mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-21 07:59:31 +01:00
Fix run_logjam() in --ssl-native mode
This commit fixes a problem with run_logjam() when run in --ssl-native mode. If $OPENSSL does not support any DH export ciphers, then no test for such cipher is performed. However, the results of "test" is still checked, leading to testssl.sh incorrectly reporting that the server supports DH EXPORT ciphers.
This commit is contained in:
parent
a45e9f52d5
commit
bb1c649513
@ -16413,15 +16413,13 @@ run_logjam() {
|
|||||||
tls_sockets "03" "$exportdh_cipher_list_hex, 00,ff"
|
tls_sockets "03" "$exportdh_cipher_list_hex, 00,ff"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
||||||
|
[[ $sclient_success -eq 0 ]] && vuln_exportdh_ciphers=true
|
||||||
elif [[ $nr_supported_ciphers -ne 0 ]]; then
|
elif [[ $nr_supported_ciphers -ne 0 ]]; then
|
||||||
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -cipher $exportdh_cipher_list -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -cipher $exportdh_cipher_list -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful $? $TMPFILE
|
sclient_connect_successful $? $TMPFILE
|
||||||
sclient_success=$?
|
[[ $? -eq 0 ]] && vuln_exportdh_ciphers=true
|
||||||
debugme grep -Ea "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
debugme grep -Ea "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
|
||||||
fi
|
fi
|
||||||
[[ $sclient_success -eq 0 ]] && \
|
|
||||||
vuln_exportdh_ciphers=true || \
|
|
||||||
vuln_exportdh_ciphers=false
|
|
||||||
|
|
||||||
if [[ $DEBUG -ge 2 ]]; then
|
if [[ $DEBUG -ge 2 ]]; then
|
||||||
if "$using_sockets"; then
|
if "$using_sockets"; then
|
||||||
|
Loading…
Reference in New Issue
Block a user