Color all ciphers

This PR adds an additional COLOR level (3). If color is set to 3 then all ciphers are printed according to pr_cipher_quality() rather than just the "Negotiated cipher" in run_server_preference().
This commit is contained in:
David Cooper 2017-11-21 16:44:49 -05:00
parent 868e872dc6
commit 853b8333e3

View File

@ -168,7 +168,7 @@ TERM_CURRPOS=0 # custom line wrappi
# 0 means (normally) true here. Some of the variables are also accessible with a command line switch, see --help # 0 means (normally) true here. Some of the variables are also accessible with a command line switch, see --help
declare -x OPENSSL OPENSSL_TIMEOUT declare -x OPENSSL OPENSSL_TIMEOUT
FAST_SOCKET=${FAST_SOCKET:-false} # EXPERIMENTAL feature to accelerate sockets -- DO NOT USE it for production FAST_SOCKET=${FAST_SOCKET:-false} # EXPERIMENTAL feature to accelerate sockets -- DO NOT USE it for production
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all COLOR=${COLOR:-2} # 3: extra color, 2: Full color, 1: b/w+positioning, 0: no ESC at all
COLORBLIND=${COLORBLIND:-false} # if true, swap blue and green in the output COLORBLIND=${COLORBLIND:-false} # if true, swap blue and green in the output
SHOW_EACH_C=${SHOW_EACH_C:-false} # where individual ciphers are tested show just the positively ones tested SHOW_EACH_C=${SHOW_EACH_C:-false} # where individual ciphers are tested show just the positively ones tested
SHOW_SIGALGO=${SHOW_SIGALGO:-false} # "secret" switch whether testssl.sh shows the signature algorithm for -E / -e SHOW_SIGALGO=${SHOW_SIGALGO:-false} # "secret" switch whether testssl.sh shows the signature algorithm for -E / -e
@ -421,36 +421,36 @@ outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$1\n"; }
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine #TODO: Still no shell injection safe but if just run it from the cmd line: that's fine
# color print functions, see also http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html # color print functions, see also http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
tm_liteblue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && tm_out "\033[0;32m$1" || tm_out "\033[0;34m$1" ) || tm_out "$1"; tm_off; } # not yet used tm_liteblue() { [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && tm_out "\033[0;32m$1" || tm_out "\033[0;34m$1" ) || tm_out "$1"; tm_off; } # not yet used
pr_liteblue() { tm_liteblue "$1"; [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; } pr_liteblue() { tm_liteblue "$1"; [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; }
tmln_liteblue() { tm_liteblue "$1"; tmln_out; } tmln_liteblue() { tm_liteblue "$1"; tmln_out; }
prln_liteblue() { pr_liteblue "$1"; outln; } prln_liteblue() { pr_liteblue "$1"; outln; }
tm_blue() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && tm_out "\033[1;32m$1" || tm_out "\033[1;34m$1" ) || tm_out "$1"; tm_off; } # used for head lines of single tests tm_blue() { [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && tm_out "\033[1;32m$1" || tm_out "\033[1;34m$1" ) || tm_out "$1"; tm_off; } # used for head lines of single tests
pr_blue() { tm_blue "$1"; [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; } pr_blue() { tm_blue "$1"; [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; }
tmln_blue() { tm_blue "$1"; tmln_out; } tmln_blue() { tm_blue "$1"; tmln_out; }
prln_blue() { pr_blue "$1"; outln; } prln_blue() { pr_blue "$1"; outln; }
# we should be able to use aliases here # we should be able to use aliases here
tm_warning() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[0;35m$1" || tm_underline "$1"; tm_off; } # some local problem: one test cannot be done tm_warning() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[0;35m$1" || tm_underline "$1"; tm_off; } # some local problem: one test cannot be done
tmln_warning() { tm_warning "$1"; tmln_out; } # litemagenta tmln_warning() { tm_warning "$1"; tmln_out; } # litemagenta
pr_warning() { tm_warning "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:#cd00cd;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<u>$(html_reserved "$1")</u>" || html_out "$(html_reserved "$1")" ); } pr_warning() { tm_warning "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:#cd00cd;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<u>$(html_reserved "$1")</u>" || html_out "$(html_reserved "$1")" ); }
prln_warning() { pr_warning "$1"; outln; } prln_warning() { pr_warning "$1"; outln; }
tm_magenta() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[1;35m$1" || tm_underline "$1"; tm_off; } # fatal error: quitting because of this! tm_magenta() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[1;35m$1" || tm_underline "$1"; tm_off; } # fatal error: quitting because of this!
tmln_magenta() { tm_magenta "$1"; tmln_out; } tmln_magenta() { tm_magenta "$1"; tmln_out; }
# different as warning above? # different as warning above?
pr_magenta() { tm_magenta "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:magenta;font-weight:bold;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<u>$(html_reserved "$1")</u>" || html_out "$(html_reserved "$1")" ); } pr_magenta() { tm_magenta "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:magenta;font-weight:bold;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<u>$(html_reserved "$1")</u>" || html_out "$(html_reserved "$1")" ); }
prln_magenta() { pr_magenta "$1"; outln; } prln_magenta() { pr_magenta "$1"; outln; }
tm_litecyan() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[0;36m$1" || tm_out "$1"; tm_off; } # not yet used tm_litecyan() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[0;36m$1" || tm_out "$1"; tm_off; } # not yet used
tmln_litecyan() { tm_litecyan "$1"; tmln_out; } tmln_litecyan() { tm_litecyan "$1"; tmln_out; }
pr_litecyan() { tm_litecyan "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:#00cdcd;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; } pr_litecyan() { tm_litecyan "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:#00cdcd;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; }
prln_litecyan() { pr_litecyan "$1"; outln; } prln_litecyan() { pr_litecyan "$1"; outln; }
tm_cyan() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[1;36m$1" || tm_out "$1"; tm_off; } # additional hint tm_cyan() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[1;36m$1" || tm_out "$1"; tm_off; } # additional hint
tmln_cyan() { tm_cyan "$1"; tmln_out; } tmln_cyan() { tm_cyan "$1"; tmln_out; }
pr_cyan() { tm_cyan "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:cyan;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; } pr_cyan() { tm_cyan "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:cyan;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; }
prln_cyan() { pr_cyan "$1"; outln; } prln_cyan() { pr_cyan "$1"; outln; }
tm_litegrey() { [[ "$COLOR" -ne 0 ]] && tm_out "\033[0;37m$1" || tm_out "$1"; tm_off; } # ... https://github.com/drwetter/testssl.sh/pull/600#issuecomment-276129876 tm_litegrey() { [[ "$COLOR" -ne 0 ]] && tm_out "\033[0;37m$1" || tm_out "$1"; tm_off; } # ... https://github.com/drwetter/testssl.sh/pull/600#issuecomment-276129876
@ -463,33 +463,33 @@ pr_grey() { tm_grey "$1"; [[ "$COLOR" -ne 0 ]] && html_out "<span style=\"
tmln_grey() { tm_grey "$1"; tmln_out; } tmln_grey() { tm_grey "$1"; tmln_out; }
prln_grey() { pr_grey "$1"; outln; } prln_grey() { pr_grey "$1"; outln; }
tm_done_good() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && tm_out "\033[0;34m$1" || tm_out "\033[0;32m$1" ) || tm_out "$1"; tm_off; } # litegreen (liteblue), This is good tm_done_good() { [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && tm_out "\033[0;34m$1" || tm_out "\033[0;32m$1" ) || tm_out "$1"; tm_off; } # litegreen (liteblue), This is good
tmln_done_good() { tm_done_good "$1"; tmln_out; } tmln_done_good() { tm_done_good "$1"; tmln_out; }
pr_done_good() { tm_done_good "$1"; [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; } pr_done_good() { tm_done_good "$1"; [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#0000ee;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:#00cd00;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; }
