forgot to save work, followup to 4433345b16
, #120, #589
This commit is contained in:
parent
4433345b16
commit
8bf7b6b31b
14
testssl.sh
14
testssl.sh
|
@ -9619,9 +9619,9 @@ run_logjam() {
|
||||||
[[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
|
[[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
|
||||||
debugme outln "dh_p: $dh_p"
|
debugme outln "dh_p: $dh_p"
|
||||||
echo "$dh_p" > $TEMPDIR/dh_p.txt
|
echo "$dh_p" > $TEMPDIR/dh_p.txt
|
||||||
common_primes_test $dh_p
|
common_primes_test $dh_p "$spaces"
|
||||||
else
|
else
|
||||||
outln " no DH key detected"
|
out " no DH key detected"
|
||||||
fileout "LOGJAM_common primes" "OK" "no DH key detected"
|
fileout "LOGJAM_common primes" "OK" "no DH key detected"
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
@ -9631,13 +9631,15 @@ run_logjam() {
|
||||||
}
|
}
|
||||||
|
|
||||||
# takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR
|
# takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR
|
||||||
|
# spaces to indent
|
||||||
common_primes_test() {
|
common_primes_test() {
|
||||||
local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
|
local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
|
||||||
local -i lineno_matched=0
|
local -i lineno_matched=0
|
||||||
local comment=""
|
local comment=""
|
||||||
|
|
||||||
if [[ ! -s "$common_primes_file" ]]; then
|
if [[ ! -s "$common_primes_file" ]]; then
|
||||||
pr_warningln "couldn't read common primes file $common_primes_file"
|
outln
|
||||||
|
pr_warning "${2}couldn't read common primes file $common_primes_file"
|
||||||
fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file"
|
fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file"
|
||||||
return 1
|
return 1
|
||||||
else
|
else
|
||||||
|
@ -9671,7 +9673,7 @@ run_drown() {
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
|
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
|
||||||
pr_bold " DROWN"; out " ($cve) "
|
pr_bold " DROWN"; out " ($cve) "
|
||||||
sslv2_sockets
|
sslv2_sockets
|
||||||
|
|
||||||
case $? in
|
case $? in
|
||||||
|
@ -9715,7 +9717,11 @@ run_drown() {
|
||||||
# not advertising it as it after 5 tries and account is needed
|
# not advertising it as it after 5 tries and account is needed
|
||||||
cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
|
cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
|
||||||
outln "$spaces https://censys.io/ipv4?q=$cert_fingerprint_sha2 could help you to find out"
|
outln "$spaces https://censys.io/ipv4?q=$cert_fingerprint_sha2 could help you to find out"
|
||||||
|
fileout "drown" "INFO" "make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
|
||||||
|
fileout "drown" "INFO" "no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
|
||||||
fi
|
fi
|
||||||
ret=0
|
ret=0
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in New Issue