mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Merge pull request #265 from seccubus/feature/client-sims
Feature/client sims
This commit is contained in:
commit
8b22e1be19
404
testssl.sh
404
testssl.sh
@ -1414,6 +1414,398 @@ run_cipher_per_proto(){
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
run_client_simulation() {
|
||||||
|
# Runs browser simulations. Browser capabilities gathered from:
|
||||||
|
# https://www.ssllabs.com/ssltest/clients.html on 10 jan 2016
|
||||||
|
local names=()
|
||||||
|
local short=()
|
||||||
|
local protos=()
|
||||||
|
local ciphers=()
|
||||||
|
local tlsvers=()
|
||||||
|
local sni=()
|
||||||
|
local warning=()
|
||||||
|
local i=0
|
||||||
|
|
||||||
|
names+=("Android 2.3.7 ")
|
||||||
|
short+=("android_237")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1 -no_ssl2")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 4.0.4 ")
|
||||||
|
short+=("android_404")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1 -no_ssl2")
|
||||||
|
ciphers+=("CDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 4.1.1 ")
|
||||||
|
short+=("android_411")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1 -no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 4.2.2 ")
|
||||||
|
short+=("android_422")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1 -no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 4.3 ")
|
||||||
|
short+=("android_43")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 4.4.2 ")
|
||||||
|
short+=("android_442")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("CDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tl1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Android 5.0.0 ")
|
||||||
|
short+=("android_500")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Baidu Jan 2015 ")
|
||||||
|
short+=("baidu_jan_2015")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1 -no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-MD5:RC4-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("BingPreview Jan 2015 ")
|
||||||
|
short+=("bingpreview_jan_2015")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Chrome 47 / OSX ")
|
||||||
|
short+=("chrome_47_osx")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Firefox 31.3.0ESR / Win7 ")
|
||||||
|
short+=("firefox_3130esr_win7")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:AES128-SHA:CAMELLIA128-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Firefox 42 / OSX ")
|
||||||
|
short+=("firefox_42_osx")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("GoogleBot Feb 2015 ")
|
||||||
|
short+=("googlebot_feb_2015")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:AES128-SHA:DES-CBC3-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE6 / XP ")
|
||||||
|
short+=("ie6_xp")
|
||||||
|
protos+=("-no_tls1")
|
||||||
|
tlsvers+=("")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:DES-CBC-SHA:DES-CBC-MD5:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE7 / Vista ")
|
||||||
|
short+=("ie7_vista")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE8 / XP ")
|
||||||
|
short+=("ie8_xp")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE8-10 / Win7 ")
|
||||||
|
short+=("ie10_win7")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE11 / Win7 ")
|
||||||
|
short+=("ie11_win7")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE11 / Win8.1 ")
|
||||||
|
short+=("ie11_win81")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE10 / Win Phone 8.0 ")
|
||||||
|
short+=("ie10_winphone_80")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE11 / Win Phone 8.1 ")
|
||||||
|
short+=("ie10_winphone_81")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE11 / Win Phone 8.1 Upd ")
|
||||||
|
short+=("ie10_winphone_81_update")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("IE11 / Win10 ")
|
||||||
|
short+=("ie11_win10")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Edge 13 / Win10 ")
|
||||||
|
short+=("edge13_win10")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Edge 12 / Win Phone 10 ")
|
||||||
|
short+=("edge13_winphone10")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Java 6u45 ")
|
||||||
|
short+=("java6u45")
|
||||||
|
protos+=("-no_tls1_2 -no_tls1_1")
|
||||||
|
ciphers+=("RC4-MD5:RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DES-CBC3-MD5:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:DES-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Java 7u25 ")
|
||||||
|
short+=("java7u25")
|
||||||
|
protos+=("-no_ssl2 -no_tls1_2 -no_tls1_1")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Java 8u31 ")
|
||||||
|
short+=("java8u31")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("OpenSSL 0.9.8y ")
|
||||||
|
short+=("openssl098y")
|
||||||
|
protos+=("-no_ssl2 -no_tls1_2 -no_tls1_1")
|
||||||
|
