Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-19 15:09:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add option to print only the RFC cipher names

Browse Source 
This PR attempts to address #631. It allows four choices for the `--mapping` option. "openssl" (default), "rfc", "no-openssl", and "no-rfc".

* "openssl" is the current default

* "no-rfc" shows only the OpenSSL names (just as it currently does)

* "rfc" shows the RFC name rather than the OpenSSL name for things that are not in wide now (just as it currently does). But now, in wide mode, it shows the RFC name first (further to the left) and the OpenSSL name second.

* "rfc-only" shows only the RFC name.

If the `--mapping` option is not provided, this is the same as "openssl". If the "cipher-mapping.txt" file cannot be found, then testssl.sh runs as if "no-rfc" had been requested.
This commit is contained in:
David Cooper 2017-02-23 09:31:41 -05:00 committed by GitHub
parent 8919b419e5
commit 6a1c519acd
1 changed files with 56 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
testssl.sh
View File

@ -227,8 +227,7 @@ HAS_FALLBACK_SCSV=false
HAS_PROXY=false HAS_PROXY=false
HAS_XMPP=false HAS_XMPP=false
HAS_POSTGRES=false HAS_POSTGRES=false
ADD_RFC_STR="rfc" # display RFC ciphernames DISPLAY_CIPHERNAMES="openssl" # display OpenSSL ciphername (but both OpenSSL and RFC ciphernames in wide mode)
SHOW_RFC="" # display RFC ciphernames instead of OpenSSL ciphernames
PORT=443 # unless otherwise auto-determined, see below PORT=443 # unless otherwise auto-determined, see below
NODE="" NODE=""
NODEIP="" NODEIP=""
@ -2272,8 +2271,21 @@ show_rfc_style(){
} }
neat_header(){ neat_header(){
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n" if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
printf -- "%s--------------------------------------------------------------------------${ADD_RFC_STR:+---------------------------------------------------}\n" printf -- "Hexcode Cipher Suite Name (RFC) KeyExch. Encryption Bits"
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " Cipher Suite Name (OpenSSL)"
outln
printf -- "%s------------------------------------------------------------------------------------------"
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- "---------------------------------------"
outln
else
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits"
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- " Cipher Suite Name (RFC)"
outln
printf -- "%s--------------------------------------------------------------------------"
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- "---------------------------------------------------"
outln
fi
} }
@ -2300,10 +2312,16 @@ neat_list(){
echo "$export" | grep -iq export && strength="$strength,exp" echo "$export" | grep -iq export && strength="$strength,exp"
[[ -n "$ADD_RFC_STR" ]] && tls_cipher="$(show_rfc_style "$hexcode")" [[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
if [[ "$5" == "false" ]]; then if [[ "$5" == "false" ]]; then
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher")" if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
else
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
fi
pr_deemphasize "$line" pr_deemphasize "$line"
return 0 return 0
fi fi
@ -2320,7 +2338,13 @@ neat_list(){
done done
fi fi
#echo "${#kx}" # should be always 20 / 13 #echo "${#kx}" # should be always 20 / 13
printf -- " %-7s %-33s %-10s %-12s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher" if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength"
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher"
else
printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength"
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher"
fi
} }
test_just_one(){ test_just_one(){
@ -4178,10 +4202,10 @@ run_client_simulation() {
fi fi
#FiXME: awk #FiXME: awk
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://') cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
if [[ -z "$SHOW_RFC" ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then
cipher="$(rfc2openssl "$cipher")" cipher="$(rfc2openssl "$cipher")"
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://') [[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
elif [[ -n "$SHOW_RFC" ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then elif [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
cipher="$(openssl2rfc "$cipher")" cipher="$(openssl2rfc "$cipher")"
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://') [[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
fi fi
@ -4944,7 +4968,7 @@ run_server_preference() {
pr_bold " Negotiated cipher " pr_bold " Negotiated cipher "
default_cipher_ossl=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') default_cipher_ossl=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
if [[ -z "$SHOW_RFC" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
default_cipher="$default_cipher_ossl" default_cipher="$default_cipher_ossl"
else else
default_cipher="$(openssl2rfc "$default_cipher_ossl")" default_cipher="$(openssl2rfc "$default_cipher_ossl")"
@ -5003,7 +5027,7 @@ run_server_preference() {
cipher1="${TLS_CIPHER_HEXCODE[j]}" cipher1="${TLS_CIPHER_HEXCODE[j]}"
cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")" cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")"
if [[ "$supported_sslv2_ciphers" =~ "$cipher1" ]]; then if [[ "$supported_sslv2_ciphers" =~ "$cipher1" ]]; then
if ( [[ -z "$SHOW_RFC" ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}" cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}"
else else
cipher[i]="${TLS_CIPHER_RFC_NAME[j]}" cipher[i]="${TLS_CIPHER_RFC_NAME[j]}"
@ -5028,7 +5052,7 @@ run_server_preference() {
proto[i]="SSLv3" proto[i]="SSLv3"
cipher[i]="" cipher[i]=""
cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
if [[ -z "$SHOW_RFC" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
cipher[i]="$(rfc2openssl "$cipher1")" cipher[i]="$(rfc2openssl "$cipher1")"
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1" [[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
fi fi
@ -5045,7 +5069,7 @@ run_server_preference() {
proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g') proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
[[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack! [[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack!
if [[ -n "$SHOW_RFC" ]] && [[ -n "${cipher[i]}" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ -n "${cipher[i]}" ]]; then
cipher[i]="$(openssl2rfc "${cipher[i]}")" cipher[i]="$(openssl2rfc "${cipher[i]}")"
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') [[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
fi fi
@ -5069,7 +5093,7 @@ run_server_preference() {
cipher[i]="" cipher[i]=""
else else
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
if [[ -n "$SHOW_RFC" ]] && [[ -n "${cipher[i]}" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]] && [[ -n "${cipher[i]}" ]]; then
cipher[i]="$(openssl2rfc "${cipher[i]}")" cipher[i]="$(openssl2rfc "${cipher[i]}")"
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g') [[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
fi fi
@ -5084,7 +5108,7 @@ run_server_preference() {
if [[ -n "${cipher[i]}" ]]; then # cipher not empty if [[ -n "${cipher[i]}" ]]; then # cipher not empty
if [[ -z "${cipher[i-1]}" ]]; then # previous one empty if [[ -z "${cipher[i-1]}" ]]; then # previous one empty
#outln #outln
if [[ -z "$SHOW_RFC" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
else else
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
@ -5094,7 +5118,7 @@ run_server_preference() {
out ", ${proto[i]}" # same cipher --> only print out protocol behind it out ", ${proto[i]}" # same cipher --> only print out protocol behind it
else else
outln outln
if [[ -z "$SHOW_RFC" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]]; then
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
else else
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
@ -5355,14 +5379,14 @@ cipher_pref_check() {
for (( i=0; i < nr_ciphers; i++ )); do for (( i=0; i < nr_ciphers; i++ )); do
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break [[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
done done
if [[ -z "$SHOW_RFC" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
cipher="$(rfc2openssl "$cipher")" cipher="$(rfc2openssl "$cipher")"
# If there is no OpenSSL name for the cipher, then use the RFC name # If there is no OpenSSL name for the cipher, then use the RFC name
[[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") [[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
fi fi
order+="$cipher " order+="$cipher "
done done