prln_done_good() { pr_done_good "$1"; outln; } prln_done_good() { pr_done_good "$1"; outln; }
tm_done_best() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && tm_out "\033[1;34m$1" || tm_out "\033[1;32m$1" ) || tm_out "$1"; tm_off; } # green (blue), This is the best tm_done_best() { [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && tm_out "\033[1;34m$1" || tm_out "\033[1;32m$1" ) || tm_out "$1"; tm_off; } # green (blue), This is the best
tmln_done_best() { tm_done_best "$1"; tmln_out; } tmln_done_best() { tm_done_best "$1"; tmln_out; }
pr_done_best() { tm_done_best "$1"; [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; } pr_done_best() { tm_done_best "$1"; [[ "$COLOR" -ge 2 ]] && ( "$COLORBLIND" && html_out "<span style=\"color:#5c5cff;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "<span style=\"color:lime;font-weight:bold;\">$(html_reserved "$1")</span>" ) || html_out "$(html_reserved "$1")"; }
prln_done_best() { pr_done_best "$1"; outln; } prln_done_best() { pr_done_best "$1"; outln; }
tm_svrty_low() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[1;33m$1" || tm_out "$1"; tm_off; } # yellow brown | academic or minor problem tm_svrty_low() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[1;33m$1" || tm_out "$1"; tm_off; } # yellow brown | academic or minor problem
tmln_svrty_low() { tm_svrty_low "$1"; tmln_out; } tmln_svrty_low() { tm_svrty_low "$1"; tmln_out; }
pr_svrty_low() { tm_svrty_low "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:#cdcd00;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; } pr_svrty_low() { tm_svrty_low "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:#cdcd00;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; }
prln_svrty_low() { pr_svrty_low "$1"; outln; } prln_svrty_low() { pr_svrty_low "$1"; outln; }
tm_svrty_medium() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[0;33m$1" || tm_out "$1"; tm_off; } # brown | it is not a bad problem but you shouldn't do this tm_svrty_medium() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[0;33m$1" || tm_out "$1"; tm_off; } # brown | it is not a bad problem but you shouldn't do this
pr_svrty_medium() { tm_svrty_medium "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:#cd8000;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; } pr_svrty_medium() { tm_svrty_medium "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:#cd8000;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; }
tmln_svrty_medium(){ tm_svrty_medium "$1"; tmln_out; } tmln_svrty_medium(){ tm_svrty_medium "$1"; tmln_out; }
prln_svrty_medium(){ pr_svrty_medium "$1"; outln; } prln_svrty_medium(){ pr_svrty_medium "$1"; outln; }
tm_svrty_high() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[0;31m$1" || tm_bold "$1"; tm_off; } # litered tm_svrty_high() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[0;31m$1" || tm_bold "$1"; tm_off; } # litered
pr_svrty_high() { tm_svrty_high "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:#cd0000;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<span style=\"font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")" ); } pr_svrty_high() { tm_svrty_high "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:#cd0000;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<span style=\"font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")" ); }
