mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 08:59:31 +01:00
Merge pull request #1195 from dcooper16/reorganize_check_cipher_pref
Reorganize cipher_pref_check()
This commit is contained in:
commit
c671ea9796
43
testssl.sh
43
testssl.sh
@ -6106,7 +6106,17 @@ run_server_preference() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if "$has_cipher_order"; then
|
if "$has_cipher_order"; then
|
||||||
cipher_pref_check
|
"$FAST" && using_sockets=false
|
||||||
|
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
||||||
|
|
||||||
|
pr_bold " Cipher order"
|
||||||
|
|
||||||
|
while read proto_ossl proto_hex proto_txt; do
|
||||||
|
cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets"
|
||||||
|
done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
|
||||||
|
outln
|
||||||
|
|
||||||
|
outln
|
||||||
else
|
else
|
||||||
pr_bold " Negotiated cipher per proto"; outln " $limitedsense"
|
pr_bold " Negotiated cipher per proto"; outln " $limitedsense"
|
||||||
i=1
|
i=1
|
||||||
@ -6295,33 +6305,27 @@ check_tls12_pref() {
|
|||||||
|
|
||||||
|
|
||||||
cipher_pref_check() {
|
cipher_pref_check() {
|
||||||
local p proto proto_hex
|
local p="$1" proto_hex="$2" proto="$3"
|
||||||
local tested_cipher cipher order rfc_ciph rfc_order
|
local using_sockets="$4"
|
||||||
|
local tested_cipher cipher order rfc_cipher rfc_order
|
||||||
local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA"
|
local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA"
|
||||||
local -i i nr_ciphers nr_nonossl_ciphers num_bundles mod_check bundle_size bundle end_of_bundle success
|
local -i i nr_ciphers nr_nonossl_ciphers num_bundles mod_check bundle_size bundle end_of_bundle success
|
||||||
local hexc ciphers_to_test
|
local hexc ciphers_to_test
|
||||||
local -a rfc_ciph hexcode ciphers_found ciphers_found2
|
local -a rfc_ciph hexcode ciphers_found ciphers_found2
|
||||||
local -a -i index
|
local -a -i index
|
||||||
local using_sockets=true ciphers_found_with_sockets
|
local ciphers_found_with_sockets
|
||||||
|
|
||||||
"$SSL_NATIVE" && using_sockets=false
|
|
||||||
"$FAST" && using_sockets=false
|
|
||||||
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
|
|
||||||
|
|
||||||
pr_bold " Cipher order"
|
|
||||||
|
|
||||||
while read p proto_hex proto; do
|
|
||||||
order=""; ciphers_found_with_sockets=false
|
order=""; ciphers_found_with_sockets=false
|
||||||
if [[ $p == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
|
if [[ $p == ssl3 ]] && ! "$HAS_SSL3" && ! "$using_sockets"; then
|
||||||
out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
out "\n SSLv3: "; pr_local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
||||||
continue
|
return 0
|
||||||
fi
|
fi
|
||||||
if [[ $p == tls1_3 ]] && ! "$HAS_TLS13" && ! "$using_sockets"; then
|
if [[ $p == tls1_3 ]] && ! "$HAS_TLS13" && ! "$using_sockets"; then
|
||||||
out "\n TLSv1.3 "; pr_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\"";
|
out "\n TLSv1.3 "; pr_local_problem "$OPENSSL doesn't support \"s_client -tls1_3\"";
|
||||||
continue
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[[ $(has_server_protocol "$p") -eq 1 ]] && continue
|
[[ $(has_server_protocol "$p") -eq 1 ]] && return 0
|
||||||
|
|
||||||
if ( [[ $p != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $p != ssl3 ]] || "$HAS_SSL3" ); then
|
if ( [[ $p != tls1_3 ]] || "$HAS_TLS13" ) && ( [[ $p != ssl3 ]] || "$HAS_SSL3" ); then
|
||||||
# with the supplied binaries SNI works also for SSLv3
|
# with the supplied binaries SNI works also for SSLv3
|
||||||
@ -6483,9 +6487,9 @@ cipher_pref_check() {
|
|||||||
elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
rfc_order=""
|
rfc_order=""
|
||||||
while read -d " " cipher; do
|
while read -d " " cipher; do
|
||||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
rfc_cipher="$(openssl2rfc "$cipher")"
|
||||||
if [[ -n "$rfc_ciph" ]]; then
|
if [[ -n "$rfc_cipher" ]]; then
|
||||||
rfc_order+="$rfc_ciph "
|
rfc_order+="$rfc_cipher "
|
||||||
else
|
else
|
||||||
rfc_order+="$cipher "
|
rfc_order+="$cipher "
|
||||||
fi
|
fi
|
||||||
@ -6504,11 +6508,8 @@ cipher_pref_check() {
|
|||||||
fi
|
fi
|
||||||
fileout "cipherorder_${proto//./_}" "INFO" "$order"
|
fileout "cipherorder_${proto//./_}" "INFO" "$order"
|
||||||
fi
|
fi
|
||||||
done <<< "$(tm_out " ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
|
|
||||||
outln
|
|
||||||
|
|
||||||
outln
|
tmpfile_handle ${FUNCNAME[0]}-$p.txt
|
||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user