mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Merge branch 'master' into more_sslv2_sslv3_fixes
This commit is contained in:
commit
6bd6b8959c
18
testssl.sh
18
testssl.sh
@ -1601,7 +1601,11 @@ test_just_one(){
|
|||||||
neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg"
|
neat_list $HEXC $ciph $kx $enc | grep -qwai "$arg"
|
||||||
fi
|
fi
|
||||||
if [[ $? -eq 0 ]]; then # string matches, so we can ssl to it:
|
if [[ $? -eq 0 ]]; then # string matches, so we can ssl to it:
|
||||||
|
if [[ "$sslvers" == "SSLv2" ]]; then
|
||||||
|
$OPENSSL s_client -ssl2 -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY 2>$ERRFILE >$TMPFILE </dev/null
|
||||||
|
else
|
||||||
$OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null
|
$OPENSSL s_client -cipher $ciph $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI 2>$ERRFILE >$TMPFILE </dev/null
|
||||||
|
fi
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
if [[ $kx == "Kx=ECDH" ]] || [[ $kx == "Kx=DH" ]] || [[ $kx == "Kx=EDH" ]]; then
|
if [[ $kx == "Kx=ECDH" ]] || [[ $kx == "Kx=DH" ]] || [[ $kx == "Kx=EDH" ]]; then
|
||||||
@ -6946,6 +6950,7 @@ run_rc4() {
|
|||||||
local -i sclient_success
|
local -i sclient_success
|
||||||
local hexcode dash rc4_cipher sslvers kx auth enc mac export
|
local hexcode dash rc4_cipher sslvers kx auth enc mac export
|
||||||
local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5"
|
local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5"
|
||||||
|
local rc4_ssl2_ciphers_list="RC4-MD5:RC4-64-MD5:EXP-RC4-MD5"
|
||||||
local rc4_detected=""
|
local rc4_detected=""
|
||||||
local available=""
|
local available=""
|
||||||
|
|
||||||
@ -6959,7 +6964,14 @@ run_rc4() {
|
|||||||
pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) "
|
pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) "
|
||||||
|
|
||||||
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
if sclient_connect_successful $? $TMPFILE; then
|
sclient_connect_successful $? $TMPFILE
|
||||||
|
sclient_success=$?
|
||||||
|
if $HAS_SSL2 && [[ $sclient_success -ne 0 ]]; then
|
||||||
|
$OPENSSL s_client -cipher $rc4_ssl2_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
|
sclient_connect_successful $? $TMPFILE
|
||||||
|
sclient_success=$?
|
||||||
|
fi
|
||||||
|
if [[ $sclient_success -eq 0 ]]; then
|
||||||
"$WIDE" || pr_svrty_high "VULNERABLE (NOT ok): "
|
"$WIDE" || pr_svrty_high "VULNERABLE (NOT ok): "
|
||||||
rc4_offered=1
|
rc4_offered=1
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
@ -6967,7 +6979,11 @@ run_rc4() {
|
|||||||
neat_header
|
neat_header
|
||||||
fi
|
fi
|
||||||
while read hexcode dash rc4_cipher sslvers kx auth enc mac; do
|
while read hexcode dash rc4_cipher sslvers kx auth enc mac; do
|
||||||
|
if [[ "$sslvers" == "SSLv2" ]]; then
|
||||||
|
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
|
else
|
||||||
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
|
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
|
fi
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
sclient_success=$? # here we may have a fp with openssl < 1.0, TBC
|
sclient_success=$? # here we may have a fp with openssl < 1.0, TBC
|
||||||
if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then
|
if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then
|
||||||
|
Loading…
Reference in New Issue
Block a user