elif [[ -n "$order" ]] && [[ -n "$SHOW_RFC" ]]; then elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
rfc_order="" rfc_order=""
while read -d " " cipher; do while read -d " " cipher; do
rfc_ciph="$(openssl2rfc "$cipher")" rfc_ciph="$(openssl2rfc "$cipher")"
@ -5404,7 +5428,7 @@ cipher_pref_check() {
order+="$cipher " order+="$cipher "
done done
fi fi
if [[ -n "$order" ]] && [[ -n "$SHOW_RFC" ]]; then if [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ "rfc" ]]; then
rfc_order="" rfc_order=""
while read -d " " cipher; do while read -d " " cipher; do
rfc_ciph="$(openssl2rfc "$cipher")" rfc_ciph="$(openssl2rfc "$cipher")"
@ -6946,7 +6970,7 @@ run_pfs() {
for (( i=0; i < nr_supported_ciphers; i++ )); do for (( i=0; i < nr_supported_ciphers; i++ )); do
! "${ciphers_found[i]}" && ! "$SHOW_EACH_C" && continue ! "${ciphers_found[i]}" && ! "$SHOW_EACH_C" && continue
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
pfs_cipher="${ciph[i]}" pfs_cipher="${ciph[i]}"
else else
pfs_cipher="${rfc_ciph[i]}" pfs_cipher="${rfc_ciph[i]}"
@ -10535,7 +10559,7 @@ run_beast(){
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break [[ "$cbc_cipher" == "${ciph[i]}" ]] && break
done done
ciphers_found[i]=true ciphers_found[i]=true
if [[ -z "$SHOW_RFC" ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then
detected_cbc_ciphers+="${ciph[i]} " detected_cbc_ciphers+="${ciph[i]} "
else else
detected_cbc_ciphers+="${rfc_ciph[i]} " detected_cbc_ciphers+="${rfc_ciph[i]} "
@ -10566,7 +10590,7 @@ run_beast(){
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break [[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
done done
ciphers_found[i]=true ciphers_found[i]=true
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
detected_cbc_ciphers+=" ${ciph[i]}" detected_cbc_ciphers+=" ${ciph[i]}"
else else
detected_cbc_ciphers+=" ${rfc_ciph[i]}" detected_cbc_ciphers+=" ${rfc_ciph[i]}"
@ -10943,7 +10967,7 @@ run_rc4() {
outln "${sigalg[i]}" outln "${sigalg[i]}"
fi fi
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then if ( [[ "$DISPLAY_CIPHERNAMES" =~ "openssl" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
rc4_detected+="${ciph[i]} " rc4_detected+="${ciph[i]} "
else else
rc4_detected+="${rfc_ciph[i]} " rc4_detected+="${rfc_ciph[i]} "
@ -11038,8 +11062,7 @@ get_install_dir() {
fi fi
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]]; then if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]]; then
unset ADD_RFC_STR DISPLAY_CIPHERNAMES="no-rfc"
unset SHOW_RFC
debugme echo "$CIPHERS_BY_STRENGTH_FILE" debugme echo "$CIPHERS_BY_STRENGTH_FILE"
pr_warningln "\nATTENTION: No cipher mapping file found!" pr_warningln "\nATTENTION: No cipher mapping file found!"
outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly." outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
@ -11295,7 +11318,9 @@ output options (can also be preset via environment variables):
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner --quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name --wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones --show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <rfc|no-rfc> (rfc: display the RFC Cipher Suite name instead of the OpenSSL name; --mapping <openssl|rfc| (openssl: use the OpenSSL Cipher suite name as the primary name cipher suite name form (default);
no-openssl|no-rfc> rfc: use the RFC Cipher suite name as the primary name cipher suite name form;
no-openssl: don't display the OpenSSL Cipher Suite Name;
no-rfc: don't display the RFC Cipher Suite Name) no-rfc: don't display the RFC Cipher Suite Name)
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--colorblind swap green and blue in the output --colorblind swap green and blue in the output
@ -12737,9 +12762,11 @@ parse_cmd_line() {
cipher_mapping=$(parse_opt_equal_sign "$1" "$2") cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case "$cipher_mapping" in case "$cipher_mapping" in
no-rfc) unset ADD_RFC_STR; unset SHOW_RFC;; no-openssl) DISPLAY_CIPHERNAMES="rfc-only" ;;
rfc) SHOW_RFC="rfc" ;; no-rfc) DISPLAY_CIPHERNAMES="openssl-only" ;;
*) pr_magentaln "\nmapping can only be \"rfc\" or \"no-rfc\"" openssl) DISPLAY_CIPHERNAMES="openssl" ;;
rfc) DISPLAY_CIPHERNAMES="rfc" ;;
*) pr_magentaln "\nmapping can only be \"no-openssl\", \"no-rfc\", \"openssl\", or \"rfc\""
help 1 ;; help 1 ;;
esac esac
;; ;;