Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

added --mapping=no-rfc

Browse Source 
don't display the RFC ciphername in the cipher checks.
This commit is contained in:
Thomas Martens
2016-01-16 20:51:03 +01:00
parent b97788ba73
commit 8bae1bc1ed
1 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
testssl.sh
View File

@@ -198,6 +198,7 @@ HAS_DH_BITS=${HAS_DH_BITS:-false}
HAS_SSL2=true #TODO: in the future we'll do the fastest possible test (openssl s_client -ssl2 is currently faster than sockets) HAS_SSL2=true #TODO: in the future we'll do the fastest possible test (openssl s_client -ssl2 is currently faster than sockets)
HAS_SSL3=true HAS_SSL3=true
HAS_ALPN=false HAS_ALPN=false
ADD_RFC_STR="rfc" # display RFC ciphernames
PORT=443 # unless otherwise auto-determined, see below PORT=443 # unless otherwise auto-determined, see below
NODE="" NODE=""
NODEIP="" NODEIP=""
@@ -1251,17 +1252,17 @@ rfc2openssl() {
show_rfc_style(){ show_rfc_style(){
local rfcname [[ -z "$ADD_RFC_STR" ]] && return 1
[[ -z "$MAPPING_FILE_RFC" ]] && return 1 local rfcname
rfcname=$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/') rfcname=$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/')
[[ -n "$rfcname" ]] && out "$rfcname" [[ -n "$rfcname" ]] && out "$rfcname"
return 0 return 0
} }
neat_header(){ neat_header(){
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAPPING_FILE_RFC:+ Cipher Suite Name (RFC)}\n" printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
printf -- "%s-------------------------------------------------------------------------${MAPPING_FILE_RFC:+----------------------------------------------}\n" printf -- "%s-------------------------------------------------------------------------${ADD_RFC_STR:+-------------------------------------------------}\n"
} }
@@ -1288,11 +1289,8 @@ neat_list(){
[[ "${#kx}" -eq 19 ]] && kx="$kx " # 19 means DH, colored >=1000. Add another space [[ "${#kx}" -eq 19 ]] && kx="$kx " # 19 means DH, colored >=1000. Add another space
#echo ${#kx} # should be always 20 #echo ${#kx} # should be always 20
fi fi
#if [[ -r "$MAPPING_FILE_RFC" ]]; then
printf -- " %-7s %-30s %-10s %-11s%-11s${MAPPING_FILE_RFC:+ %-48s}${SHOW_EACH_C:+ }" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)" printf -- " %-7s %-30s %-10s %-11s%-11s${ADD_RFC_STR:+ %-48s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
#else
# printf -- " %-7s %-30s %-10s %-11s%-11s${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength"
#fi
} }
test_just_one(){ test_just_one(){
@@ -4405,7 +4403,7 @@ get_install_dir() {
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt" [[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt"
fi fi
[[ ! -r "$MAPPING_FILE_RFC" ]] && unset MAPPING_FILE_RFC && pr_litemagentaln "\nNo mapping file found" [[ ! -r "$MAPPING_FILE_RFC" ]] && unset MAPPING_FILE_RFC && unset ADD_RFC_STR && pr_litemagentaln "\nNo mapping file found"
debugme echo "$MAPPING_FILE_RFC" debugme echo "$MAPPING_FILE_RFC"
} }
@@ -4589,6 +4587,7 @@ tuning options (can also be preset via environment variables):
--logfile <file> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified file --logfile <file> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified file
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name --wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones --show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <no-rfc> don't display the RFC Cipher Suite Name
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning --warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~120 --debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~120
@@ -5718,6 +5717,16 @@ parse_cmd_line() {
OPENSSL=$(parse_opt_equal_sign "$1" "$2") OPENSSL=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
--mapping|--mapping=*)
local cipher_mapping
cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
case "$cipher_mapping" in
no-rfc) unset ADD_RFC_STR;;
*) pr_magentaln "\nmapping can only be \"no-rfc\""
help 1 ;;
esac
;;
--proxy|--proxy=*) --proxy|--proxy=*)
PROXY=$(parse_opt_equal_sign "$1" "$2") PROXY=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift