Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-20 23:49:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

- fix #296 (no recent regression as assumed)

Browse Source
This commit is contained in:
Dirk 2016-02-20 21:46:17 +01:00
parent 583584e095
commit c70a13d014
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
testssl.sh
View File

@ -3404,7 +3404,7 @@ run_server_defaults() {
# http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html # http://www.heise.de/security/artikel/Forward-Secrecy-testen-und-einrichten-1932806.html
run_pfs() { run_pfs() {
local -i sclient_success local -i sclient_success
local -i pfs_offered=1 local pfs_offered=false
local tmpfile local tmpfile
local dhlen local dhlen
local hexcode dash pfs_cipher sslvers kx auth enc mac local hexcode dash pfs_cipher sslvers kx auth enc mac
@ -3436,12 +3436,12 @@ run_pfs() {
pr_brownln "Not OK: No ciphers supporting Forward Secrecy offered" pr_brownln "Not OK: No ciphers supporting Forward Secrecy offered"
fileout "pfs" "NOT OK" "(Perfect) Forward Secrecy : Not OK: No ciphers supporting Forward Secrecy offered" fileout "pfs" "NOT OK" "(Perfect) Forward Secrecy : Not OK: No ciphers supporting Forward Secrecy offered"
else else
pfs_offered=0 pfs_offered=true
pfs_ciphers="" pfs_ciphers=""
pr_litegreen " PFS is offered (OK)" pr_litegreen " PFS is offered (OK)"
fileout "pfs" "OK" "(Perfect) Forward Secrecy : PFS is offered (OK)" fileout "pfs" "OK" "(Perfect) Forward Secrecy : PFS is offered (OK)"
if $WIDE; then if $WIDE; then
outln ", ciphers follow (client/browser support is here specially important) \n" outln ", ciphers follow (client/browser support is important here) \n"
neat_header neat_header
else else
out " " out " "
@ -3451,7 +3451,8 @@ run_pfs() {
$OPENSSL s_client -cipher $pfs_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$tmpfile </dev/null $OPENSSL s_client -cipher $pfs_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$tmpfile </dev/null
sclient_connect_successful $? $tmpfile sclient_connect_successful $? $tmpfile
sclient_success=$? sclient_success=$?
if [[ $sclient_success -ne 0 ]] && [[ "$SHOW_EACH_C" -eq 0 ]]; then [[ "$sclient_success" -eq 0 ]] && pfs_offered=true
if [[ "$sclient_success" -ne 0 ]] && [[ "$SHOW_EACH_C" -eq 0 ]]; then
continue # no successful connect AND not verbose displaying each cipher continue # no successful connect AND not verbose displaying each cipher
fi fi
if $WIDE; then if $WIDE; then
@ -3461,7 +3462,6 @@ run_pfs() {
kx="$kx $dhlen" kx="$kx $dhlen"
fi fi
neat_list $HEXC $pfs_cipher "$kx" $enc $strength neat_list $HEXC $pfs_cipher "$kx" $enc $strength
let "pfs_offered++"
if [[ "$SHOW_EACH_C" -ne 0 ]]; then if [[ "$SHOW_EACH_C" -ne 0 ]]; then
if [[ $sclient_success -eq 0 ]]; then if [[ $sclient_success -eq 0 ]]; then
pr_green "works" pr_green "works"
@ -3479,7 +3479,7 @@ run_pfs() {
debugme echo $pfs_offered debugme echo $pfs_offered
$WIDE || outln $WIDE || outln
if [[ "$pfs_offered" -eq 1 ]]; then if ! "$pfs_offered"; then
pr_brown "no PFS ciphers found" pr_brown "no PFS ciphers found"
fileout "pfs_ciphers" "NOT OK" "(Perfect) Forward Secrecy Ciphers: no PFS ciphers found (NOT ok)" fileout "pfs_ciphers" "NOT OK" "(Perfect) Forward Secrecy Ciphers: no PFS ciphers found (NOT ok)"
else else
@ -3493,7 +3493,11 @@ run_pfs() {
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
# sub1_curves # sub1_curves
return $pfs_offered if "$pfs_offered"; then
return 0
else
return 1
fi
} }
@ -6776,4 +6780,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.464 2016/02/07 18:13:58 dirkw Exp $ # $Id: testssl.sh,v 1.466 2016/02/20 20:46:16 dirkw Exp $