mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-08 09:40:57 +01:00
Reorganize run_cipher_per_proto()
This PR reorganizes run_cipher_per_proto(). Currently run_cipher_per_proto() runs a for loop, which loops over each protocol and prints the set of supported ciphers for each protocol. This PR simply places the body of the for loop in a separate function from the loop itself. This allows the body of the loop to be called for just a single protocol. While this PR does not change the way that testssl.sh functions, it would allow for a future change in which run_server_preferences() called cipher_pref_check() for protocols in which the server enforces a cipher order and calls ciphers_by_strength() for protocols in which the server does not enforce a cipher order.
This commit is contained in:
parent
5d1109a582
commit
8fdb388dc3
66
testssl.sh
66
testssl.sh
@ -3955,8 +3955,12 @@ run_allciphers() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
|
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
|
||||||
run_cipher_per_proto() {
|
# for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they
|
||||||
local proto proto_hex proto_text ossl_ciphers_proto
|
# are good or bad) and list them in order to encryption strength.
|
||||||
|
ciphers_by_strength() {
|
||||||
|
local proto="$1" proto_hex="$2" proto_text="$3"
|
||||||
|
local using_sockets="$4"
|
||||||
|
local ossl_ciphers_proto
|
||||||
local -i nr_ciphers nr_ossl_ciphers nr_nonossl_ciphers success
|
local -i nr_ciphers nr_ossl_ciphers nr_nonossl_ciphers success
|
||||||
local n sslvers auth mac export hexc sslv2_ciphers="" cipher
|
local n sslvers auth mac export hexc sslv2_ciphers="" cipher
|
||||||
local -a hexcode normalized_hexcode ciph rfc_ciph kx enc export2
|
local -a hexcode normalized_hexcode ciph rfc_ciph kx enc export2
|
||||||
@ -3967,36 +3971,16 @@ run_cipher_per_proto() {
|
|||||||
local available
|
local available
|
||||||
local id
|
local id
|
||||||
local has_dh_bits="$HAS_DH_BITS"
|
local has_dh_bits="$HAS_DH_BITS"
|
||||||
local using_sockets=true
|
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
|
||||||
"$FAST" && using_sockets=false
|
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
|
||||||
|
|
||||||
outln
|
|
||||||
if "$using_sockets"; then
|
|
||||||
pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
|
|
||||||
else
|
|
||||||
pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
|
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
|
|
||||||
outln
|
|
||||||
if ! "$HAS_DH_BITS"; then
|
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && out "."
|
|
||||||
prln_warning " (Your $OPENSSL cannot show DH/ECDH bits)"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
outln
|
|
||||||
neat_header
|
|
||||||
echo -e " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3" | while read proto proto_hex proto_text; do
|
|
||||||
pr_underline "$(printf "%s" "$proto_text")"
|
pr_underline "$(printf "%s" "$proto_text")"
|
||||||
# for local problem if it happens
|
# for local problem if it happens
|
||||||
out " "
|
out " "
|
||||||
if ! "$using_sockets" && ! locally_supported "$proto"; then
|
if ! "$using_sockets" && ! locally_supported "$proto"; then
|
||||||
continue
|
return 0
|
||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
|
|
||||||
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && continue
|
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && return 0
|
||||||
|
|
||||||
# get a list of all the cipher suites to test
|
# get a list of all the cipher suites to test
|
||||||
nr_ciphers=0
|
nr_ciphers=0
|
||||||
@ -4246,9 +4230,39 @@ run_cipher_per_proto() {
|
|||||||
fileout "$id" "INFO" "$proto_text $(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") $available"
|
fileout "$id" "INFO" "$proto_text $(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") $available"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
|
||||||
"$using_sockets" && HAS_DH_BITS="$has_dh_bits"
|
"$using_sockets" && HAS_DH_BITS="$has_dh_bits"
|
||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
tmpfile_handle ${FUNCNAME[0]}${proto}.txt
|
||||||
|
return 0
|
||||||
|
#FIXME: no error condition
|
||||||
|
}
|
||||||
|
|
||||||
|
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
|
||||||
|
run_cipher_per_proto() {
|
||||||
|
local proto proto_hex proto_text
|
||||||
|
local using_sockets=true
|
||||||
|
|
||||||
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
|
"$FAST" && using_sockets=false
|
||||||
|
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
||||||
|
|
||||||
|
outln
|
||||||
|
if "$using_sockets"; then
|
||||||
|
pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
|
||||||
|
else
|
||||||
|
pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
|
||||||
|
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
|
||||||
|
outln
|
||||||
|
if ! "$HAS_DH_BITS"; then
|
||||||
|
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && out "."
|
||||||
|
prln_warning " (Your $OPENSSL cannot show DH/ECDH bits)"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
outln
|
||||||
|
neat_header
|
||||||
|
echo -e " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3" | while read proto proto_hex proto_text; do
|
||||||
|
ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets"
|
||||||
|
done
|
||||||
return 0
|
return 0
|
||||||
#FIXME: no error condition
|
#FIXME: no error condition
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user