ciphers+=("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("OpenSSL 1.0.1l ")
|
||||||
|
short+=("openssl101l")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("OpenSSL 1.0.2 ")
|
||||||
|
short+=("openssl102")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("Tests are based on OpenSSL1.01, therefore ciphers 0xe and 0xb are missing")
|
||||||
|
|
||||||
|
names+=("Safari 5.1.9/ OSX 10.6.8 ")
|
||||||
|
short+=("safari519_osx1068")
|
||||||
|
protos+=("-no_ssl2 -no_tls1_2 -no_tls1_1")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
tlsvers+=("-tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 6 / iOS 6.0.1 ")
|
||||||
|
short+=("safari6_ios601")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:ECDH-ECDSA-NULL-SHA:ECDH-RSA-NULL-SHA:NULL-SHA256:NULL-SHA:NULL-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 6.0.4/ OS X 10.8.4")
|
||||||
|
short+=("safari604_osx1084")
|
||||||
|
protos+=("-no_ssl2 -no_tls1_2 -no_tls1_1")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 7 / iOS 7.1 ")
|
||||||
|
short+=("safari7_ios71")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 7 / OS X 10.9 ")
|
||||||
|
short+=("safari7_osx109")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 8 / iOS 8.4 ")
|
||||||
|
short+=("safari8_ios84")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 8 / OS X 10.10 ")
|
||||||
|
short+=("safari8_osx1010")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 9 / iOS 9 ")
|
||||||
|
short+=("safari9_ios9")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
names+=("Safari 9 / OS X 10.11 ")
|
||||||
|
short+=("safari9_osx1011")
|
||||||
|
protos+=("-no_ssl2 -no_ssl3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
|
||||||
|
outln
|
||||||
|
pr_headlineln " Running browser simulations (experimental) "
|
||||||
|
outln
|
||||||
|
|
||||||
|
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0" ]]; then
|
||||||
|
pr_litemagentaln "Your $OPENSSL is too new, needed is version 1.0.2"
|
||||||
|
return 7
|
||||||
|
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]]; then
|
||||||
|
pr_litemagentaln "Your $OPENSSL is too old, needed is version >=1.0.2"
|
||||||
|
fi
|
||||||
|
debugme outln
|
||||||
|
i=0
|
||||||
|
for name in "${short[@]}"; do
|
||||||
|
out "${names[i]}"
|
||||||
|
$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
|
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
||||||
|
sclient_connect_successful $? $TMPFILE
|
||||||
|
sclient_success=$?
|
||||||
|
if [[ $sclient_success -ne 0 ]]; then
|
||||||
|
outln "No connection"
|
||||||
|
else
|
||||||
|
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||||
|
if [[ "$proto" == "TLSv1.2" ]]; then
|
||||||
|
# OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0 Need to figure out which one it is...
|
||||||
|
for tls in ${tlsvers[i]}; do
|
||||||
|
$OPENSSL s_client $tls -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
|
debugme echo "$OPENSSL s_client $tls -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
||||||
|
sclient_connect_successful $? $TMPFILE
|
||||||
|
sclient_success=$?
|
||||||
|
if [[ $sclient_success -eq 0 ]]; then
|
||||||
|
case "$tls" in
|
||||||
|
"-tls1_2")
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
"-tls1_1")
|
||||||
|
proto="TLSv1.1"
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
"-tls1")
|
||||||
|
proto="TLSv1.0"
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
|
outln "$proto $cipher"
|
||||||
|
if [[ "${warning[i]}" != "" ]]; then
|
||||||
|
out " "
|
||||||
|
outln "${warning[i]}"
|
||||||
|
fi
|
||||||
|
debugme cat $TMPFILE
|
||||||
|
fi
|
||||||
|
i=$i+1
|
||||||
|
done
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
# generic function whether $1 is supported by s_client ($2: string to display)
|
# generic function whether $1 is supported by s_client ($2: string to display)
|
||||||
locally_supported() {
|
locally_supported() {
|
||||||
[[ -n "$2" ]] && out "$2 "
|
[[ -n "$2" ]] && out "$2 "
|
||||||
@ -4141,6 +4533,7 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E)
|
|||||||
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
|
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
|
||||||
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
||||||
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
|
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
|
||||||
|
-c, --client-simulation test client simulations, see which client negotiates wich cipher and protocol
|
||||||
|
|
||||||
special invocations:
|
special invocations:
|
||||||
|
|
||||||
@ -4182,6 +4575,7 @@ Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/
|
|||||||
|
|
||||||
"$PROG_NAME <options> <URI> | aha >output.html"
|
"$PROG_NAME <options> <URI> | aha >output.html"
|
||||||
EOF
|
EOF
|
||||||
|
#' Fix syntax highlight on sublime
|
||||||
exit $1
|
exit $1
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4993,6 +5387,7 @@ initialize_globals() {
|
|||||||
do_tls_fallback_scsv=false
|
do_tls_fallback_scsv=false
|
||||||
do_test_just_one=false
|
do_test_just_one=false
|
||||||
do_tls_sockets=false
|
do_tls_sockets=false
|
||||||
|
do_client_simulation=false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -5019,6 +5414,7 @@ set_scanning_defaults() {
|
|||||||
do_http2=true
|
do_http2=true
|
||||||
do_ssl_poodle=true
|
do_ssl_poodle=true
|
||||||
do_tls_fallback_scsv=true
|
do_tls_fallback_scsv=true
|
||||||
|
do_client_simulation=true
|
||||||
VULN_COUNT=10
|
VULN_COUNT=10
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5029,7 +5425,7 @@ query_globals() {
|
|||||||
for gbl in do_allciphers do_vulnerabilities do_beast do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
for gbl in do_allciphers do_vulnerabilities do_beast do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
||||||
do_freak do_logjam do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
do_freak do_logjam do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
||||||
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
||||||
do_test_just_one do_tls_sockets do_mass_testing; do
|
do_client_simulation do_test_just_one do_tls_sockets do_mass_testing ; do
|
||||||
[[ "${!gbl}" == "true" ]] && let true_nr++
|
[[ "${!gbl}" == "true" ]] && let true_nr++
|
||||||
done
|
done
|
||||||
return $true_nr
|
return $true_nr
|
||||||
@ -5042,7 +5438,7 @@ debug_globals() {
|
|||||||
for gbl in do_allciphers do_vulnerabilities do_beast do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
for gbl in do_allciphers do_vulnerabilities do_beast do_breach do_ccs_injection do_cipher_per_proto do_crime \
|
||||||
do_freak do_logjam do_header do_heartbleed do_rc4 do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
do_freak do_logjam do_header do_heartbleed do_rc4 do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
||||||
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
do_std_cipherlists do_server_defaults do_server_preference do_spdy do_http2 do_ssl_poodle do_tls_fallback_scsv \
|
||||||
do_test_just_one do_tls_sockets do_mass_testing; do
|
do_client_simulation do_test_just_one do_tls_sockets do_mass_testing; do
|
||||||
printf "%-22s = %s\n" $gbl "${!gbl}"
|
printf "%-22s = %s\n" $gbl "${!gbl}"
|
||||||
done
|
done
|
||||||
printf "%-22s : %s\n" URI: "$URI"
|
printf "%-22s : %s\n" URI: "$URI"
|
||||||
@ -5149,6 +5545,9 @@ parse_cmd_line() {
|
|||||||
-H|--header|--headers)
|
-H|--header|--headers)
|
||||||
do_header=true
|
do_header=true
|
||||||
;;
|
;;
|
||||||
|
-c|--client-simulation)
|
||||||
|
do_client_simulation=true
|
||||||
|
;;
|
||||||
-U|--vulnerable)
|
-U|--vulnerable)
|
||||||
do_vulnerabilities=true
|
do_vulnerabilities=true
|
||||||
do_heartbleed=true
|
do_heartbleed=true
|
||||||
@ -5411,6 +5810,7 @@ lets_roll() {
|
|||||||
|
|
||||||
$do_allciphers && { run_allciphers; ret=$(($? + ret)); }
|
$do_allciphers && { run_allciphers; ret=$(($? + ret)); }
|
||||||
$do_cipher_per_proto && { run_cipher_per_proto; ret=$(($? + ret)); }
|
$do_cipher_per_proto && { run_cipher_per_proto; ret=$(($? + ret)); }
|
||||||
|
$do_client_simulation && { run_client_simulation; ret=$(($? + ret)); }
|
||||||
|
|
||||||
outln
|
outln
|
||||||
datebanner " Done"
|
datebanner " Done"
|
||||||
|
44
utils/parse_client_ciphers.pl
Executable file
44
utils/parse_client_ciphers.pl
Executable file
@ -0,0 +1,44 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Data::Dumper;
|
||||||
|
|
||||||
|
my @spec;
|
||||||
|
my %ciphers;
|
||||||
|
|
||||||
|
# Turn cipher section of page like this https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.0.4
|
||||||
|
# into an openssl cipher spec
|
||||||
|
|
||||||
|
# Get all ciphers first (sorry only works on 64 bit mac atm)
|
||||||
|
foreach my $line ( split /\n/, `bin/openssl.Darwin.x86_64 ciphers -V 'ALL:COMPLEMENTOFALL:\@STRENGTH'`) {
|
||||||
|
my @fields = split /\s+/, $line;
|
||||||
|
my $hex = "";
|
||||||
|
foreach my $byte ( split /,/, $fields[1] ) {
|
||||||
|
$byte = lc $byte;
|
||||||
|
$byte =~ s/^0x//;
|
||||||
|
$hex .= $byte;
|
||||||
|
}
|
||||||
|
$hex =~ s/^0+//;
|
||||||
|
$ciphers{"0x$hex"} = $fields[3];
|
||||||
|
}
|
||||||
|
|
||||||
|
while (<>) {
|
||||||
|
chomp;
|
||||||
|
if ( $_ =~ /^(TLS|SSL)/ ) {
|
||||||
|
if ( $_ !~ /^TLS_EMPTY_RENEGOTIATION_INFO_SCSV/ ) {
|
||||||
|
$_ =~ /(0x[0-9a-f]+)/;
|
||||||
|
if ( $1 ) {
|
||||||
|
push @spec, $ciphers{$1};
|
||||||
|
unless ( $ciphers{$1} ) {
|
||||||
|
die "Unable to find cipher for $1";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
print "** $_\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print join ":", @spec;
|
||||||
|
print "\n";
|
||||||
|
my $count = @spec;
|
||||||
|
print "$count ciphers\n";
|
Loading…
Reference in New Issue
Block a user