From bad4bcfde2e56ef015debbbbd0c698e03085e985 Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 4 Feb 2015 09:48:34 +0100 Subject: [PATCH] - checking protoype of tls sockets but not called/working yet - small fixes $DEBUG --- testssl.sh | 274 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 264 insertions(+), 10 deletions(-) diff --git a/testssl.sh b/testssl.sh index 7528182..cc52e45 100755 --- a/testssl.sh +++ b/testssl.sh @@ -620,7 +620,7 @@ std_cipherlists() { [ $SHOW_LOC_CIPH = "1" ] && out "local ciphers are: " && cat $TMPFILE | sed 's/:/, /g' $OPENSSL s_client -cipher "$1" $STARTTLS -connect $NODEIP:$PORT $SNI 2>$TMPFILE >/dev/null /dev/null >$TMPFILE @@ -980,7 +980,7 @@ server_preference() { proto[i]=`grep -w "Protocol" $TMPFILE | sed -e 's/^ \+Protocol \+://' -e 's/ //g'` cipher[i]=`grep -w "Cipher" $TMPFILE | egrep -vw "New|is" | sed -e 's/^ \+Cipher \+://' -e 's/ //g'` [[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack! - [[ $DEBUG -eq 2 ]] && outln "Default cipher for ${proto[i]}: ${cipher[i]}" + [[ $DEBUG -ge 2 ]] && outln "Default cipher for ${proto[i]}: ${cipher[i]}" else proto[i]="" cipher[i]="" @@ -996,7 +996,7 @@ server_preference() { cipher[i]="" else cipher[i]=`grep -aw "Cipher" $TMPFILE | egrep -vw "New|is" | sed -e 's/^ \+Cipher \+://' -e 's/ //g'` - [[ $DEBUG -eq 2 ]] && outln "Default cipher for ${proto[i]}: ${cipher[i]}" + [[ $DEBUG -ge 2 ]] && outln "Default cipher for ${proto[i]}: ${cipher[i]}" fi fi fi @@ -1089,7 +1089,7 @@ server_defaults() { CN_nosni=`$OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT 2>/dev/null /dev/null | hexdump -C | wc -l` + [[ "$DEBUG" -ge 2 ]] && out " (returned $lines lines) " + +# case $tls_low_byte in +# 00) tls_str="SSLv3" ;; +# 01) tls_str="TLS 1" ;; +# 02) tls_str="TLS 1.1" ;; +# 03) tls_str="TLS 1.2" ;; +# esac + +# printf "Protokoll "; tput bold; printf "$tls_low_byte = $tls_str"; tput sgr0; printf ": " + + if [[ $ret -eq 1 ]] || [[ $lines -eq 1 ]] ; then + outln "NOT available" + ret=1 + else + if [[ 03$tls_low_byte -eq $DETECTED_TLS_VERSION ]]; then + outln "available" + ret=0 + else + out "NOT available " + [[ $DEBUG -ge 2 ]] && echo -n "send: 0x03$tls_low_byte, returned: 0x$DETECTED_TLS_VERSION" + echo + fi + fi + + + close_socket + TMPFILE=$SOCK_REPLY_FILE + tmpfile_handle $FUNCNAME.dd + return $ret +} + + ok_ids(){ greenln "\n ok -- something resetted our ccs packets" @@ -2223,7 +2478,6 @@ ignore_no_or_lame() { default) ;; esac - return 1 } @@ -2277,7 +2531,7 @@ parse_hn_port() { fi datebanner "Testing" - [[ -z "$2" ]] && runs_HTTP # for starttls all is clear + [[ -z "$2" ]] && runs_HTTP # for starttls we don't check the protocol as it is supplied on the cmd line initialize_engine } @@ -2558,6 +2812,6 @@ case "$1" in exit $ret ;; esac -# $Id: testssl.sh,v 1.180 2015/02/03 22:46:46 dirkw Exp $ +# $Id: testssl.sh,v 1.181 2015/02/04 08:48:33 dirkw Exp $ # vim:ts=5:sw=5