FIXED: When there is no support in openssl for SSLv2 the error message and the next protocol test get on the same line

This commit is contained in:
Dirk 2014-10-23 15:40:15 +02:00
parent abef156191
commit 6737cd230c
1 changed files with 6 additions and 3 deletions

View File

@ -641,7 +641,7 @@ locally_supported() {
out "$2 " out "$2 "
$OPENSSL s_client "$1" 2>&1 | grep -q "unknown option" $OPENSSL s_client "$1" 2>&1 | grep -q "unknown option"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
magenta "Local problem: $OPENSSL doesn't support \"s_client $1\"" magentaln "Local problem: $OPENSSL doesn't support \"s_client $1\""
return 7 return 7
else else
return 0 return 0
@ -826,10 +826,13 @@ simple_preference() {
# http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html # http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
pfs() { pfs() {
outln outln
blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln " -- omitting 3DES, RC4 and Null Encryption here"
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy # https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH' PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH'
# ^^^ remark: the exclusing via ! doesn't work with libressl.
#
# PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH' # PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH'
# this catches also ECDHE-ECDSA-NULL-SHA or ECDHE-RSA-RC4-SHA
$OPENSSL ciphers -V "$PFSOK" >$TMPFILE $OPENSSL ciphers -V "$PFSOK" >$TMPFILE
if [ $? -ne 0 ] || [ `wc -l $TMPFILE | awk '{ print $1 }' ` -lt 3 ]; then if [ $? -ne 0 ] || [ `wc -l $TMPFILE | awk '{ print $1 }' ` -lt 3 ]; then
@ -1909,7 +1912,7 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.127 2014/10/17 20:16:36 dirkw Exp $ # $Id: testssl.sh,v 1.128 2014/10/23 13:40:14 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5