mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Merge branch '2.9dev' into openssl_location
This commit is contained in:
commit
c77cbc3043
40
testssl.sh
40
testssl.sh
@ -2630,7 +2630,7 @@ run_cipher_match(){
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful "$?" "$TMPFILE" || break
|
sclient_connect_successful "$?" "$TMPFILE" || break
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
[[ -z "$cipher" ]] && break
|
[[ -z "$cipher" ]] && break
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
[[ "$cipher" == "${ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
@ -2689,7 +2689,7 @@ run_cipher_match(){
|
|||||||
fi
|
fi
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
@ -2874,7 +2874,7 @@ run_allciphers() {
|
|||||||
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful "$?" "$TMPFILE"
|
sclient_connect_successful "$?" "$TMPFILE"
|
||||||
if [[ "$?" -eq 0 ]]; then
|
if [[ "$?" -eq 0 ]]; then
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
if [[ -n "$cipher" ]]; then
|
if [[ -n "$cipher" ]]; then
|
||||||
success=0
|
success=0
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
@ -2939,7 +2939,7 @@ run_allciphers() {
|
|||||||
ret=$?
|
ret=$?
|
||||||
if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
|
if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
|
||||||
success=0
|
success=0
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
@ -3157,7 +3157,7 @@ run_cipher_per_proto() {
|
|||||||
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful "$?" "$TMPFILE"
|
sclient_connect_successful "$?" "$TMPFILE"
|
||||||
if [[ "$?" -eq 0 ]]; then
|
if [[ "$?" -eq 0 ]]; then
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
if [[ -n "$cipher" ]]; then
|
if [[ -n "$cipher" ]]; then
|
||||||
success=0
|
success=0
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
@ -3221,7 +3221,7 @@ run_cipher_per_proto() {
|
|||||||
fi
|
fi
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
success=0
|
success=0
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
@ -4421,7 +4421,7 @@ run_server_preference() {
|
|||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
proto[i]="SSLv3"
|
proto[i]="SSLv3"
|
||||||
cipher[i]=""
|
cipher[i]=""
|
||||||
cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher1=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||||
cipher[i]="$(rfc2openssl "$cipher1")"
|
cipher[i]="$(rfc2openssl "$cipher1")"
|
||||||
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
|
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
|
||||||
@ -4493,7 +4493,7 @@ check_tls12_pref() {
|
|||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "ALL$tested_cipher:$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "ALL$tested_cipher:$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
nr_ciphers_found_r1+=1
|
nr_ciphers_found_r1+=1
|
||||||
@ -4510,7 +4510,7 @@ check_tls12_pref() {
|
|||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
batchremoved_success=true # signals that we have some of those ciphers and need to put everything together later on
|
batchremoved_success=true # signals that we have some of those ciphers and need to put everything together later on
|
||||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
batchremoved="$batchremoved:-$cipher"
|
batchremoved="$batchremoved:-$cipher"
|
||||||
nr_ciphers_found_r1+=1
|
nr_ciphers_found_r1+=1
|
||||||
@ -4531,7 +4531,7 @@ check_tls12_pref() {
|
|||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
nr_ciphers_found_r2+=1
|
nr_ciphers_found_r2+=1
|
||||||
@ -4602,7 +4602,7 @@ cipher_pref_check() {
|
|||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:COMPLEMENTOFALL$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:COMPLEMENTOFALL$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
[[ -z "$cipher" ]] && break
|
[[ -z "$cipher" ]] && break
|
||||||
order+="$cipher "
|
order+="$cipher "
|
||||||
tested_cipher+=":-"$cipher
|
tested_cipher+=":-"$cipher
|
||||||
@ -4666,7 +4666,7 @@ cipher_pref_check() {
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
||||||
[[ $? -ne 0 ]] && break
|
[[ $? -ne 0 ]] && break
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
@ -4717,14 +4717,14 @@ cipher_pref_check() {
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
||||||
[[ $? -ne 0 ]] && break
|
[[ $? -ne 0 ]] && break
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||||
cipher="$(rfc2openssl "$cipher")"
|
cipher="$(rfc2openssl "$cipher")"
|
||||||
# If there is no OpenSSL name for the cipher, then use the RFC name
|
# If there is no OpenSSL name for the cipher, then use the RFC name
|
||||||
[[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
[[ -z "$cipher" ]] && cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
fi
|
fi
|
||||||
order+="$cipher "
|
order+="$cipher "
|
||||||
done
|
done
|
||||||
@ -6255,7 +6255,7 @@ run_pfs() {
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$TMPFILE </dev/null
|
$OPENSSL s_client -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$TMPFILE </dev/null
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
pfs_cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
pfs_cipher=$(get_cipher $TMPFILE)
|
||||||
[[ -z "$pfs_cipher" ]] && break
|
[[ -z "$pfs_cipher" ]] && break
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
[[ "$pfs_cipher" == "${ciph[i]}" ]] && break
|
[[ "$pfs_cipher" == "${ciph[i]}" ]] && break
|
||||||
@ -6282,7 +6282,7 @@ run_pfs() {
|
|||||||
fi
|
fi
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
||||||
pfs_cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
pfs_cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
[[ "$pfs_cipher" == "${rfc_ciph[i]}" ]] && break
|
[[ "$pfs_cipher" == "${rfc_ciph[i]}" ]] && break
|
||||||
done
|
done
|
||||||
@ -9879,7 +9879,7 @@ run_beast(){
|
|||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
$OPENSSL s_client -cipher "${ciphers_to_test:1}" -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>>$ERRFILE </dev/null
|
$OPENSSL s_client -cipher "${ciphers_to_test:1}" -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $sni >$TMPFILE 2>>$ERRFILE </dev/null
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
cbc_cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cbc_cipher=$(get_cipher $TMPFILE)
|
||||||
[[ -z "$cbc_cipher" ]] && break
|
[[ -z "$cbc_cipher" ]] && break
|
||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break
|
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break
|
||||||
@ -9911,7 +9911,7 @@ run_beast(){
|
|||||||
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
||||||
fi
|
fi
|
||||||
[[ $? -ne 0 ]] && break
|
[[ $? -ne 0 ]] && break
|
||||||
cbc_cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cbc_cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
|
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
|
||||||
done
|
done
|
||||||
@ -10205,7 +10205,7 @@ run_rc4() {
|
|||||||
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
$OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
|
||||||
sclient_connect_successful "$?" "$TMPFILE"
|
sclient_connect_successful "$?" "$TMPFILE"
|
||||||
if [[ "$?" -eq 0 ]]; then
|
if [[ "$?" -eq 0 ]]; then
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE)
|
cipher=$(get_cipher $TMPFILE)
|
||||||
if [[ -n "$cipher" ]]; then
|
if [[ -n "$cipher" ]]; then
|
||||||
success=0
|
success=0
|
||||||
rc4_offered=1
|
rc4_offered=1
|
||||||
@ -10254,7 +10254,7 @@ run_rc4() {
|
|||||||
if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
|
if [[ $ret -eq 0 ]] || [[ $ret -eq 2 ]]; then
|
||||||
success=0
|
success=0
|
||||||
rc4_offered=1
|
rc4_offered=1
|
||||||
cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
for (( i=0; i < nr_nonossl_ciphers; i++ )); do
|
for (( i=0; i < nr_nonossl_ciphers; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph2[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user