parent
3dc94d2b3b
commit
9a1425da14
16
testssl.sh
16
testssl.sh
|
@ -3546,7 +3546,7 @@ run_pfs() {
|
||||||
local pfs_ciphers
|
local pfs_ciphers
|
||||||
|
|
||||||
outln
|
outln
|
||||||
pr_headlineln " Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here "
|
pr_headlineln " Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here "
|
||||||
if ! "$HAS_DH_BITS" && "$WIDE"; then
|
if ! "$HAS_DH_BITS" && "$WIDE"; then
|
||||||
pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)"
|
pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)"
|
||||||
fi
|
fi
|
||||||
|
@ -4059,10 +4059,10 @@ parse_tls_serverhello() {
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
if [[ $tls_content_type != "15" ]] && [[ $tls_content_type != "16" ]]; then
|
if [[ $tls_content_type != "15" ]] && [[ $tls_content_type != "16" ]]; then
|
||||||
debugme pr_svrty_criticalln "Content type other than alert or handshake detected."
|
debugme pr_warningln "Content type other than alert or handshake detected."
|
||||||
return 1
|
return 1
|
||||||
elif [[ "${tls_protocol:0:2}" != "03" ]]; then
|
elif [[ "${tls_protocol:0:2}" != "03" ]]; then
|
||||||
debugme pr_svrty_criticalln "Protocol record_version.major is not 03."
|
debugme pr_warningln "Protocol record_version.major is not 03."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
DETECTED_TLS_VERSION=$tls_protocol
|
DETECTED_TLS_VERSION=$tls_protocol
|
||||||
|
@ -4139,7 +4139,7 @@ parse_tls_serverhello() {
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
if [[ "$tls_err_level" != "01" ]] && [[ "$tls_err_level" != "02" ]]; then
|
if [[ "$tls_err_level" != "01" ]] && [[ "$tls_err_level" != "02" ]]; then
|
||||||
debugme pr_svrty_criticalln "Unexpected AlertLevel (0x$tls_err_level)."
|
debugme pr_warningln "Unexpected AlertLevel (0x$tls_err_level)."
|
||||||
return 1
|
return 1
|
||||||
elif [[ "$tls_err_level" == "02" ]]; then
|
elif [[ "$tls_err_level" == "02" ]]; then
|
||||||
# Fatal alert
|
# Fatal alert
|
||||||
|
@ -4196,7 +4196,7 @@ parse_tls_serverhello() {
|
||||||
|
|
||||||
if [[ "$tls_msg_type" == "02" ]]; then
|
if [[ "$tls_msg_type" == "02" ]]; then
|
||||||
if [[ -n "$tls_serverhello_ascii" ]]; then
|
if [[ -n "$tls_serverhello_ascii" ]]; then
|
||||||
debugme pr_svrty_criticalln "Response contained more than one ServerHello handshake message."
|
debugme pr_warningln "Response contained more than one ServerHello handshake message."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
tls_serverhello_ascii="${tls_handshake_ascii:i:msg_len}"
|
tls_serverhello_ascii="${tls_handshake_ascii:i:msg_len}"
|
||||||
|
@ -4212,7 +4212,7 @@ parse_tls_serverhello() {
|
||||||
return 1
|
return 1
|
||||||
elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then
|
elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then
|
||||||
# the ServerHello MUST be the first handshake message
|
# the ServerHello MUST be the first handshake message
|
||||||
debugme pr_svrty_criticalln "The first handshake protocol message is not a ServerHello."
|
debugme pr_warningln "The first handshake protocol message is not a ServerHello."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -4226,7 +4226,7 @@ parse_tls_serverhello() {
|
||||||
# byte 38+39+sid-len: extension length
|
# byte 38+39+sid-len: extension length
|
||||||
tls_protocol2="${tls_serverhello_ascii:0:4}"
|
tls_protocol2="${tls_serverhello_ascii:0:4}"
|
||||||
if [[ "${tls_protocol2:0:2}" != "03" ]]; then
|
if [[ "${tls_protocol2:0:2}" != "03" ]]; then
|
||||||
debugme pr_svrty_criticalln "server_version.major in ServerHello is not 03."
|
debugme pr_warningln "server_version.major in ServerHello is not 03."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
DETECTED_TLS_VERSION="$tls_protocol2"
|
DETECTED_TLS_VERSION="$tls_protocol2"
|
||||||
|
@ -7177,4 +7177,4 @@ fi
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.481 2016/04/21 16:44:56 dirkw Exp $
|
# $Id: testssl.sh,v 1.483 2016/05/18 17:06:25 dirkw Exp $
|
||||||
|
|
Loading…
Reference in New Issue