From a7fe0b48b557a02addb2984f36f1e4d1b935b968 Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 29 Aug 2014 14:57:20 +0200 Subject: [PATCH] * added ocsp stapling in server defaults test * non-working prototype of testing a single cipher via hexcode --- testssl.sh | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 5 deletions(-) diff --git a/testssl.sh b/testssl.sh index b2db657..a3f6be0 100755 --- a/testssl.sh +++ b/testssl.sh @@ -491,6 +491,43 @@ neat_list(){ [ -r $MAP_RFC_FNAME ] && show_rfc_style $HEXC 73 } +test_just_one(){ + + ciph="" + for arg in $@; do + $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph restofline; do + normalize_ciphercode $hexcode + grep arg + done + done + + neat_header + + $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslversmin kx auth enc mac export; do + for ciph in $@; do + $OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI &>$TMPFILE Testing server defaults (Server Hello)"; outln "\n" # throwing every cipher/protocol at the server and displaying its pick - $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI -tlsextdebug /dev/null >$TMPFILE + $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI -tlsextdebug -status /dev/null >$TMPFILE localtime=`date "+%s"` if [ $? -ne 0 ]; then magentaln "This shouldn't happen. " @@ -683,7 +720,7 @@ simple_preference() { esac fi - out " TLS server extensions: " + out " TLS server extensions " extensions=`grep -w "^TLS server extension" $TMPFILE | sed -e 's/^TLS server extension \"//' -e 's/\".*$/,/g'` if [ -z "$extensions" ]; then outln "(none)" @@ -700,7 +737,22 @@ simple_preference() { unit=`echo $sessticket_str | grep lifetime | sed -e 's/^.*'"$lifetime"'//' -e 's/[ ()]//g'` outln "$lifetime $unit" fi - ret=0 + + out " OCSP stapling " + if grep "OCSP response" $TMPFILE | grep -q "no response sent" ; then + out " not offered" + else + if grep "OCSP Response Status" $TMPFILE | grep -q successful; then + litegreen " OCSP stapling offered" + else + outln " not sure what's going on here, debug:" + grep -A 20 "OCSP response" $TMPFILE + ret=2 + fi + fi + fi + outln + #gmt_unix_time, removed since 1.0.1f # @@ -715,7 +767,6 @@ simple_preference() { # outln " $localtime" #fi #http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html - fi rm $TMPFILE return $ret @@ -1641,6 +1692,13 @@ case "$1" in initialize_engine # GOST support prettyprint_local "$2" exit $? ;; + -x|--single-test) + parse_hn_port "$3" + maketempf + test_just_one $2 + ret=$? + cleanup + exit $ret ;; -t|--starttls) parse_hn_port "$2" "$3" # here comes hostname:port and protocol to signal starttls maketempf @@ -1783,7 +1841,7 @@ case "$1" in exit $ret ;; esac -# $Id: testssl.sh,v 1.112 2014/07/16 16:54:10 dirkw Exp $ +# $Id: testssl.sh,v 1.114 2014/08/29 12:56:35 dirkw Exp $ # vim:ts=5:sw=5