mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
Merge pull request #721 from dcooper16/client_simulation_wide_option
Add wide option for client simulations
This commit is contained in:
commit
7a99549e80
58
testssl.sh
58
testssl.sh
@ -3519,8 +3519,8 @@ run_client_simulation() {
|
|||||||
local minEcdsaBits=()
|
local minEcdsaBits=()
|
||||||
local requiresSha2=()
|
local requiresSha2=()
|
||||||
local i=0
|
local i=0
|
||||||
local name tls proto cipher temp what_dh bits has_dh_bits
|
local name tls proto cipher temp what_dh bits curve
|
||||||
local using_sockets=true
|
local has_dh_bits using_sockets=true
|
||||||
|
|
||||||
# source the external file
|
# source the external file
|
||||||
. "$TESTSSL_INSTALL_DIR/etc/client_simulation.txt" 2>/dev/null
|
. "$TESTSSL_INSTALL_DIR/etc/client_simulation.txt" 2>/dev/null
|
||||||
@ -3550,8 +3550,23 @@ run_client_simulation() {
|
|||||||
outln
|
outln
|
||||||
|
|
||||||
debugme tmln_out
|
debugme tmln_out
|
||||||
|
|
||||||
|
if "$WIDE"; then
|
||||||
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
|
out " Browser Protocol Cipher Suite Name (OpenSSL) "
|
||||||
|
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
||||||
|
outln
|
||||||
|
out "------------------------------------------------------------------------------"
|
||||||
|
else
|
||||||
|
out " Browser Protocol Cipher Suite Name (RFC) "
|
||||||
|
( "$using_sockets" || "$HAS_DH_BITS") && out "Forward Secrecy"
|
||||||
|
outln
|
||||||
|
out "----------------------------------------------------------------------------------------------"
|
||||||
|
fi
|
||||||
|
( "$using_sockets" || "$HAS_DH_BITS") && out "----------------------"
|
||||||
|
outln
|
||||||
|
fi
|
||||||
for name in "${short[@]}"; do
|
for name in "${short[@]}"; do
|
||||||
#FIXME: printf formatting would look better, especially if we want a wide option here
|
|
||||||
out " $(printf -- "%-33s" "${names[i]}")"
|
out " $(printf -- "%-33s" "${names[i]}")"
|
||||||
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
||||||
client_simulation_sockets "${handshakebytes[i]}"
|
client_simulation_sockets "${handshakebytes[i]}"
|
||||||
@ -3575,9 +3590,18 @@ run_client_simulation() {
|
|||||||
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE") # extract line
|
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE") # extract line
|
||||||
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
|
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
|
||||||
bits=$(awk -F',' '{ print $3 }' <<< $temp)
|
bits=$(awk -F',' '{ print $3 }' <<< $temp)
|
||||||
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp)
|
if grep -q bits <<< $bits; then
|
||||||
|
curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")"
|
||||||
|
else
|
||||||
|
curve=""
|
||||||
|
bits=$(awk -F',' '{ print $2 }' <<< $temp)
|
||||||
|
fi
|
||||||
bits="${bits/bits/}"
|
bits="${bits/bits/}"
|
||||||
bits="${bits// /}"
|
bits="${bits// /}"
|
||||||
|
if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then
|
||||||
|
curve="$what_dh"
|
||||||
|
what_dh="ECDH"
|
||||||
|
fi
|
||||||
if [[ "$what_dh" == "DH" ]]; then
|
if [[ "$what_dh" == "DH" ]]; then
|
||||||
[[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1
|
[[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1
|
||||||
[[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1
|
[[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1
|
||||||
@ -3623,11 +3647,27 @@ run_client_simulation() {
|
|||||||
cipher="$(openssl2rfc "$cipher")"
|
cipher="$(openssl2rfc "$cipher")"
|
||||||
[[ -z "$cipher" ]] && cipher=$(get_cipher $TMPFILE)
|
[[ -z "$cipher" ]] && cipher=$(get_cipher $TMPFILE)
|
||||||
fi
|
fi
|
||||||
out "$proto $cipher"
|
if ! "$WIDE"; then
|
||||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
out "$proto $cipher"
|
||||||
"$HAS_DH_BITS" && read_dhbits_from_file $TMPFILE
|
elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && HAS_DH_BITS=$has_dh_bits
|
out "$(printf -- "%-7s %-33s" "$proto" "$cipher")"
|
||||||
[[ ":${ROBUST_PFS_CIPHERS}:" =~ ":${cipher}:" ]] && out ", " && pr_done_good "FS"
|
else
|
||||||
|
out "$(printf -- "%-7s %-49s" "$proto" "$cipher")"
|
||||||
|
fi
|
||||||
|
if ! "$WIDE"; then
|
||||||
|
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
|
||||||
|
"$HAS_DH_BITS" && read_dhbits_from_file $TMPFILE
|
||||||
|
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && HAS_DH_BITS=$has_dh_bits
|
||||||
|
elif [[ -n "$what_dh" ]]; then
|
||||||
|
[[ -n "$curve" ]] && curve="($curve)"
|
||||||
|
if [[ "$what_dh" == "ECDH" ]]; then
|
||||||
|
pr_ecdh_quality "$bits" "$(printf -- "%-12s" "$bits bit $what_dh") $curve"
|
||||||
|
else
|
||||||
|
pr_dh_quality "$bits" "$(printf -- "%-12s" "$bits bit $what_dh") $curve"
|
||||||
|
fi
|
||||||
|
elif "$HAS_DH_BITS" || ( "$using_sockets" && [[ -n "${handshakebytes[i]}" ]] ); then
|
||||||
|
out "No FS"
|
||||||
|
fi
|
||||||
outln
|
outln
|
||||||
if [[ -n "${warning[i]}" ]]; then
|
if [[ -n "${warning[i]}" ]]; then
|
||||||
out " "
|
out " "
|
||||||
|
Loading…
Reference in New Issue
Block a user