From 7cfe97f23ad2eeb81c0a7ed8a9a10d915eda06e9 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 23 Aug 2016 12:37:22 -0400 Subject: [PATCH] Warning on BEAST when no local SSLv3 support If the version of OpenSSL being used doesn't support `s_client -ssl3` (e.g., OpenSSL 1.1.0), `run_beast()` doesn't display a warning that testing for CBC in SSLv3 isn't locally supported. This PR adds a "Local problem" warning if the OpenSSL being used doesn't support `s_client -ssl3`. --- testssl.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1d91590..507fd6e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6742,11 +6742,21 @@ run_beast(){ done for proto in ssl3 tls1; do + if [[ "$proto" == "ssl3" ]] && ! locally_supported "-$proto"; then + continued=true + out " " + continue + fi $OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE