mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Renaming proto variables in cipher_pref_check()
... to be consistent with ciphers_by_strength: - proto --> proto_text - proto_ossl --> proto
This commit is contained in:
parent
3b92b0cf85
commit
8938c21703
46
testssl.sh
46
testssl.sh
@ -4088,7 +4088,7 @@ ciphers_by_strength() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
outln " protocol support with no cipher "
|
outln " protocol supported with no cipher "
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
add_tls_offered ssl2 no
|
add_tls_offered ssl2 no
|
||||||
@ -6667,7 +6667,7 @@ check_tls12_pref() {
|
|||||||
|
|
||||||
# At the moment only called from run_server_preference()
|
# At the moment only called from run_server_preference()
|
||||||
cipher_pref_check() {
|
cipher_pref_check() {
|
||||||
local proto_ossl="$1" proto_hex="$2" proto="$3"
|
local proto="$1" proto_hex="$2" proto_text="$3"
|
||||||
local using_sockets="$4"
|
local using_sockets="$4"
|
||||||
local wide="$5" # at the moment always = true
|
local wide="$5" # at the moment always = true
|
||||||
local tested_cipher cipher order rfc_cipher rfc_order
|
local tested_cipher cipher order rfc_cipher rfc_order
|
||||||
@ -6681,17 +6681,17 @@ cipher_pref_check() {
|
|||||||
local ciphers_found_with_sockets
|
local ciphers_found_with_sockets
|
||||||
|
|
||||||
order=""; ciphers_found_with_sockets=false
|
order=""; ciphers_found_with_sockets=false
|
||||||
if [[ $proto_ossl == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
|
if [[ $proto == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
|
||||||
out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
if [[ $proto_ossl == tls1_3 ]] && ! "$HAS_TLS13" && ! "$using_sockets"; then
|
if [[ $proto == tls1_3 ]] && ! "$HAS_TLS13" && ! "$using_sockets"; then
|
||||||
out "\n TLSv1.3 "; pr_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\"";
|
out "\n TLSv1.3 "; pr_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\"";
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ( [[ $proto_ossl != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $proto_ossl != ssl3 ]] || "$HAS_SSL3" ); then
|
if ( [[ $proto != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $proto != ssl3 ]] || "$HAS_SSL3" ); then
|
||||||
if [[ $proto_ossl == tls1_2 ]] && "$SERVER_SIZE_LIMIT_BUG"; then
|
if [[ $proto == tls1_2 ]] && "$SERVER_SIZE_LIMIT_BUG"; then
|
||||||
order="$(check_tls12_pref "$wide")"
|
order="$(check_tls12_pref "$wide")"
|
||||||
[[ "${order:0:1}" == \ ]] && order="${order:1}"
|
[[ "${order:0:1}" == \ ]] && order="${order:1}"
|
||||||
ciphers_found="$order"
|
ciphers_found="$order"
|
||||||
@ -6699,7 +6699,7 @@ cipher_pref_check() {
|
|||||||
if "$wide" || [[ -z "$order" ]]; then
|
if "$wide" || [[ -z "$order" ]]; then
|
||||||
tested_cipher=""; order=""; nr_ciphers_found=0
|
tested_cipher=""; order=""; nr_ciphers_found=0
|
||||||
while true; do
|
while true; do
|
||||||
if [[ $proto_ossl != tls1_3 ]]; then
|
if [[ $proto != tls1_3 ]]; then
|
||||||
if [[ -n "$ciphers_found" ]]; then
|
if [[ -n "$ciphers_found" ]]; then
|
||||||
ciphers_to_test=""
|
ciphers_to_test=""
|
||||||
for cipher in $ciphers_found; do
|
for cipher in $ciphers_found; do
|
||||||
@ -6718,7 +6718,7 @@ cipher_pref_check() {
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
ciphers_to_test="-ciphersuites ${ciphers_to_test:1}"
|
ciphers_to_test="-ciphersuites ${ciphers_to_test:1}"
|
||||||
fi
|
fi
|
||||||
$OPENSSL s_client $(s_client_options "$STARTTLS -"$proto_ossl" $BUGS $ciphers_to_test -connect $NODEIP:$PORT $PROXY $SNI") </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $(s_client_options "$STARTTLS -"$proto" $BUGS $ciphers_to_test -connect $NODEIP:$PORT $PROXY $SNI") </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
cipher=$(get_cipher $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
[[ -z "$cipher" ]] && break
|
[[ -z "$cipher" ]] && break
|
||||||
@ -6733,7 +6733,7 @@ cipher_pref_check() {
|
|||||||
normalized_hexcode[nr_ciphers_found]="$(normalize_ciphercode "${TLS_CIPHER_HEXCODE[i]}")"
|
normalized_hexcode[nr_ciphers_found]="$(normalize_ciphercode "${TLS_CIPHER_HEXCODE[i]}")"
|
||||||
ciph[nr_ciphers_found]="${TLS_CIPHER_OSSL_NAME[i]}"
|
ciph[nr_ciphers_found]="${TLS_CIPHER_OSSL_NAME[i]}"
|
||||||
kx[nr_ciphers_found]="${TLS_CIPHER_KX[i]}"
|
kx[nr_ciphers_found]="${TLS_CIPHER_KX[i]}"
|
||||||
[[ $proto_ossl == tls1_3 ]] && kx[nr_ciphers_found]="$(read_dhtype_from_file $TMPFILE)"
|
[[ $proto == tls1_3 ]] && kx[nr_ciphers_found]="$(read_dhtype_from_file $TMPFILE)"
|
||||||
if ( [[ ${kx[nr_ciphers_found]} == Kx=ECDH ]] || [[ ${kx[nr_ciphers_found]} == Kx=DH ]] || [[ ${kx[nr_ciphers_found]} == Kx=EDH ]] ); then
|
if ( [[ ${kx[nr_ciphers_found]} == Kx=ECDH ]] || [[ ${kx[nr_ciphers_found]} == Kx=DH ]] || [[ ${kx[nr_ciphers_found]} == Kx=EDH ]] ); then
|
||||||
kx[nr_ciphers_found]+=" $(read_dhbits_from_file "$TMPFILE" quiet)"
|
kx[nr_ciphers_found]+=" $(read_dhbits_from_file "$TMPFILE" quiet)"
|
||||||
fi
|
fi
|
||||||
@ -6762,9 +6762,9 @@ cipher_pref_check() {
|
|||||||
rfc_ciph[nr_nonossl_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
rfc_ciph[nr_nonossl_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
||||||
index[nr_nonossl_ciphers]=$i
|
index[nr_nonossl_ciphers]=$i
|
||||||
# Only test ciphers that are relevant to the protocol.
|
# Only test ciphers that are relevant to the protocol.
|
||||||
if [[ $proto_ossl == tls1_3 ]]; then
|
if [[ $proto == tls1_3 ]]; then
|
||||||
[[ "${hexc:2:2}" == 13 ]] && nr_nonossl_ciphers+=1
|
[[ "${hexc:2:2}" == 13 ]] && nr_nonossl_ciphers+=1
|
||||||
elif [[ $proto_ossl == tls1_2 ]]; then
|
elif [[ $proto == tls1_2 ]]; then
|
||||||
[[ "${hexc:2:2}" != 13 ]] && nr_nonossl_ciphers+=1
|
[[ "${hexc:2:2}" != 13 ]] && nr_nonossl_ciphers+=1
|
||||||
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && \
|
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && \
|
||||||
[[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
[[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
||||||
@ -6779,7 +6779,7 @@ cipher_pref_check() {
|
|||||||
|
|
||||||
if [[ $nr_nonossl_ciphers -eq 0 ]]; then
|
if [[ $nr_nonossl_ciphers -eq 0 ]]; then
|
||||||
num_bundles=0
|
num_bundles=0
|
||||||
elif [[ $proto_ossl != tls1_2 ]] || ! "$SERVER_SIZE_LIMIT_BUG"; then
|
elif [[ $proto != tls1_2 ]] || ! "$SERVER_SIZE_LIMIT_BUG"; then
|
||||||
num_bundles=1
|
num_bundles=1
|
||||||
bundle_size=$nr_nonossl_ciphers
|
bundle_size=$nr_nonossl_ciphers
|
||||||
else
|
else
|
||||||
@ -6808,7 +6808,7 @@ cipher_pref_check() {
|
|||||||
i=${index[i]}
|
i=${index[i]}
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
ciphers_found_with_sockets=true
|
ciphers_found_with_sockets=true
|
||||||
if [[ $proto_ossl != tls1_2 ]] || ! "$SERVER_SIZE_LIMIT_BUG"; then
|
if [[ $proto != tls1_2 ]] || ! "$SERVER_SIZE_LIMIT_BUG"; then
|
||||||
# Throw out the results found so far and start over using just sockets
|
# Throw out the results found so far and start over using just sockets
|
||||||
bundle=$num_bundles
|
bundle=$num_bundles
|
||||||
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
||||||
@ -6831,9 +6831,9 @@ cipher_pref_check() {
|
|||||||
ciphers_found2[nr_ciphers]=false
|
ciphers_found2[nr_ciphers]=false
|
||||||
hexcode[nr_ciphers]="${hexc:2:2},${hexc:7:2}"
|
hexcode[nr_ciphers]="${hexc:2:2},${hexc:7:2}"
|
||||||
rfc_ciph[nr_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
rfc_ciph[nr_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
||||||
if [[ $proto_ossl == "tls1_3" ]]; then
|
if [[ $proto == tls1_3 ]]; then
|
||||||
[[ "${hexc:2:2}" == "13" ]] && nr_ciphers+=1
|
[[ "${hexc:2:2}" == "13" ]] && nr_ciphers+=1
|
||||||
elif [[ $proto_ossl == "tls1_2" ]]; then
|
elif [[ $proto == tls1_2 ]]; then
|
||||||
[[ "${hexc:2:2}" != "13" ]] && nr_ciphers+=1
|
[[ "${hexc:2:2}" != "13" ]] && nr_ciphers+=1
|
||||||
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && \
|
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && \
|
||||||
[[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
[[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
||||||
@ -6863,7 +6863,7 @@ cipher_pref_check() {
|
|||||||
normalized_hexcode[nr_ciphers_found]="$(normalize_ciphercode "${TLS_CIPHER_HEXCODE[i]}")"
|
normalized_hexcode[nr_ciphers_found]="$(normalize_ciphercode "${TLS_CIPHER_HEXCODE[i]}")"
|
||||||
ciph[nr_ciphers_found]="${TLS_CIPHER_OSSL_NAME[i]}"
|
ciph[nr_ciphers_found]="${TLS_CIPHER_OSSL_NAME[i]}"
|
||||||
kx[nr_ciphers_found]="${TLS_CIPHER_KX[i]}"
|
kx[nr_ciphers_found]="${TLS_CIPHER_KX[i]}"
|
||||||
[[ $proto_ossl == tls1_3 ]] && kx[nr_ciphers_found]="$(read_dhtype_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")"
|
[[ $proto == tls1_3 ]] && kx[nr_ciphers_found]="$(read_dhtype_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")"
|
||||||
if ( [[ ${kx[nr_ciphers_found]} == Kx=ECDH ]] || [[ ${kx[nr_ciphers_found]} == Kx=DH ]] || [[ ${kx[nr_ciphers_found]} == Kx=EDH ]] ); then
|
if ( [[ ${kx[nr_ciphers_found]} == Kx=ECDH ]] || [[ ${kx[nr_ciphers_found]} == Kx=DH ]] || [[ ${kx[nr_ciphers_found]} == Kx=EDH ]] ); then
|
||||||
kx[nr_ciphers_found]+=" $(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)"
|
kx[nr_ciphers_found]+=" $(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)"
|
||||||
fi
|
fi
|
||||||
@ -6895,31 +6895,31 @@ cipher_pref_check() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$order" ]]; then
|
if [[ -n "$order" ]]; then
|
||||||
add_tls_offered "$proto_ossl" yes
|
add_tls_offered "$proto" yes
|
||||||
if "$wide"; then
|
if "$wide"; then
|
||||||
for (( i=0 ; i<nr_ciphers_found; i++ )); do
|
for (( i=0 ; i<nr_ciphers_found; i++ )); do
|
||||||
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${export2[i]}" "true"
|
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${export2[i]}" "true"
|
||||||
outln "${sigalg[i]}"
|
outln "${sigalg[i]}"
|
||||||
id="cipher-${proto_ossl}_${normalized_hexcode[i]}"
|
id="cipher-${proto}_${normalized_hexcode[i]}"
|
||||||
fileout "$id" "INFO" "$proto $(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${export2[i]}")"
|
fileout "$id" "INFO" "$proto_text $(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${export2[i]}")"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
outln
|
outln
|
||||||
out "$(printf " %-10s " "$proto: ")"
|
out "$(printf " %-10s " "$proto_text: ")"
|
||||||
if [[ "$COLOR" -le 2 ]]; then
|
if [[ "$COLOR" -le 2 ]]; then
|
||||||
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
|
out "$(out_row_aligned_max_width "$order" " " $TERM_WIDTH)"
|
||||||
else
|
else
|
||||||
out_row_aligned_max_width_by_entry "$order" " " $TERM_WIDTH pr_cipher_quality
|
out_row_aligned_max_width_by_entry "$order" " " $TERM_WIDTH pr_cipher_quality
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fileout "cipherorder_${proto//./_}" "INFO" "$order"
|
fileout "cipherorder_${proto_text//./_}" "INFO" "$order"
|
||||||
else
|
else
|
||||||
# Order doesn't contain any ciphers, so we can safely unset the protocol and put a dash out
|
# Order doesn't contain any ciphers, so we can safely unset the protocol and put a dash out
|
||||||
add_tls_offered "$proto_ossl" no
|
add_tls_offered "$proto" no
|
||||||
outln " -"
|
outln " -"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
tmpfile_handle ${FUNCNAME[0]}-$proto_ossl.txt
|
tmpfile_handle ${FUNCNAME[0]}-$proto.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user