Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

determine_optimal_proto_sockets_helper() speedup and bug fix

Browse Source 
There is currently a bug in determine_optimal_proto_sockets_helper(). In two places there is code of the form:

   tls_sockets ...
   if [[ $? -eq 0 ]]; then
        ...
   elif [[ $? -eq 2 ]]; then
        ...
   fi

This code does not work as intended since the second check ("elif [[ $? -eq 2 ]]") is actually comparing the results of the first check to 2 rather than the results of the call to tls_sockets().

This PR fixes that problem and also speeds up the code. Since tls_sockets() sets $DETECTED_TLS_VERSION to the protocol version that was negotiated, there is no need to scan $TEMPDIR/$NODEIP.parse_tls_serverhello.txt for this information.
This commit is contained in:
David Cooper
2019-03-13 16:17:50 -04:00
committed by GitHub
parent bc6b2c6f94
commit 9ec70fa4d9
1 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
testssl.sh
View File

@@ -17382,19 +17382,18 @@ determine_optimal_proto_sockets_helper() {
local proto="" local proto=""
local optimal_proto="" local optimal_proto=""
local starttls="$1" local starttls="$1"
local -i ret
for proto in 03 01 04 00 02 22; do for proto in 03 01 04 00 02 22; do
case $proto in case $proto in
03) tls_sockets "$proto" "$TLS12_CIPHER" 03) tls_sockets "$proto" "$TLS12_CIPHER"
if [[ $? -eq 0 ]]; then ret=$?
add_tls_offered tls1_2 yes; optimal_proto="-tls1_2" if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
all_failed=false case $DETECTED_TLS_VERSION in
break 0303) add_tls_offered tls1_2 yes; optimal_proto="-tls1_2" ;;
elif [[ $? -eq 2 ]]; then 0302) add_tls_offered tls1_1 yes; optimal_proto="-tls1_1" ;;
case $(get_protocol "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") in 0301) add_tls_offered tls1 yes; optimal_proto="-tls1" ;;
*1.1) add_tls_offered tls1_1 yes; optimal_proto="-tls1_1" ;; 0300) add_tls_offered ssl3 yes; optimal_proto="-ssl3" ;;
TLSv1) add_tls_offered tls1 yes; optimal_proto="-tls1" ;;
SSLv3) add_tls_offered ssl3 yes; optimal_proto="-ssl3" ;;
esac esac
all_failed=false all_failed=false
break break
@@ -17406,19 +17405,12 @@ determine_optimal_proto_sockets_helper() {
break break
fi ;; fi ;;
01|00|02) tls_sockets "$proto" "$TLS_CIPHER" "" "" "true" 01|00|02) tls_sockets "$proto" "$TLS_CIPHER" "" "" "true"
if [[ $? -eq 0 ]]; then ret=$?
case $proto in if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
01) add_tls_offered tls1 yes; optimal_proto="-tls1" ;; case $DETECTED_TLS_VERSION in
00) add_tls_offered ssl3 yes; optimal_proto="-ssl3" ;; 0302) add_tls_offered tls1_1 yes; optimal_proto="-tls1_1" ;;
02) add_tls_offered tls1_1 yes; optimal_proto="-tls1_1" ;; 0301) add_tls_offered tls1 yes; optimal_proto="-tls1" ;;
esac 0300) add_tls_offered ssl3 yes; optimal_proto="-ssl3" ;;
all_failed=false
break
elif [[ $? -eq 2 ]]; then
case $(get_protocol "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") in
*1.1) add_tls_offered tls1_1 yes; optimal_proto="-tls1_1" ;;
TLSv1) add_tls_offered tls1 yes; optimal_proto="-tls1" ;;
SSLv3) add_tls_offered ssl3 yes; optimal_proto="-ssl3" ;;
esac esac
all_failed=false all_failed=false
break break