Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into more_sslv2_sslv3_fixes

Browse Source
This commit is contained in:
David Cooper
2016-07-26 08:48:01 -04:00
parent db0a6db620 5a763ff8e1
commit 6bd6b8959c
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
testssl.sh
View File

@@ -1601,7 +1601,11 @@ test_just_one(){
neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg" neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg"
fi fi
if [[ $? -eq 0 ]]; then # string matches, so we can ssl to it: if [[ $? -eq 0 ]]; then # string matches, so we can ssl to it:
if [[ "$sslvers" == "SSLv2" ]]; then
$OPENSSL s_client -ssl2 -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY 2>$ERRFILE >$TMPFILE </dev/null
else
$OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null $OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null
fi
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
sclient_success=$? sclient_success=$?
if [[ $kx == "Kx=ECDH" ]] || [[ $kx == "Kx=DH" ]] || [[ $kx == "Kx=EDH" ]]; then if [[ $kx == "Kx=ECDH" ]] || [[ $kx == "Kx=DH" ]] || [[ $kx == "Kx=EDH" ]]; then
@@ -6946,6 +6950,7 @@ run_rc4() {
local -i sclient_success local -i sclient_success
local hexcode dash rc4_cipher sslvers kx auth enc mac export local hexcode dash rc4_cipher sslvers kx auth enc mac export
local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5" local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5"
local rc4_ssl2_ciphers_list="RC4-MD5:RC4-64-MD5:EXP-RC4-MD5"
local rc4_detected="" local rc4_detected=""
local available="" local available=""
@@ -6959,7 +6964,14 @@ run_rc4() {
pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) " pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) "
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null $OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then sclient_connect_successful $? $TMPFILE
sclient_success=$?
if $HAS_SSL2 && [[ $sclient_success -ne 0 ]]; then
$OPENSSL s_client -cipher $rc4_ssl2_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
sclient_connect_successful $? $TMPFILE
sclient_success=$?
fi
if [[ $sclient_success -eq 0 ]]; then
"$WIDE" || pr_svrty_high "VULNERABLE (NOT ok): " "$WIDE" || pr_svrty_high "VULNERABLE (NOT ok): "
rc4_offered=1 rc4_offered=1
if "$WIDE"; then if "$WIDE"; then
@@ -6967,7 +6979,11 @@ run_rc4() {
neat_header neat_header
fi fi
while read hexcode dash rc4_cipher sslvers kx auth enc mac; do while read hexcode dash rc4_cipher sslvers kx auth enc mac; do
if [[ "$sslvers" == "SSLv2" ]]; then
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 </dev/null >$TMPFILE 2>$ERRFILE
else
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
fi
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
sclient_success=$? # here we may have a fp with openssl < 1.0, TBC sclient_success=$? # here we may have a fp with openssl < 1.0, TBC
if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then