mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Merge pull request #1599 from dcooper16/improve_libressl_310_compat
Improve LibreSSL 3.1.0 compatibility
This commit is contained in:
Dirk Wetter
GitHub
commit
c52ba088cf
25
testssl.sh
25
testssl.sh
@ -3575,7 +3575,7 @@ run_cipher_match(){
|
||||
tls13_ciphers_to_test=""
|
||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||
if ! "${ciphers_found2[i]}"; then
|
||||
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]]; then
|
||||
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]] || [[ "${ciph2[i]}" == AEAD-* ]]; then
|
||||
tls13_ciphers_to_test+=":${ciph2[i]}"
|
||||
else
|
||||
ciphers_to_test+=":${ciph2[i]}"
|
||||
@ -3593,7 +3593,7 @@ run_cipher_match(){
|
||||
[[ $i -eq $end_of_bundle ]] && break
|
||||
i=${index[i]}
|
||||
ciphers_found[i]=true
|
||||
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]]; then
|
||||
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]] || [[ "$cipher" == AEAD-* ]]; then
|
||||
kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||
fi
|
||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||
@ -3849,7 +3849,7 @@ run_allciphers() {
|
||||
tls13_ciphers_to_test=""
|
||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||
if ! "${ciphers_found2[i]}"; then
|
||||
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]]; then
|
||||
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]] || [[ "${ciph2[i]}" == AEAD-* ]]; then
|
||||
tls13_ciphers_to_test+=":${ciph2[i]}"
|
||||
else
|
||||
ciphers_to_test+=":${ciph2[i]}"
|
||||
@ -3867,7 +3867,7 @@ run_allciphers() {
|
||||
[[ $i -eq $end_of_bundle ]] && break
|
||||
i=${index[i]}
|
||||
ciphers_found[i]=true
|
||||
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]]; then
|
||||
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]] || [[ "$cipher" == AEAD-* ]]; then
|
||||
kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||
fi
|
||||
if [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]]; then
|
||||
@ -4055,9 +4055,9 @@ ciphers_by_strength() {
|
||||
fi
|
||||
while read hexc n ciph[nr_ciphers] sslvers kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
|
||||
if [[ "$proto" == -tls1_3 ]]; then
|
||||
[[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || continue
|
||||
[[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || [[ "${ciph[nr_ciphers]}" == AEAD-* ]] || continue
|
||||
elif [[ "$proto" == -tls1_2 ]]; then
|
||||
if [[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]]; then
|
||||
if [[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || [[ "${ciph[nr_ciphers]}" == AEAD-* ]]; then
|
||||
continue
|
||||
fi
|
||||
elif [[ "${ciph[nr_ciphers]}" == *-SHA256 ]] || [[ "${ciph[nr_ciphers]}" == *-SHA384 ]] || \
|
||||
@ -6203,7 +6203,7 @@ sub_session_resumption() {
|
||||
fi
|
||||
fi
|
||||
"$CLIENT_AUTH" && return 6
|
||||
if "$HAS_NO_SSL2"; then
|
||||
if ! "$HAS_TLS13" && "$HAS_NO_SSL2"; then
|
||||
addcmd+=" -no_ssl2"
|
||||
else
|
||||
protocol=${protocol/\./_}
|
||||
@ -9586,7 +9586,7 @@ run_fs() {
|
||||
tls13_ciphers_to_test=""
|
||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||
if ! "${ciphers_found[i]}" && "${ossl_supported[i]}"; then
|
||||
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]]; then
|
||||
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
|
||||
tls13_ciphers_to_test+=":${ciph[i]}"
|
||||
else
|
||||
ciphers_to_test+=":${ciph[i]}"
|
||||
@ -9603,7 +9603,7 @@ run_fs() {
|
||||
done
|
||||
[[ $i -eq $nr_supported_ciphers ]] && break
|
||||
ciphers_found[i]=true
|
||||
if [[ "$fs_cipher" == TLS13* ]] || [[ "$fs_cipher" == TLS_* ]]; then
|
||||
if [[ "$fs_cipher" == TLS13* ]] || [[ "$fs_cipher" == TLS_* ]] || [[ "$fs_cipher" == AEAD-* ]]; then
|
||||
fs_tls13_offered=true
|
||||
"$WIDE" && kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||
fi
|
||||
@ -9662,11 +9662,12 @@ run_fs() {
|
||||
fi
|
||||
fs_ciphers+="$fs_cipher "
|
||||
|
||||
if [[ "${ciph[i]}" == ECDHE-* ]] || [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == TLS_ECDHE_* ]] ); then
|
||||
if [[ "${ciph[i]}" == ECDHE-* ]] || [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || \
|
||||
[[ "${ciph[i]}" == AEAD-* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == TLS_ECDHE_* ]] ); then
|
||||
ecdhe_offered=true
|
||||
ecdhe_cipher_list_hex+=", ${hexcode[i]}"
|
||||
if [[ "${ciph[i]}" != "-" ]]; then
|
||||
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]]; then
|
||||
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
|
||||
tls13_cipher_list+=":$fs_cipher"
|
||||
else
|
||||
ecdhe_cipher_list+=":$fs_cipher"
|
||||
@ -9676,7 +9677,7 @@ run_fs() {
|
||||
if [[ "${ciph[i]}" == "DHE-"* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]] ); then
|
||||
ffdhe_offered=true
|
||||
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
|
||||
elif [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]]; then
|
||||
elif [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
|
||||
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
|
||||
fi
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user