Merge pull request #1195 from dcooper16/reorganize_check_cipher_pref

Reorganize cipher_pref_check()

testssl.sh

@@ -6106,7 +6106,17 @@ run_server_preference() {
      fi
 
      if "$has_cipher_order"; then
-          cipher_pref_check
+          "$FAST" && using_sockets=false
+          [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
+
+          pr_bold " Cipher order"
+
+          while read proto_ossl proto_hex proto_txt; do
+               cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets"
+          done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
+          outln
+
+          outln
      else
           pr_bold " Negotiated cipher per proto"; outln " $limitedsense"
           i=1
@@ -6295,33 +6305,27 @@ check_tls12_pref() {
 
 
 cipher_pref_check() {
-     local p proto proto_hex
+     local p="$1" proto_hex="$2" proto="$3"
-     local tested_cipher cipher order rfc_ciph rfc_order
+     local using_sockets="$4"
+     local tested_cipher cipher order rfc_cipher rfc_order
      local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA"
      local -i i nr_ciphers nr_nonossl_ciphers num_bundles mod_check bundle_size bundle end_of_bundle success
      local hexc ciphers_to_test
      local -a rfc_ciph hexcode ciphers_found ciphers_found2
      local -a -i index
-     local using_sockets=true ciphers_found_with_sockets
+     local ciphers_found_with_sockets
 
-     "$SSL_NATIVE" && using_sockets=false
-     "$FAST" && using_sockets=false
-     [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
-
-     pr_bold " Cipher order"
-
-     while read p proto_hex proto; do
      order=""; ciphers_found_with_sockets=false
      if [[ $p == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
           out "\n    SSLv3:     "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
-               continue
+          return 0
      fi
      if [[ $p == tls1_3 ]] && ! "$HAS_TLS13" && ! "$using_sockets"; then
           out "\n    TLSv1.3    "; pr_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\"";
-               continue
+          return 0
      fi
 
-          [[ $(has_server_protocol "$p") -eq 1 ]] && continue
+     [[ $(has_server_protocol "$p") -eq 1 ]] && return 0
 
      if ( [[ $p != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $p != ssl3 ]] || "$HAS_SSL3" ); then
           # with the supplied binaries SNI works also for SSLv3
@@ -6483,9 +6487,9 @@ cipher_pref_check() {
      elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
           rfc_order=""
           while read -d " " cipher; do
-                    rfc_ciph="$(openssl2rfc "$cipher")"
+               rfc_cipher="$(openssl2rfc "$cipher")"
-                    if [[ -n "$rfc_ciph" ]]; then
+               if [[ -n "$rfc_cipher" ]]; then
-                         rfc_order+="$rfc_ciph "
+                    rfc_order+="$rfc_cipher "
                else
                     rfc_order+="$cipher "
                fi
@@ -6504,11 +6508,8 @@ cipher_pref_check() {
           fi
           fileout "cipherorder_${proto//./_}" "INFO" "$order"
      fi
-     done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
-     outln
 
-     outln
+     tmpfile_handle ${FUNCNAME[0]}-$p.txt
-     tmpfile_handle ${FUNCNAME[0]}.txt
      return 0
 }