mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 17:09:31 +01:00
- protocol check stream lined: similar now for every protocol
- NPN/SPDY is not green anymore
This commit is contained in:
parent
ab7074aefd
commit
9d5d77c813
94
testssl.sh
94
testssl.sh
@ -208,7 +208,7 @@ boldandunder() { [ "$COLOR" != 0 ] && out "\033[1m\033[4m$1" || out "$1" ; off;
|
|||||||
reverse() { [ "$COLOR" != 0 ] && out "\033[7m$1" || out "$1" ; off; }
|
reverse() { [ "$COLOR" != 0 ] && out "\033[7m$1" || out "$1" ; off; }
|
||||||
|
|
||||||
|
|
||||||
# whether it is ok for offer/not offer enc/cipher/version
|
# whether it is ok to offer/not to offer enc/cipher/version
|
||||||
ok(){
|
ok(){
|
||||||
if [ "$2" -eq 1 ] ; then
|
if [ "$2" -eq 1 ] ; then
|
||||||
case $1 in
|
case $1 in
|
||||||
@ -217,9 +217,11 @@ ok(){
|
|||||||
esac
|
esac
|
||||||
else
|
else
|
||||||
case $1 in
|
case $1 in
|
||||||
6) literedln "offered (NOT ok)" ;; # 4 0
|
6) literedln "offered (NOT ok)" ;; # 6 0
|
||||||
|
5) litered "supported but couldn't detect a cipher"; outln "(check manually)" ;; # 5 5
|
||||||
|
4) litegreenln "offered (OK)" ;; # 4 0
|
||||||
3) brownln "offered" ;; # 3 0
|
3) brownln "offered" ;; # 3 0
|
||||||
2) boldln "offered" ;; # 2 0
|
2) boldln "offered" ;; # 2 0
|
||||||
1) greenln "offered (OK)" ;; # 1 0
|
1) greenln "offered (OK)" ;; # 1 0
|
||||||
0) boldln "not offered" ;; # 0 0
|
0) boldln "not offered" ;; # 0 0
|
||||||
esac
|
esac
|
||||||
@ -690,14 +692,15 @@ locally_supported() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
testversion_new() {
|
testversion_new() {
|
||||||
$OPENSSL s_client -state $1 $STARTTLS -connect $NODEIP:$PORT $SNI &>$TMPFILE </dev/null
|
local sni=$SNI
|
||||||
|
[ "x$1" = "x-ssl2" ] && sni="" # newer openssl throw an error if SNI with SSLv2
|
||||||
|
|
||||||
|
$OPENSSL s_client -state $1 $STARTTLS -connect $NODEIP:$PORT $sni &>$TMPFILE </dev/null
|
||||||
ret=$?
|
ret=$?
|
||||||
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
||||||
|
|
||||||
if grep -q "no cipher list" $TMPFILE ; then
|
if grep -q "no cipher list" $TMPFILE ; then
|
||||||
litered "supported but couldn't detect a cipher"
|
ret=5
|
||||||
outln "(check manually)"
|
|
||||||
ret=3
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm $TMPFILE
|
rm $TMPFILE
|
||||||
@ -719,56 +722,45 @@ runprotocols() {
|
|||||||
# e.g. ubuntu's 12.04 openssl binary + soon others don't want sslv2 anymore: bugs.launchpad.net/ubuntu/+source/openssl/+bug/955675
|
# e.g. ubuntu's 12.04 openssl binary + soon others don't want sslv2 anymore: bugs.launchpad.net/ubuntu/+source/openssl/+bug/955675
|
||||||
|
|
||||||
testprotohelper "-ssl2" " SSLv2 "
|
testprotohelper "-ssl2" " SSLv2 "
|
||||||
ret=$?;
|
case $? in
|
||||||
if [ $ret -ne 7 ]; then
|
0) ok 1 1 ;; # red
|
||||||
if [ $ret -eq 0 ]; then
|
5) ok 5 5 ;; # protocol ok, but no cipher
|
||||||
ok 1 1 # red
|
1) ok 0 1 ;; # green "not offered (ok)"
|
||||||
elif [ $ret -eq 3 ] ; then
|
7) ;; # no local support
|
||||||
:
|
esac
|
||||||
else
|
|
||||||
ok 0 1 # green "not offered (ok)"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
testprotohelper "-ssl3" " SSLv3 "
|
testprotohelper "-ssl3" " SSLv3 "
|
||||||
ret=$?;
|
case $? in
|
||||||
if [ $ret -ne 7 ]; then
|
0) ok 6 0 ;; # poodle hack"
|
||||||
if [ $ret -eq 0 ]; then
|
1) ok 0 1 ;; # green "not offered (ok)"
|
||||||
ok 6 0 # poodle hack"
|
5) ok 5 5 ;; # protocol ok, but no cipher
|
||||||
else
|
7) ;; # no local support
|
||||||
ok 0 1 # green "not offered (ok)"
|
esac
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
testprotohelper "-tls1" " TLSv1 "
|
testprotohelper "-tls1" " TLSv1 "
|
||||||
ret=$?;
|
case $? in
|
||||||
if [ $ret -ne 7 ]; then
|
0) ok 4 0 ;; # no GCM, thus in litegreen
|
||||||
if [ $ret -eq 0 ]; then
|
1) ok 0 0 ;;
|
||||||
ok 1 0
|
5) ok 5 5 ;; # protocol ok, but no cipher
|
||||||
else
|
7) ;; # no local support
|
||||||
ok 0 0
|
esac
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
testprotohelper "-tls1_1" " TLSv1.1 "
|
testprotohelper "-tls1_1" " TLSv1.1 "
|
||||||
ret=$?;
|
case $? in
|
||||||
if [ $ret -ne 7 ]; then
|
0) ok 1 0 ;;
|
||||||
if [ $ret -eq 0 ]; then
|
1) ok 0 0 ;;
|
||||||
ok 1 0
|
5) ok 5 5 ;; # protocol ok, but no cipher
|
||||||
else
|
7) ;; # no local support
|
||||||
ok 0 0
|
esac
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
testprotohelper "-tls1_2" " TLSv1.2 "
|
testprotohelper "-tls1_2" " TLSv1.2 "
|
||||||
ret=$?;
|
case $? in
|
||||||
if [ $ret -ne 7 ]; then
|
0) ok 1 0 ;;
|
||||||
if [ $ret -eq 0 ]; then
|
1) ok 0 0 ;;
|
||||||
ok 1 0
|
5) ok 5 5 ;; # protocol ok, but no cipher
|
||||||
else
|
7) ;; # no local support
|
||||||
ok 0 0
|
esac
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -1039,7 +1031,7 @@ spdy(){
|
|||||||
else
|
else
|
||||||
# now comes a strange thing: "Protocols advertised by server:" is empty but connection succeeded
|
# now comes a strange thing: "Protocols advertised by server:" is empty but connection succeeded
|
||||||
if echo $tmpstr | egrep -q "spdy|http" ; then
|
if echo $tmpstr | egrep -q "spdy|http" ; then
|
||||||
green "$tmpstr" ; out " (advertised)"
|
bold "$tmpstr" ; out " (advertised)"
|
||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
litemagenta "please check manually, response from server was ambigious ..."
|
litemagenta "please check manually, response from server was ambigious ..."
|
||||||
@ -1973,7 +1965,7 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.143 2014/11/19 16:08:58 dirkw Exp $
|
# $Id: testssl.sh,v 1.144 2014/11/19 17:04:42 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user