Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-09 20:22:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Define vars for early data

Browse Source 
It seems needed to introduce two variables for upcoming early data tests,
see #1186. This is not needed for OpenSSL as it introduced that
together with TLS 1.3. For LibreSSL it is though.
This commit is contained in:
Dirk Wetter
2025-10-05 18:19:41 +02:00
parent 637ad03a36
commit 5b0b771c52
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -342,6 +342,8 @@ HAS_TLS12=false
HAS_TLS13=false HAS_TLS13=false
HAS_QUIC=false HAS_QUIC=false
HAS2_QUIC=false # for automagically determined second OPENSSL version HAS2_QUIC=false # for automagically determined second OPENSSL version
HAS_EARLYDATA=false
HAS2_EARLYDATA=false
HAS_X448=false HAS_X448=false
HAS_X25519=false HAS_X25519=false
HAS_SIGALGS=false HAS_SIGALGS=false
@ -21125,17 +21127,24 @@ find_openssl_binary() {
$OPENSSL s_client -tls1_3 -sigalgs PSS+SHA256:PSS+SHA384 $NXCONNECT </dev/null 2>&1 | grep -aiq "unknown option" || HAS_SIGALGS=true $OPENSSL s_client -tls1_3 -sigalgs PSS+SHA256:PSS+SHA384 $NXCONNECT </dev/null 2>&1 | grep -aiq "unknown option" || HAS_SIGALGS=true
fi fi
#reminder: at some point of time we should check $OPENSSL first, then $OPENSSL2
if [[ -x $OPENSSL2 ]] && OPENSSL_CONF='' $OPENSSL2 s_client -quic 2>&1 | grep -qi 'QUIC requires ALPN'; then if [[ -x $OPENSSL2 ]] && OPENSSL_CONF='' $OPENSSL2 s_client -quic 2>&1 | grep -qi 'QUIC requires ALPN'; then
HAS2_QUIC="true" HAS2_QUIC=true
elif OPENSSL_CONF='' $OPENSSL s_client -quic 2>&1 | grep -qi 'QUIC requires ALPN'; then elif $OPENSSL s_client -quic 2>&1 | grep -qi 'QUIC requires ALPN'; then
HAS_QUIC="true" HAS_QUIC=true
fi
# Kind of fine this way as openssl 1.1.1 supports early_data, came with tls 1.3
if $OPENSSL s_client --help 2>&1 | grep -q early_data ; then
HAS_EARLYDATA=true
elif if OPENSSL_CONF='' $OPENSS2 s_client --help 2>&1 | grep -q early_data ; then
HAS2_EARLYDATA=true
fi fi
$OPENSSL s_client -noservername </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NOSERVERNAME=true $OPENSSL s_client -noservername </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NOSERVERNAME=true
$OPENSSL s_client -ciphersuites </dev/null 2>&1 | grep -aiq "unknown option" || HAS_CIPHERSUITES=true $OPENSSL s_client -ciphersuites </dev/null 2>&1 | grep -aiq "unknown option" || HAS_CIPHERSUITES=true
$OPENSSL s_client -comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_COMP=true $OPENSSL s_client -comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_COMP=true
$OPENSSL s_client -no_comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NO_COMP=true $OPENSSL s_client -no_comp </dev/null 2>&1 | grep -aiq "unknown option" || HAS_NO_COMP=true
$OPENSSL ciphers @SECLEVEL=0:ALL > /dev/null 2> /dev/null && HAS_SECLEVEL=true $OPENSSL ciphers @SECLEVEL=0:ALL > /dev/null 2> /dev/null && HAS_SECLEVEL=true
OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL' 'ALL')") OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL' 'ALL')")