mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Check for matching SSLv2 cipher
Some servers respond to an SSLv2 ClientHello with a list of all SSLv2 ciphers that the server supports rather than just a list of ciphers that it supports in common with the client (i.e., that appear in the ClientHello). This PR changes the sockets version of `std_cipherlists()` so that, if `sslv2_sockets()` is successful, it checks whether there are any ciphers in common between the ClientHello and the ServerHello before declaring that the server supports the specified cipher list.
This commit is contained in:
parent
c0c041b1c2
commit
c1d072b7a8
14
testssl.sh
14
testssl.sh
@ -2015,7 +2015,8 @@ listciphers() {
|
||||
# argv[5]: non-SSLv2 cipher list to test (hexcodes), if using sockets
|
||||
# argv[6]: SSLv2 cipher list to test (hexcodes), if using sockets
|
||||
std_cipherlists() {
|
||||
local -i sclient_success
|
||||
local -i i len sclient_success
|
||||
local sslv2_cipherlist detected_ssl2_ciphers
|
||||
local singlespaces proto="" addcmd=""
|
||||
local debugname="$(sed -e s'/\!/not/g' -e 's/\:/_/g' <<< "$1")"
|
||||
|
||||
@ -2040,8 +2041,15 @@ std_cipherlists() {
|
||||
sclient_success=$?
|
||||
debugme cat $ERRFILE
|
||||
elif [[ -n "$6" ]]; then
|
||||
sslv2_sockets "$6"
|
||||
[[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]] && sclient_success=0
|
||||
sslv2_sockets "$6" "true"
|
||||
if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then
|
||||
sslv2_cipherlist="$(strip_spaces "${6//,/}")"
|
||||
len=${#sslv2_cipherlist}
|
||||
detected_ssl2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")"
|
||||
for (( i=0; i<len; i=i+6 )); do
|
||||
[[ "$detected_ssl2_ciphers" =~ "x${sslv2_cipherlist:i:6}" ]] && sclient_success=0 && break
|
||||
done
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
case $3 in
|
||||
|
Loading…
Reference in New Issue
Block a user