Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-23 17:09:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
David Cooper 2016-01-20 16:42:28 -05:00
commit c2645b727a
2 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
openssl-rfc.mappping.html
View File

@ -204,9 +204,32 @@ td { border:1px solid #999; }
<tr><td> [0xc030]</td><td> ECDHE-RSA-AES256-GCM-SHA384 </td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr> <tr><td> [0xc030]</td><td> ECDHE-RSA-AES256-GCM-SHA384 </td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc031]</td><td> ECDH-RSA-AES128-GCM-SHA256 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 </td></tr> <tr><td> [0xc031]</td><td> ECDH-RSA-AES128-GCM-SHA256 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xc032]</td><td> ECDH-RSA-AES256-GCM-SHA384 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 </td></tr> <tr><td> [0xc032]</td><td> ECDH-RSA-AES256-GCM-SHA384 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc09c]</td><td> AES128-CCM </td><td> RSA </td><td> AESCCM </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CCM </td></tr>
<tr><td> [0xc09d]</td><td> AES256-CCM </td><td> RSA </td><td> AESCCM </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CCM </td></tr>
<tr><td> [0xc09e]</td><td> DHE-RSA-AES128-CCM </td><td> DH </td><td> AESCCM </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CCM </td></tr>
<tr><td> [0xc09f]</td><td> DHE-RSA-AES256-CCM </td><td> DH </td><td> AESCCM </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CCM </td></tr>
<tr><td> [0xc0a0]</td><td> AES128-CCM8 </td><td> RSA </td><td> AESCCM8 </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0a1]</td><td> AES256-CCM8 </td><td> RSA </td><td> AESCCM8 </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CCM_8 </td></tr>
<tr><td> [0xc0a2]</td><td> DHE-RSA-AES128-CCM8 </td><td> DH </td><td> AESCCM8 </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0a3]</td><td> DHE-RSA-AES256-CCM8 </td><td> DH </td><td> AESCCM8 </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CCM_8 </td></tr>
<tr><td> [0xc0a4]</td><td> PSK-AES128-CCM </td><td> PSK </td><td> AESCCM </td><td> 128 </td><td> TLS_PSK_WITH_AES_128_CCM </td></tr>
<tr><td> [0xc0a5]</td><td> PSK-AES256-CCM </td><td> PSK </td><td> AESCCM </td><td> 256 </td><td> TLS_PSK_WITH_AES_256_CCM </td></tr>
<tr><td> [0xc0a6]</td><td> DHE-PSK-AES128-CCM </td><td> PSK/DHE </td><td> AESCCM </td><td> 128 </td><td> TLS_DHE_PSK_WITH_AES_128_CCM </td></tr>
<tr><td> [0xc0a7]</td><td> DHE-PSK-AES256-CCM </td><td> PSK/DHE </td><td> AESCCM </td><td> 256 </td><td> TLS_DHE_PSK_WITH_AES_256_CCM </td></tr>
<tr><td> [0xc0a8]</td><td> PSK-AES128-CCM8 </td><td> PSK </td><td> AESCCM </td><td> 128 </td><td> TLS_PSK_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0a9]</td><td> PSK-AES256-CCM8 </td><td> PSK </td><td> AESCCM </td><td> 256 </td><td> TLS_PSK_WITH_AES_256_CCM_8 </td></tr>
<tr><td> [0xc0aa]</td><td> DHE-PSK-AES128-CCM8 </td><td> PSK/DHE </td><td> AESCCM </td><td> 128 </td><td> TLS_PSK_DHE_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0ab]</td><td> DHE-PSK-AES256-CCM8 </td><td> PSK/DHE </td><td> AESCCM </td><td> 256 </td><td> TLS_PSK_DHE_WITH_AES_256_CCM_8 </td></tr>
<tr><td> [0xc0ac]</td><td> ECDHE-ECDSA-AES128-CCM </td><td> ECDH </td><td> AESCCM </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CCM</td></tr>
<tr><td> [0xc0ad]</td><td> ECDHE-ECDSA-AES256-CCM </td><td> ECDH </td><td> AESCCM </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CCM </td></tr>
<tr><td> [0xc0ae]</td><td> ECDHE-ECDSA-AES128-CCM8 </td><td> ECDH </td><td> AESCCM </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0af]</td><td> ECDHE-ECDSA-AES256-CCM8 </td><td> ECDH </td><td> AESCCM </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 </td></tr>
<tr><td> [0xcc13]</td><td> ECDHE-RSA-CHACHA20-POLY1305 </td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr> <tr><td> [0xcc13]</td><td> ECDHE-RSA-CHACHA20-POLY1305 </td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xcc14]</td><td> ECDHE-ECDSA-CHACHA20-POLY1305</td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</td></tr> <tr><td> [0xcc14]</td><td> ECDHE-ECDSA-CHACHA20-POLY1305</td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xcc15]</td><td> DHE-RSA-CHACHA20-POLY1305 </td><td> DH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr> <tr><td> [0xcc15]</td><td> DHE-RSA-CHACHA20-POLY1305 </td><td> DH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xff00]</td><td> GOST-MD5 </td><td> RSA </td><td> GOST89 </td><td> 256 </td><td>TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5</td></tr> <tr><td> [0xff00]</td><td> GOST-MD5 </td><td> RSA </td><td> GOST89 </td><td> 256 </td><td>TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5</td></tr>
<tr><td> [0xff01]</td><td> GOST-GOST94 </td><td> RSA </td><td> GOST89 </td><td> 256 </td><td>TLS_RSA_WITH_28147_CNT_GOST94</td></tr> <tr><td> [0xff01]</td><td> GOST-GOST94 </td><td> RSA </td><td> GOST89 </td><td> 256 </td><td>TLS_RSA_WITH_28147_CNT_GOST94</td></tr>
<tr><td> [0xff02]</td><td> GOST-GOST89MAC </td><td> RSA </td><td> GOST89 </td><td> 256 </td></tr> <tr><td> [0xff02]</td><td> GOST-GOST89MAC </td><td> RSA </td><td> GOST89 </td><td> 256 </td></tr>

29
testssl.sh
View File

@ -198,6 +198,7 @@ HAS_DH_BITS=${HAS_DH_BITS:-false}
HAS_SSL2=true #TODO: in the future we'll do the fastest possible test (openssl s_client -ssl2 is currently faster than sockets) HAS_SSL2=true #TODO: in the future we'll do the fastest possible test (openssl s_client -ssl2 is currently faster than sockets)
HAS_SSL3=true HAS_SSL3=true
HAS_ALPN=false HAS_ALPN=false
ADD_RFC_STR="rfc" # display RFC ciphernames
PORT=443 # unless otherwise auto-determined, see below PORT=443 # unless otherwise auto-determined, see below
NODE="" NODE=""
NODEIP="" NODEIP=""
@ -1251,17 +1252,17 @@ rfc2openssl() {
show_rfc_style(){ show_rfc_style(){
local rfcname [[ -z "$ADD_RFC_STR" ]] && return 1
[[ -z "$MAPPING_FILE_RFC" ]] && return 1 local rfcname
rfcname=$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/') rfcname=$(grep -iw "$1" "$MAPPING_FILE_RFC" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/')
[[ -n "$rfcname" ]] && out "$rfcname" [[ -n "$rfcname" ]] && out "$rfcname"
return 0 return 0
} }
neat_header(){ neat_header(){
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAPPING_FILE_RFC:+ Cipher Suite Name (RFC)}\n" printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
printf -- "%s-------------------------------------------------------------------------${MAPPING_FILE_RFC:+----------------------------------------------}\n" printf -- "%s-------------------------------------------------------------------------${ADD_RFC_STR:+-------------------------------------------------}\n"
} }
@ -1288,11 +1289,8 @@ neat_list(){
[[ "${#kx}" -eq 19 ]] && kx="$kx " # 19 means DH, colored >=1000. Add another space [[ "${#kx}" -eq 19 ]] && kx="$kx " # 19 means DH, colored >=1000. Add another space
#echo ${#kx} # should be always 20 #echo ${#kx} # should be always 20
fi fi
#if [[ -r "$MAPPING_FILE_RFC" ]]; then
printf -- " %-7s %-30s %-10s %-11s%-11s${MAPPING_FILE_RFC:+ %-48s}${SHOW_EACH_C:+ }" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)" printf -- " %-7s %-30s %-10s %-11s%-11s${ADD_RFC_STR:+ %-48s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
#else
# printf -- " %-7s %-30s %-10s %-11s%-11s${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength"
#fi
} }
test_just_one(){ test_just_one(){
@ -4550,7 +4548,7 @@ get_install_dir() {
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt" [[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt"
fi fi
[[ ! -r "$MAPPING_FILE_RFC" ]] && unset MAPPING_FILE_RFC && pr_litemagentaln "\nNo mapping file found" [[ ! -r "$MAPPING_FILE_RFC" ]] && unset MAPPING_FILE_RFC && unset ADD_RFC_STR && pr_litemagentaln "\nNo mapping file found"
debugme echo "$MAPPING_FILE_RFC" debugme echo "$MAPPING_FILE_RFC"
} }
@ -4734,6 +4732,7 @@ tuning options (can also be preset via environment variables):
--logfile <file> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified file --logfile <file> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified file
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name --wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones --show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <no-rfc> don't display the RFC Cipher Suite Name
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning --warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~120 --debug <0-6> 1: screen output normal but debug output in temp files. 2-6: see line ~120
@ -5863,6 +5862,16 @@ parse_cmd_line() {
OPENSSL=$(parse_opt_equal_sign "$1" "$2") OPENSSL=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
;; ;;
--mapping|--mapping=*)
local cipher_mapping
cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
case "$cipher_mapping" in
no-rfc) unset ADD_RFC_STR;;
*) pr_magentaln "\nmapping can only be \"no-rfc\""
help 1 ;;
esac
;;
--proxy|--proxy=*) --proxy|--proxy=*)
PROXY=$(parse_opt_equal_sign "$1" "$2") PROXY=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift