Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 17:20:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix error where a ECDHE-GCM cipher was labeled low

Browse Source 
FIX #953
This commit is contained in:
Dirk 2017-12-25 14:15:17 +01:00
parent 1984d7fc90
commit 8fbbb211b9
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@ -4859,6 +4859,7 @@ pr_ecdh_curve_quality() {
# 0 = $1 is empty # 0 = $1 is empty
# 1 = pr_svrty_critical, 2 = pr_svrty_high, 3 = pr_svrty_medium, 4 = pr_svrty_low # 1 = pr_svrty_critical, 2 = pr_svrty_high, 3 = pr_svrty_medium, 4 = pr_svrty_low
# 5 = neither good nor bad, 6 = pr_done_good, 7 = pr_done_best # 5 = neither good nor bad, 6 = pr_done_good, 7 = pr_done_best
#
pr_cipher_quality() { pr_cipher_quality() {
local cipher="$1" local cipher="$1"
local text="$2" local text="$2"
@ -4869,7 +4870,7 @@ pr_cipher_quality() {
if [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then if [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
# This must be the OpenSSL name for a cipher # This must be the OpenSSL name for a cipher
if [[ $TLS_NR_CIPHERS -eq 0 ]]; then if [[ $TLS_NR_CIPHERS -eq 0 ]]; then
# We have the OpenSSL name and can't convert it to the RFC name # We have an OpenSSL name and can't convert it to the RFC name
case "$cipher" in case "$cipher" in
*NULL*|*EXP*|ADH*) *NULL*|*EXP*|ADH*)
pr_svrty_critical "$text" pr_svrty_critical "$text"
@ -4879,7 +4880,7 @@ pr_cipher_quality() {
pr_svrty_high "$text" pr_svrty_high "$text"
return 2 return 2
;; ;;
*GCM*|*CHACHA20*) *GCM*|*CCM*|*CHACHA20*)
pr_done_best "$text" pr_done_best "$text"
return 7 return 7
;; #best ones ;; #best ones
@ -4909,6 +4910,10 @@ pr_cipher_quality() {
pr_svrty_high "$text" pr_svrty_high "$text"
return 2 return 2
;; ;;
*GCM*|*CCM*|*CHACHA20*)
pr_done_best "$text"
return 7
;;
*ECDHE*AES*CBC*|*DHE*AES*SHA*|*RSA*AES*SHA*|*CAMELLIA*SHA*) *ECDHE*AES*CBC*|*DHE*AES*SHA*|*RSA*AES*SHA*|*CAMELLIA*SHA*)
pr_svrty_low "$text" pr_svrty_low "$text"
return 4 return 4
@ -4917,10 +4922,6 @@ pr_cipher_quality() {
pr_svrty_medium "$text" pr_svrty_medium "$text"
return 3 return 3
;; ;;
*GCM*|*CHACHA20*)
pr_done_best "$text"
return 7
;;
*) *)
out "$text" out "$text"
return 5 return 5
@ -13736,6 +13737,7 @@ child_error() {
fatal() { fatal() {
outln outln
prln_magenta "Fatal error: $1" >&2 prln_magenta "Fatal error: $1" >&2
fileout "fatal_error" "ERROR" "$1"
exit $2 exit $2
# 1: cmd line error # 1: cmd line error
# 2: secondary/other cmd line error # 2: secondary/other cmd line error