tmln_svrty_high() { tm_svrty_high "$1"; tmln_out; } tmln_svrty_high() { tm_svrty_high "$1"; tmln_out; }
prln_svrty_high() { pr_svrty_high "$1"; outln; } prln_svrty_high() { pr_svrty_high "$1"; outln; }
tm_svrty_critical() { [[ "$COLOR" -eq 2 ]] && tm_out "\033[1;31m$1" || tm_bold "$1"; tm_off; } # red tm_svrty_critical() { [[ "$COLOR" -ge 2 ]] && tm_out "\033[1;31m$1" || tm_bold "$1"; tm_off; } # red
pr_svrty_critical() { tm_svrty_critical "$1"; [[ "$COLOR" -eq 2 ]] && html_out "<span style=\"color:red;font-weight:bold;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<span style=\"font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")" ); } pr_svrty_critical() { tm_svrty_critical "$1"; [[ "$COLOR" -ge 2 ]] && html_out "<span style=\"color:red;font-weight:bold;\">$(html_reserved "$1")</span>" || ( [[ "$COLOR" -eq 1 ]] && html_out "<span style=\"font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")" ); }
tmln_svrty_critical() { tm_svrty_critical "$1"; tmln_out; } tmln_svrty_critical() { tm_svrty_critical "$1"; tmln_out; }
prln_svrty_critical() { pr_svrty_critical "$1"; outln; } prln_svrty_critical() { pr_svrty_critical "$1"; outln; }
@ -529,7 +529,7 @@ pr_reverse_bold() { tm_reverse_bold "$1"; [[ "$COLOR" -ne 0 ]] && html_out "<spa
#pr_headline() { pr_blue "$1"; } #pr_headline() { pr_blue "$1"; }
#http://misc.flogisoft.com/bash/tip_colors_and_formatting #http://misc.flogisoft.com/bash/tip_colors_and_formatting
#pr_headline() { [[ "$COLOR" -eq 2 ]] && out "\033[1;30m\033[47m$1" || out "$1"; tm_off; } #pr_headline() { [[ "$COLOR" -ge 2 ]] && out "\033[1;30m\033[47m$1" || out "$1"; tm_off; }
tm_headline() { [[ "$COLOR" -ne 0 ]] && tm_out "\033[1m\033[4m$1" || tm_out "$1"; tm_off; } tm_headline() { [[ "$COLOR" -ne 0 ]] && tm_out "\033[1m\033[4m$1" || tm_out "$1"; tm_off; }
tmln_headline() { tm_headline "$1"; tmln_out; } tmln_headline() { tm_headline "$1"; tmln_out; }
pr_headline() { tm_headline "$1"; [[ "$COLOR" -ne 0 ]] && html_out "<span style=\"text-decoration:underline;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; } pr_headline() { tm_headline "$1"; [[ "$COLOR" -ne 0 ]] && html_out "<span style=\"text-decoration:underline;font-weight:bold;\">$(html_reserved "$1")</span>" || html_out "$(html_reserved "$1")"; }
@ -586,7 +586,7 @@ set_color_functions() {
tput cols &>/dev/null || return 0 # tput under BSDs and GNUs doesn't work either (TERM undefined?) tput cols &>/dev/null || return 0 # tput under BSDs and GNUs doesn't work either (TERM undefined?)
tput sgr0 &>/dev/null || ncurses_tput=false tput sgr0 &>/dev/null || ncurses_tput=false
tput sgr 0 1 &>/dev/null || ncurses_tput=false # OpenBSD succeed the previous one but fails here tput sgr 0 1 &>/dev/null || ncurses_tput=false # OpenBSD succeed the previous one but fails here
if [[ "$COLOR" -eq 2 ]]; then if [[ "$COLOR" -ge 2 ]]; then
if $ncurses_tput; then if $ncurses_tput; then
red=$(tput setaf 1) red=$(tput setaf 1)
green=$(tput setaf 2) green=$(tput setaf 2)
@ -1269,6 +1269,18 @@ out_row_aligned_max_width_by_entry() {
done <<< "$resp" done <<< "$resp"
} }
print_fixed_width() {
local text="$1"
local -i i len width="$2"
local print_function="$3"
len=${#text}
$print_function "$text"
for (( i=len; i <= width; i++ )); do
out " "
done
}
# saves $TMPFILE or file supplied in $2 under name "$TEMPDIR/$NODEIP.$1". # saves $TMPFILE or file supplied in $2 under name "$TEMPDIR/$NODEIP.$1".
# Note: after finishing $TEMPDIR will be removed unless DEBUG >=1 # Note: after finishing $TEMPDIR will be removed unless DEBUG >=1
tmpfile_handle() { tmpfile_handle() {
@ -2770,11 +2782,19 @@ neat_list(){
what_dh="$kx" what_dh="$kx"
bits="" bits=""
fi fi
len=${#kx} if [[ "$COLOR" -le 2 ]]; then
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
out "$(printf -- " %-7s %-49s " "$hexcode" "$tls_cipher")" out "$(printf -- " %-7s %-49s " "$hexcode" "$tls_cipher")"
else
out "$(printf -- " %-7s %-33s " "$hexcode" "$ossl_cipher")"
fi
else else
out "$(printf -- " %-7s %-33s " "$hexcode" "$ossl_cipher")" out "$(printf -- " %-7s " "$hexcode")"
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
print_fixed_width "$tls_cipher" 49 pr_cipher_quality
else
print_fixed_width "$ossl_cipher" 33 pr_cipher_quality
fi
fi fi
out "$what_dh" out "$what_dh"
if [[ -n "$bits" ]]; then if [[ -n "$bits" ]]; then
@ -2784,14 +2804,24 @@ neat_list(){
pr_ecdh_quality "$bits" " $bits" pr_ecdh_quality "$bits" " $bits"
fi fi
fi fi
len=${#kx}
for (( i=len; i<10; i++ )); do for (( i=len; i<10; i++ )); do
out " " out " "
done done
out "$(printf -- " %-12s%-8s" "$enc" "$strength")" out "$(printf -- " %-12s%-8s " "$enc" "$strength")"
if [[ "$DISPLAY_CIPHERNAMES" == rfc ]]; then if [[ "$COLOR" -le 2 ]]; then
out "$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")" if [[ "$DISPLAY_CIPHERNAMES" == rfc ]]; then
elif [[ "$DISPLAY_CIPHERNAMES" == openssl ]]; then out "$(printf -- "%-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
out "$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")" elif [[ "$DISPLAY_CIPHERNAMES" == openssl ]]; then
out "$(printf -- "%-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
fi
else
if [[ "$DISPLAY_CIPHERNAMES" == rfc ]]; then
print_fixed_width "$ossl_cipher" 32 pr_cipher_quality
elif [[ "$DISPLAY_CIPHERNAMES" == openssl ]]; then
print_fixed_width "$tls_cipher" 48 pr_cipher_quality
fi
out "$(printf -- "${SHOW_EACH_C:+ %-0s}")"
fi fi
} }
@ -4061,12 +4091,23 @@ run_client_simulation() {
cipher="$(openssl2rfc "$cipher")" cipher="$(openssl2rfc "$cipher")"
[[ -z "$cipher" ]] && cipher=$(get_cipher $TMPFILE) [[ -z "$cipher" ]] && cipher=$(get_cipher $TMPFILE)
fi fi
if ! "$WIDE"; then out "$proto "
out "$proto $cipher" "$WIDE" && out " "
elif [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then if [[ "$COLOR" -le 2 ]]; then
out "$(printf -- "%-7s %-34s" "$proto" "$cipher")" out "$cipher"
else else
out "$(printf -- "%-7s %-50s" "$proto" "$cipher")" pr_cipher_quality "$cipher"
fi
if "$WIDE"; then
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
for (( j=${#cipher}; j < 34; j++ )); do
out " "
done
else
for (( j=${#cipher}; j < 50; j++ )); do
out " "
done
fi
fi fi
if ! "$WIDE"; then if ! "$WIDE"; then
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true "$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
@ -5028,7 +5069,7 @@ run_server_preference() {
local limitedsense supported_sslv2_ciphers local limitedsense supported_sslv2_ciphers
local -a cipher proto local -a cipher proto
local proto_ossl proto_txt proto_hex cipherlist i local proto_ossl proto_txt proto_hex cipherlist i
local -i ret=0 j sclient_success local -i ret=0 j sclient_success str_len
local list_fwd="DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256" local list_fwd="DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256"
# now reversed offline via tac, see https://github.com/thomassa/testssl.sh/commit/7a4106e839b8c3033259d66697893765fc468393 : # now reversed offline via tac, see https://github.com/thomassa/testssl.sh/commit/7a4106e839b8c3033259d66697893765fc468393 :
local list_reverse="AES256-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA256:AES128-SHA:RC4-SHA:DES-CBC-SHA:RC4-MD5:DES-CBC3-SHA" local list_reverse="AES256-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA256:AES128-SHA:RC4-SHA:DES-CBC-SHA:RC4-MD5:DES-CBC3-SHA"
@ -5287,15 +5328,28 @@ run_server_preference() {
if [[ -n "${cipher[i]}" ]]; then # cipher not empty if [[ -n "${cipher[i]}" ]]; then # cipher not empty
if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${cipher[i]}" ]]; then if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${cipher[i]}" ]]; then
[[ -n "$prev_cipher" ]] && outln [[ -n "$prev_cipher" ]] && outln
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then str_len=${#cipher[i]}
out "$(printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}")" # print out both out " "
if [[ "$COLOR" -le 2 ]]; then
out "${cipher[i]}"
else else
out "$(printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}")" # print out both pr_cipher_quality "${cipher[i]}"
fi
out ":"
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
for (( 1; str_len < 30; str_len++ )); do
out " "
done
else
for (( 1; str_len < 51; str_len++ )); do
out " "
done
fi fi
else else
out ", ${proto[i]}" # same cipher --> only print out protocol behind it out ", " # same cipher --> only print out protocol behind it
fi fi
prev_cipher="${cipher[i]}" out "${proto[i]}"
prev_cipher="${cipher[i]}"
fi fi
fileout "order_${proto[i]}_cipher" "INFO" "Default cipher on ${proto[i]}: ${cipher[i]} $limitedsense" fileout "order_${proto[i]}_cipher" "INFO" "Default cipher on ${proto[i]}: ${cipher[i]} $limitedsense"
done done
@ -5567,7 +5621,11 @@ cipher_pref_check() {
add_tls_offered "$p" yes add_tls_offered "$p" yes
outln outln
out "$(printf " %-10s " "$proto: ")" out "$(printf " %-10s " "$proto: ")"
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)" if [[ "$COLOR" -le 2 ]]; then
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
else
out_row_aligned_max_width_by_entry "$order" " " $TERM_WIDTH pr_cipher_quality
fi
fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order" fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
fi fi
done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")" done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
@ -7393,7 +7451,7 @@ run_pfs() {
neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}" neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
pr_done_best "available" pr_cipher_quality "${rfc_ciph[i]}" "available"
else else
pr_deemphasize "not a/v" pr_deemphasize "not a/v"
fi fi
@ -7401,7 +7459,13 @@ run_pfs() {
outln "${sigalg[i]}" outln "${sigalg[i]}"
fi fi
done done
! "$WIDE" && out "$(out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH)" if ! "$WIDE"; then
if [[ "$COLOR" -le 2 ]]; then
out "$(out_row_aligned_max_width "$pfs_ciphers" " " $TERM_WIDTH)"
else
out_row_aligned_max_width_by_entry "$pfs_ciphers" " " $TERM_WIDTH pr_cipher_quality
fi
fi
debugme echo $pfs_offered debugme echo $pfs_offered
"$WIDE" || outln "$WIDE" || outln
fileout "pfs_ciphers" "INFO" "(Perfect) Forward Secrecy Ciphers: $pfs_ciphers" fileout "pfs_ciphers" "INFO" "(Perfect) Forward Secrecy Ciphers: $pfs_ciphers"
@ -13160,7 +13224,7 @@ output options (can also be preset via environment variables):
rfc| rfc: use the RFC cipher suite name as the primary name cipher suite name form rfc| rfc: use the RFC cipher suite name as the primary name cipher suite name form
no-openssl| no-openssl: don't display the OpenSSL cipher suite name, display RFC names only no-openssl| no-openssl: don't display the OpenSSL cipher suite name, display RFC names only
no-rfc> no-rfc: don't display the RFC cipher suite name, display OpenSSL names only no-rfc> no-rfc: don't display the RFC cipher suite name, display OpenSSL names only
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2|3> 0: no escape or other codes, 1: b/w escape codes, 2: color (default), 3: extra color (color all ciphers)
--colorblind swap green and blue in the output --colorblind swap green and blue in the output
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh" --debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
@ -15042,9 +15106,9 @@ parse_cmd_line() {
COLOR="$(parse_opt_equal_sign "$1" "$2")" COLOR="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
case $COLOR in case $COLOR in
[0-2]) ;; [0-3]) ;;
*) COLOR=2 *) COLOR=2
tmln_magenta "\nunrecognized color: \"$1\", must be between 0..2" 1>&2 tmln_magenta "\nunrecognized color: \"$1\", must be between 0..3" 1>&2
help 1 help 1
esac esac
;; ;;