Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-09 04:02:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consistency for function ciphers_by_strength()

Browse Source 
* keys now always with v, like supportedciphers_TLSv1_2 and also
  ciphers (e.g. TLSv1.2   x35     AES256-SHA)
* add word "server" to file output so that it reads "NOT a server cipher order configured"

Fixes #2884
This commit is contained in:
Dirk
2025-09-30 14:30:52 +02:00
parent d66b67befe
commit 78ecf53b67
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -4486,6 +4486,7 @@ run_allciphers() {
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
# for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they
# are good or bad) and list them in order to encryption strength.
#
ciphers_by_strength() {
local proto="$1" proto_hex="$2" proto_text="$3"
local using_sockets="$4" wide="$5" serverpref_known="$6"
@ -4911,7 +4912,7 @@ run_cipher_per_proto() {
while read proto proto_hex proto_text; do
pr_underline "$(printf -- "%b" "$proto_text")"
ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets" "true" "false"
done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3")"
done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLSv1\n -tls1_1 02 TLSv1.1\n -tls1_2 03 TLSv1.2\n -tls1_3 04 TLSv1.3")"
return 0
#FIXME: no error condition
}
@ -4930,6 +4931,7 @@ run_cipher_per_proto() {
# then either:
# 1) replace it with one corresponding to $SNI; or
# 2) remove it, if $SNI is empty
#
modify_clienthello() {
local tls_handshake_ascii="$1"
local new_key_share="$2" cookie="$3"
@ -7321,7 +7323,7 @@ run_server_preference() {
if "$TLS13_ONLY" && ! "$has_tls13_cipher_order"; then
terminal_msg="no (TLS 1.3 only)"
limitedsense=" (limited sense as client will pick)"
fileout_msg="not a cipher order for TLS 1.3 configured"
fileout_msg="not a server cipher order for TLS 1.3 configured"
elif ! "$TLS13_ONLY" && [[ -z "$cipher2" ]]; then
pr_warning "unable to determine"
elif ! "$has_cipher_order" && ! "$has_tls13_cipher_order"; then
@ -7329,7 +7331,7 @@ run_server_preference() {
terminal_msg="no (NOT ok)"
[[ "$fileout_rating" == INFO ]] && terminal_msg="no"
limitedsense=" (limited sense as client will pick)"
fileout_msg="NOT a cipher order configured"
fileout_msg="NOT a server cipher order configured"
elif "$has_cipher_order" && ! "$has_tls13_cipher_order" && [[ "$default_proto" == TLSv1.3 ]]; then
if [[ $NO_CIPHER_ORDER_LEVEL -eq 5 ]]; then
pr_svrty_good "yes (OK)"; out " -- only for < TLS 1.3"
@ -7404,6 +7406,7 @@ run_server_preference() {
}
# arg1: true if the list that is returned does not need to be ordered by preference.
#
check_tls12_pref() {
local unordered_list_ok="$1"
local chacha20_ciphers="" non_chacha20_ciphers=""
@ -7499,6 +7502,7 @@ check_tls12_pref() {
}
# At the moment only called from run_server_preference()
#
cipher_pref_check() {
local proto="$1" proto_hex="$2" proto_text="$3"
local using_sockets="$4"