$(sed -e 's/.*(//' -e 's/)//' <<< "$enc") # strength = encryption bits
|
||||||
strength="${strength//ChaCha20-Poly1305/ly1305}"
|
strength="${strength//ChaCha20-Poly1305/ly1305}"
|
||||||
enc=$(sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g' <<< "$enc") # workaround for empty bits ChaCha20-Poly1305
|
enc=$(sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g' <<< "$enc") # workaround for empty bits ChaCha20-Poly1305
|
||||||
echo "$export" | grep -iq export && strength="$strength,export"
|
echo "$export" | grep -iq export && strength="$strength,exp"
|
||||||
|
|
||||||
#printf -- "%q" "$kx" | xxd | head -1
|
#printf -- "%q" "$kx" | xxd | head -1
|
||||||
# length correction for color escape codes (printf counts the escape color codes!!)
|
# length correction for color escape codes (printf counts the escape color codes!!)
|
||||||
|
@ -1529,7 +1529,7 @@ neat_list(){
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
#echo "${#kx}" # should be always 20 / 13
|
#echo "${#kx}" # should be always 20 / 13
|
||||||
printf -- " %-7s %-30s %-10s %-11s%-11s${ADD_RFC_STR:+ %-48s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style "$hexcode")"
|
printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style "$hexcode")"
|
||||||
}
|
}
|
||||||
|
|
||||||
test_just_one(){
|
test_just_one(){
|
||||||
|
@ -1681,10 +1681,10 @@ run_allciphers() {
|
||||||
if "$SHOW_EACH_C"; then
|
if "$SHOW_EACH_C"; then
|
||||||
if ${ciphers_found[child]}; then
|
if ${ciphers_found[child]}; then
|
||||||
available="available"
|
available="available"
|
||||||
pr_cyan " available"
|
pr_cyan "$available"
|
||||||
else
|
else
|
||||||
out " not a/v"
|
|
||||||
available="not a/v"
|
available="not a/v"
|
||||||
|
out "$available"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
|
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
|
||||||
|
@ -1789,13 +1789,13 @@ run_cipher_per_proto() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
neat_list "$HEXC" "${ciph[i]}" "${kx[i]}" "${enc[i]}"
|
neat_list "$HEXC" "${ciph[i]}" "${kx[i]}" "${enc[i]}"
|
||||||
available="available"
|
|
||||||
if "$SHOW_EACH_C"; then
|
if "$SHOW_EACH_C"; then
|
||||||
if ${ciphers_found[child]}; then
|
if ${ciphers_found[child]}; then
|
||||||
pr_cyan " available"
|
available="available"
|
||||||
|
pr_cyan "$available"
|
||||||
else
|
else
|
||||||
out " not a/v"
|
|
||||||
available="not a/v"
|
available="not a/v"
|
||||||
|
out "$available"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
|
if "$SHOW_SIGALGO" && ${ciphers_found[child]}; then
|
||||||
|
@ -7093,7 +7093,7 @@ determine_optimal_proto() {
|
||||||
pr_bold " $NODEIP:$PORT "
|
pr_bold " $NODEIP:$PORT "
|
||||||
fi
|
fi
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
pr_boldln "doesn't seem a TLS/SSL enabled server";
|
pr_boldln "doesn't seem to be a TLS/SSL enabled server";
|
||||||
ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? "
|
ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? "
|
||||||
[[ $? -ne 0 ]] && exit -2
|
[[ $? -ne 0 ]] && exit -2
|
||||||
fi
|
fi
|
||||||
|
@ -7878,5 +7878,4 @@ fi
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.499 2016/06/09 13:56:51 dirkw Exp $
|
# $Id: testssl.sh,v 1.502 2016/06/15 19:31:09 dirkw Exp $
|
||||||
v
|
|
||||||
|
|
Loading…
Reference in New Issue