From 0d75bae19521ba6b20d07606b4ccbfc47154049d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 21 Dec 2016 14:55:01 -0500 Subject: [PATCH] Use sockets for run_logjam() This PR changes `run_logjam()` to use sockets. --- testssl.sh | 50 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/testssl.sh b/testssl.sh index 405e138..6c709c5 100755 --- a/testssl.sh +++ b/testssl.sh @@ -8865,16 +8865,24 @@ run_freak() { run_logjam() { local -i sclient_success=0 local exportdhe_cipher_list="EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA" - local -i nr_supported_ciphers=0 - local addtl_warning="" + local exportdhe_cipher_list_hex="00,63, 00,65, 00,14, 00,11" + local -i i nr_supported_ciphers=0 + local addtl_warning="" hexc local cve="CVE-2015-4000" local cwe="CWE-310" local hint="" + local using_sockets=true + + "$SSL_NATIVE" && using_sockets=false [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LOGJAM vulnerability " && outln pr_bold " LOGJAM"; out " ($cve), experimental " - nr_supported_ciphers=$(count_ciphers $(actually_supported_ciphers $exportdhe_cipher_list)) + if "$using_sockets"; then + nr_supported_ciphers=$(count_words "$exportdhe_cipher_list_hex") + else + nr_supported_ciphers=$(count_ciphers $(actually_supported_ciphers $exportdhe_cipher_list)) + fi case $nr_supported_ciphers in 0) @@ -8886,16 +8894,22 @@ run_logjam() { 3) addtl_warning=" (tested w/ $nr_supported_ciphers/4 ciphers)" ;; 4) ;; esac - $OPENSSL s_client $STARTTLS $BUGS -cipher $exportdhe_cipher_list -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE