FIXED: When there is no support in openssl for SSLv2 the error message and the next protocol test get on the same line
This commit is contained in:
parent
abef156191
commit
6737cd230c
|
@ -641,7 +641,7 @@ locally_supported() {
|
||||||
out "$2 "
|
out "$2 "
|
||||||
$OPENSSL s_client "$1" 2>&1 | grep -q "unknown option"
|
$OPENSSL s_client "$1" 2>&1 | grep -q "unknown option"
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
magenta "Local problem: $OPENSSL doesn't support \"s_client $1\""
|
magentaln "Local problem: $OPENSSL doesn't support \"s_client $1\""
|
||||||
return 7
|
return 7
|
||||||
else
|
else
|
||||||
return 0
|
return 0
|
||||||
|
@ -826,10 +826,13 @@ simple_preference() {
|
||||||
# http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
|
# http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
|
||||||
pfs() {
|
pfs() {
|
||||||
outln
|
outln
|
||||||
blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln
|
blue "--> Testing (Perfect) Forward Secrecy (P)FS)"; outln " -- omitting 3DES, RC4 and Null Encryption here"
|
||||||
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
|
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
|
||||||
PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH'
|
PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS:@STRENGTH'
|
||||||
|
# ^^^ remark: the exclusing via ! doesn't work with libressl.
|
||||||
|
#
|
||||||
# PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH'
|
# PFSOK='EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH'
|
||||||
|
# this catches also ECDHE-ECDSA-NULL-SHA or ECDHE-RSA-RC4-SHA
|
||||||
|
|
||||||
$OPENSSL ciphers -V "$PFSOK" >$TMPFILE
|
$OPENSSL ciphers -V "$PFSOK" >$TMPFILE
|
||||||
if [ $? -ne 0 ] || [ `wc -l $TMPFILE | awk '{ print $1 }' ` -lt 3 ]; then
|
if [ $? -ne 0 ] || [ `wc -l $TMPFILE | awk '{ print $1 }' ` -lt 3 ]; then
|
||||||
|
@ -1909,7 +1912,7 @@ case "$1" in
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.127 2014/10/17 20:16:36 dirkw Exp $
|
# $Id: testssl.sh,v 1.128 2014/10/23 13:40:14 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue