Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check stderr for "no cipher list"

Browse Source 
run_prototest_openssl() currently checks only stdout for the string "no cipher list", which is an indication that the server supports SSLv2, but no ciphers for that protocol. However, the output that includes "no cipher list" is sent to stderr.
This commit is contained in:
David Cooper 2019-11-07 13:01:21 -05:00 committed by GitHub
parent 9d97db85fc
commit c607bf4d92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -4798,12 +4798,12 @@ run_prototest_openssl() {
# check whether the protocol being tested is supported by $OPENSSL
$OPENSSL s_client "$1" -connect x 2>&1 | grep -aq "unknown option" && return 7
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>&1 </dev/null
sclient_connect_successful $? $TMPFILE
ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
# try again without $PROXY
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>$ERRFILE </dev/null
$OPENSSL s_client $(s_client_options "-state $1 $STARTTLS $BUGS -connect $NODEIP:$PORT $SNI") >$TMPFILE 2>&1 </dev/null
sclient_connect_successful $? $TMPFILE
ret=$?
debugme grep -E "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"