mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-11 11:10:57 +01:00
Merge branch 'drwetter/2.9dev' into 2.9dev
This commit is contained in:
commit
cc0be5bbea
@ -1,7 +1,7 @@
|
||||
|
||||
# Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients
|
||||
|
||||
names+=("Android 2.3.7 ")
|
||||
names+=("Android 2.3.7")
|
||||
short+=("android_237")
|
||||
ciphers+=("RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||
sni+=("")
|
||||
@ -19,7 +19,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 4.1.1 ")
|
||||
names+=("Android 4.1.1")
|
||||
short+=("android_411")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -37,7 +37,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 4.2.2 ")
|
||||
names+=("Android 4.2.2")
|
||||
short+=("android_422")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -55,7 +55,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 4.4.2 ")
|
||||
names+=("Android 4.4.2")
|
||||
short+=("android_442")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -73,7 +73,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 5.0.0 ")
|
||||
names+=("Android 5.0.0")
|
||||
short+=("android_500")
|
||||
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -91,7 +91,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 6.0 ")
|
||||
names+=("Android 6.0")
|
||||
short+=("android_60")
|
||||
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -109,7 +109,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 7.0 ")
|
||||
names+=("Android 7.0")
|
||||
short+=("android_70")
|
||||
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -127,7 +127,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Baidu Jan 2015 ")
|
||||
names+=("Baidu Jan 2015")
|
||||
short+=("baidu_jan_2015")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-MD5:RC4-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -145,7 +145,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("BingPreview Jan 2015 ")
|
||||
names+=("BingPreview Jan 2015")
|
||||
short+=("bingpreview_jan_2015")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -163,7 +163,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Chrome 48 OS X ")
|
||||
names+=("Chrome 48 OS X")
|
||||
short+=("chrome_48_osx")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -181,7 +181,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Chrome 51 Win 7 ")
|
||||
names+=("Chrome 51 Win 7")
|
||||
short+=("chrome_51_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -199,7 +199,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Edge 13 Win 10 ")
|
||||
names+=("Edge 13 Win 10")
|
||||
short+=("edge_13_win10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -217,7 +217,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Edge 13 Win Phone 10 ")
|
||||
names+=("Edge 13 Win Phone 10")
|
||||
short+=("edge_13_winphone10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -235,7 +235,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Firefox 45 Win 7 ")
|
||||
names+=("Firefox 45 Win 7")
|
||||
short+=("firefox_45_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -253,7 +253,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Firefox 49 Win 7 ")
|
||||
names+=("Firefox 49 Win 7")
|
||||
short+=("firefox_49_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -271,7 +271,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Firefox 49 XP SP3 ")
|
||||
names+=("Firefox 49 XP SP3")
|
||||
short+=("firefox_49_xpsp3")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -289,7 +289,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Googlebot Feb 2015 ")
|
||||
names+=("Googlebot Feb 2015")
|
||||
short+=("googlebot_feb_2015")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:AES128-SHA:DES-CBC3-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -307,7 +307,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("IE 11 Win 10 ")
|
||||
names+=("IE 11 Win 10")
|
||||
short+=("ie_11_win10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -325,7 +325,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 11 Win 7 ")
|
||||
names+=("IE 11 Win 7")
|
||||
short+=("ie_11_win7")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -343,7 +343,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 11 Win 8.1 ")
|
||||
names+=("IE 11 Win 8.1")
|
||||
short+=("ie_11_win81")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -361,7 +361,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 11 Win Phone 8.1 ")
|
||||
names+=("IE 11 Win Phone 8.1")
|
||||
short+=("ie_11_winphone81")
|
||||
ciphers+=("AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -379,7 +379,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 11 Win Phone 8.1 Update ")
|
||||
names+=("IE 11 Win Phone 8.1 Update")
|
||||
short+=("ie_11_winphone81update")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -397,7 +397,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 6 XP ")
|
||||
names+=("IE 6 XP")
|
||||
short+=("ie_6_xp")
|
||||
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:DES-CBC-SHA:DES-CBC-MD5:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||
sni+=("")
|
||||
@ -415,7 +415,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 7 Vista ")
|
||||
names+=("IE 7 Vista")
|
||||
short+=("ie_7_vista")
|
||||
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -433,7 +433,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 8 Win 7 ")
|
||||
names+=("IE 8 Win 7")
|
||||
short+=("ie_8_win7")
|
||||
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -451,7 +451,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("IE 8 XP ")
|
||||
names+=("IE 8 XP")
|
||||
short+=("ie_8_xp")
|
||||
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||
sni+=("")
|
||||
@ -469,7 +469,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Java 6u45 ")
|
||||
names+=("Java 6u45")
|
||||
short+=("java_6u45")
|
||||
ciphers+=("RC4-MD5:RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DES-CBC3-MD5:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:DES-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||
sni+=("")
|
||||
@ -487,7 +487,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Java 7u25 ")
|
||||
names+=("Java 7u25")
|
||||
short+=("java_7u25")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -505,7 +505,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Java 8b132 ")
|
||||
names+=("Java 8b132")
|
||||
short+=("java_8b132")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -523,7 +523,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("OpenSSL 1.0.1l ")
|
||||
names+=("OpenSSL 1.0.1l")
|
||||
short+=("openssl_101l")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -541,7 +541,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("OpenSSL 1.0.2e ")
|
||||
names+=("OpenSSL 1.0.2e")
|
||||
short+=("openssl_102e")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -559,7 +559,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Opera 17 Win 7 ")
|
||||
names+=("Opera 17 Win 7")
|
||||
short+=("opera_17_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:AES256-SHA:AES256-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES128-SHA256:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -577,7 +577,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Safari 5.1.9 OS X 10.6.8 ")
|
||||
names+=("Safari 5.1.9 OS X 10.6.8")
|
||||
short+=("safari_519_osx1068")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -595,7 +595,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 6.0.4 OS X 10.8.4 ")
|
||||
names+=("Safari 6.0.4 OS X 10.8.4")
|
||||
short+=("safari_604_osx1084")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -613,7 +613,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 7 OS X 10.9 ")
|
||||
names+=("Safari 7 OS X 10.9")
|
||||
short+=("safari_7_osx109")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -631,7 +631,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 8 OS X 10.10 ")
|
||||
names+=("Safari 8 OS X 10.10")
|
||||
short+=("safari_8_osx1010")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -649,7 +649,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 9 iOS 9 ")
|
||||
names+=("Safari 9 iOS 9")
|
||||
short+=("safari_9_ios9")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -667,7 +667,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 9 OS X 10.11 ")
|
||||
names+=("Safari 9 OS X 10.11")
|
||||
short+=("safari_9_osx1011")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -685,7 +685,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 10 OS X 10.12 ")
|
||||
names+=("Safari 10 OS X 10.12")
|
||||
short+=("safari_10_osx1012")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -703,7 +703,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Apple ATS 9 iOS 9 ")
|
||||
names+=("Apple ATS 9 iOS 9")
|
||||
short+=("apple_ats_9_ios9")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -721,7 +721,7 @@
|
||||
requiresSha2+=(true)
|
||||
current+=(true)
|
||||
|
||||
names+=("Tor 17.0.9 Win 7 ")
|
||||
names+=("Tor 17.0.9 Win 7")
|
||||
short+=("tor_1709_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
@ -739,7 +739,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Yahoo Slurp Jan 2015 ")
|
||||
names+=("Yahoo Slurp Jan 2015")
|
||||
short+=("yahoo_slurp_jan_2015")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
@ -757,7 +757,7 @@
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("YandexBot Jan 2015 ")
|
||||
names+=("YandexBot Jan 2015")
|
||||
short+=("yandexbot_jan_2015")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
|
231
etc/tls_data.txt
Executable file
231
etc/tls_data.txt
Executable file
@ -0,0 +1,231 @@
|
||||
|
||||
# data we need for socket based handshakes
|
||||
|
||||
# 133 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN
|
||||
readonly TLS12_CIPHER="
|
||||
cc,14, cc,13, cc,15, c0,30, c0,2c, c0,28, c0,24, c0,14,
|
||||
c0,0a, c0,22, c0,21, c0,20, 00,a5, 00,a3, 00,a1, 00,9f,
|
||||
00,6b, 00,6a, 00,69, 00,68, 00,39, 00,38, 00,37, 00,36, 00,80, 00,81, 00,82, 00,83,
|
||||
c0,77, c0,73, 00,c4, 00,c3, 00,c2, 00,c1, 00,88, 00,87,
|
||||
00,86, 00,85, c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05,
|
||||
c0,79, c0,75, 00,9d, 00,3d, 00,35, 00,c0, 00,84, c0,2f,
|
||||
c0,2b, c0,27, c0,23, c0,13, c0,09, c0,1f, c0,1e, c0,1d,
|
||||
00,a4, 00,a2, 00,a0, 00,9e, 00,67, 00,40, 00,3f, 00,3e,
|
||||
00,33, 00,32, 00,31, 00,30, c0,76, c0,72, 00,be, 00,bd,
|
||||
00,bc, 00,bb, 00,9a, 00,99, 00,98, 00,97, 00,45, 00,44,
|
||||
00,43, 00,42, c0,31, c0,2d, c0,29, c0,25, c0,0e, c0,04,
|
||||
c0,78, c0,74, 00,9c, 00,3c, 00,2f, 00,ba, 00,96, 00,41,
|
||||
00,07, c0,11, c0,07, 00,66, c0,0c, c0,02, 00,05, 00,04,
|
||||
c0,12, c0,08, c0,1c, c0,1b, c0,1a, 00,16, 00,13, 00,10,
|
||||
00,0d, c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f,
|
||||
00,0c, 00,62, 00,09, 00,65, 00,64, 00,14, 00,11, 00,0e,
|
||||
00,0b, 00,08, 00,06, 00,03, 00,ff"
|
||||
|
||||
# 76 standard cipher + 4x GOST for SSLv3, TLS 1, TLS 1.1
|
||||
readonly TLS_CIPHER="
|
||||
c0,14, c0,0a, c0,22, c0,21, c0,20, 00,39, 00,38, 00,37,
|
||||
00,36, 00,88, 00,87, 00,86, 00,85, c0,0f, c0,05, 00,35,
|
||||
00,84, c0,13, c0,09, c0,1f, c0,1e, c0,1d, 00,33, 00,32, 00,80, 00,81, 00,82, 00,83,
|
||||
00,31, 00,30, 00,9a, 00,99, 00,98, 00,97, 00,45, 00,44,
|
||||
00,43, 00,42, c0,0e, c0,04, 00,2f, 00,96, 00,41, 00,07,
|
||||
c0,11, c0,07, 00,66, c0,0c, c0,02, 00,05, 00,04, c0,12,
|
||||
c0,08, c0,1c, c0,1b, c0,1a, 00,16, 00,13, 00,10, 00,0d,
|
||||
c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f, 00,0c,
|
||||
00,62, 00,09, 00,65, 00,64, 00,14, 00,11, 00,0e, 00,0b,
|
||||
00,08, 00,06, 00,03, 00,ff"
|
||||
|
||||
readonly -a TLS13_KEY_SHARES=(
|
||||
"0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f"
|
||||
"10" "11" "12" "13" "14" "15" "16"
|
||||
"-----BEGIN EC PARAMETERS-----
|
||||
BggqhkjOPQMBBw==
|
||||
-----END EC PARAMETERS-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIHEhQsBkqt1i15mG1wluq/zLqDmjqNQegtgxyNBfRbZSoAoGCCqGSM49
|
||||
AwEHoUQDQgAEJP3GoZyVYrabOauJMWUZJxM0PEbtjTxW7K8V+JMDhJa+UyRQm8Tf
|
||||
2LDnzCAiuwzF8m0KhcloHEoptD2WBUmJlQ==
|
||||
-----END EC PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN EC PARAMETERS-----
|
||||
BgUrgQQAIg==
|
||||
-----END EC PARAMETERS-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MIGkAgEBBDA7MCUdHy2+Kc73fWph++jWo18LHzzm7SKLgycQBNtmeJu3w1y9pK0G
|
||||
EXgAWsIePIOgBwYFK4EEACKhZANiAAT/x7tN8plE6gbA6D4Igp3ash5EvZxvNqdG
|
||||
Q50fcDrIco91ybaVlg2tdngZgurTzte+jv7kdkYrILUmLnXxAUGg4d86yStfcZaI
|
||||
rDEB8Hc9BgJkFFoLSsXMVCKfoEo777k=
|
||||
-----END EC PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN EC PARAMETERS-----
|
||||
BgUrgQQAIw==
|
||||
-----END EC PARAMETERS-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MIHbAgEBBEFjBqkejwKserOf+LoY6xeSUUoLSZQDz/oNLXLB3NQJ3ewDkhbjOvcL
|
||||
jG1on33V080fXRTN3eNdfvzcqDw4c0GGCKAHBgUrgQQAI6GBiQOBhgAEAHuBnMpQ
|
||||
+30lnd/gWrHwjLrXQ+EwtxYzMjSDkfRxr0UQ0YuzDNzsVP0azylC06BUlcAvVgiX
|
||||
+61BiUapw+37EORuAaHOlob0nobmFND7peN0YglQuBeSdqK3cbdP/u9jffGr2H99
|
||||
bONJgO7LSp05PXa79CEi8sydmKYiH1pSLAzRiQnh
|
||||
-----END EC PRIVATE KEY-----
|
||||
" "1a" "1b" "1c"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VuBCIEIACiKGKr1nm2eobXvsI3HrWNKR5wEVAIf7KaCmDPxsJR
|
||||
-----END PRIVATE KEY-----
|
||||
" "1e" "1f"
|
||||
"20" "21" "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
||||
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
||||
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
||||
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
||||
"60" "61" "62" "63" "64" "65" "66" "67" "68" "69" "6a" "6b" "6c" "6d" "6e" "6f"
|
||||
"70" "71" "72" "73" "74" "75" "76" "77" "78" "79" "7a" "7b" "7c" "7d" "7e" "7f"
|
||||
"80" "81" "82" "83" "84" "85" "86" "87" "88" "89" "8a" "8b" "8c" "8d" "8e" "8f"
|
||||
"90" "91" "92" "93" "94" "95" "96" "97" "98" "99" "9a" "9b" "9c" "9d" "9e" "9f"
|
||||
"a0" "a1" "a2" "a3" "a4" "a5" "a6" "a7" "a8" "a9" "aa" "ab" "ac" "ad" "ae" "af"
|
||||
"b0" "b1" "b2" "b3" "b4" "b5" "b6" "b7" "b8" "b9" "ba" "bb" "bc" "bd" "be" "bf"
|
||||
"c0" "c1" "c2" "c3" "c4" "c5" "c6" "c7" "c8" "c9" "ca" "cb" "cc" "cd" "ce" "cf"
|
||||
"d0" "d1" "d2" "d3" "d4" "d5" "d6" "d7" "d8" "d9" "da" "db" "dc" "dd" "de" "df"
|
||||
"e0" "e1" "e2" "e3" "e4" "e5" "e6" "e7" "e8" "e9" "ea" "eb" "ec" "ed" "ee" "ef"
|
||||
"f0" "f1" "f2" "f3" "f4" "f5" "f6" "f7" "f8" "f9" "fa" "fb" "fc" "fd" "fe" "ff"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAP//////////rfhUWKK7Spqv
|
||||
3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
|
||||
3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
|
||||
8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
|
||||
Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
|
||||
/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
|
||||
AQIEggEEAoIBAHxYskjJGeKwSGdAf//JLxPmGRGP6Uylmt12QX5w1FfFXQVJdrsY
|
||||
unjdqhTwgV1vTZ1QApd0uZB//q8ZNNM8SZK0elY4ZJsHJAIdJ/ROmvPvkMCkU0fK
|
||||
S/uUHroP6tEDyKF+v7ooiBF2KXS5CkOYRTKhiOBaWGsdhiFIkd+O7oY6oyhPxPNT
|
||||
2zQEdhIu3ZgFG/ZcscdliMPMmZnKvt/dF4yV8RnCHl3MRDRdL/3McDAb4z89bWqR
|
||||
HRexppcgNa9lhOvR+nF/55NCzT3KwkFPQODQmMRH3bzmME+48HZrFcaaom3/DGt+
|
||||
EC+vidtEr4YW86tV6jvig5+uNR1mIKpE8N4=
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MIIDJgIBADCCAZcGCSqGSIb3DQEDATCCAYgCggGBAP//////////rfhUWKK7Spqv
|
||||
3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
|
||||
3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
|
||||
8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
|
||||
Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
|
||||
/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhH8/c3jVbO2UZA1u8
|
||||
NPTe+ZwCOGG0b8nW5skHetkdJpH39+5ZjLD6wYbZHK7+EwmFE5JwtBMMk7xDeUT0
|
||||
/URS4tdN02Ty4h5x9Uv/XK6Cq5yd9p7obSvFIjY6DavFIZebDeraHb+aQtXESE4K
|
||||
vNBr+lPd7zwbIO4/1Z18JeQdK2bGLjf//////////wIBAgSCAYQCggGAV6hlUz0f
|
||||
RwpauhaumL+dFJQcZHgYghHX9JfNDZv1uMzkTiKxgVutrtFmfHoaTaYNgw+HEQSF
|
||||
ZRnGzyOXb14/ZoGWo727N4T5usOqINFcHIeAbPiRimo0mwS7ivYKxEFBaw4N7OyE
|
||||
zfNKAYWNQe0J+R2FLMKBSbJ+b1nGQ/cUSQDffDpKSUS94+XxwxcvNaCv9Ygtkvnl
|
||||
e/t61L/0eQu/nmi0o7PzR4brmyVTXGnj2LujG/KOtIB4pXQ1GqrvsYLB3pCUTDdA
|
||||
E0heXfpYGZJK10ByMkWmOuH3pCuI8C+7+Bh7JwQAXUtSpZ+hp1Bz7v1PKwY/3fG1
|
||||
2HcPXp85q5N9x9zYZv1vmwFAd0nTdoWdtMbiEJxhCdr6sRpi1+KPg6W3Kqtfcv2f
|
||||
ZZC6MwVFtxogjzIlXt68O7HRH7Adz+DGhEeZqdxIQpaQR50p4LF7gqQ/mzXq8oCe
|
||||
XKC3XxrfV5h3OrPEL/zNTd2pzh3LLQB349aOHNz1F+3YPyPlvwOsXkeT
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MIIEJgIBADCCAhcGCSqGSIb3DQEDATCCAggCggIBAP//////////rfhUWKK7Spqv
|
||||
3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
|
||||
3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
|
||||
8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
|
||||
Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
|
||||
/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhH8/c3jVbO2UZA1u8
|
||||
NPTe+ZwCOGG0b8nW5skHetkdJpH39+5ZjLD6wYbZHK7+EwmFE5JwtBMMk7xDeUT0
|
||||
/URS4tdN02Ty4h5x9Uv/XK6Cq5yd9p7obSvFIjY6DavFIZebDeraHb+aQtXESE4K
|
||||
vNBr+lPd7zwbIO4/1Z18JeQdK2aeHvFub1LDFk30+3kw6eTliFe2rH1fQtafbRh3
|
||||
Y88dVQNABIf1W6V+Mcx6cTXIhu+0MYrtah4BLZ5oMqkHYAqRgTDEbcd4+XGtADgJ
|
||||
KZmjM8uLehoduT1xQAA8Kk7OqfmNCswKgpHNzsl9z47JtVp/iKRrTbWoUfRBguHG
|
||||
igB+XmVfav//////////AgECBIICBAKCAgBKs8VkNMjroMib7Wuw71hVoHiB7lF9
|
||||
3FQsDwU3y//RgETN2CEx8gdarvb35ldNEkypxtiaYck+a5qKVkP8uW4/AUoGlH4V
|
||||
mIVz8R9e0Cewc4X8229+AgvyguaEhJHozp7EqIYEYlpLyn5GL53l2OYvBB3eH9Yi
|
||||
yjYKe5vCe16Jy88oJYrS6+ybYLXHcfJsLHIppMS17KuDdH/DUiCvy5HE5fA5ufD3
|
||||
ExQImgsDa3rm8nW6NUCix9Pl4X5OkWieYE7pXBePZ8Yk8BD4JpPbhsh/9husS4XL
|
||||
/IpSq+tzgXq44SKQv0o9hbkGaxR6xmTjTwOjRiqW1D/1pS/wHxZbH1qbgJSKq7Fx
|
||||
6VZZjH5Hyx9Zh5p3mksa7iZ4DQXVW/8ffz+8UdVRQolVUQxXWihcU5qfdtmDEPI0
|
||||
4dRR5mI/Pk1n7lAhdyE4H/Tz0TmqItfScZvNaj6RbPbk6KOapgHFKIX7dmtPxAOv
|
||||
oMMudOwsBg7md3CY08zH/XdE6O8lmVgCJQMjfwJ7QMayOKL1NYNMmUDPP0WIxOyz
|
||||
5UJj3GzmNrKgYftgr2o8blEwwDbETYN/hpgTPyWl8ieVxK2bn7SX8dFXXEwSdCAt
|
||||
Cg5c3H+YOc+ahx7VYXJtBDyAKuygUKnVqZ1ht6/xLUyJUxiSMZLbFKHBLkR3UuQa
|
||||
HyRwI92yYN4+Zg==
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MIIGJgIBADCCAxcGCSqGSIb3DQEDATCCAwgCggMBAP//////////rfhUWKK7Spqv
|
||||
3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
|
||||
3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
|
||||
8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
|
||||
Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
|
||||
/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhH8/c3jVbO2UZA1u8
|
||||
NPTe+ZwCOGG0b8nW5skHetkdJpH39+5ZjLD6wYbZHK7+EwmFE5JwtBMMk7xDeUT0
|
||||
/URS4tdN02Ty4h5x9Uv/XK6Cq5yd9p7obSvFIjY6DavFIZebDeraHb+aQtXESE4K
|
||||
vNBr+lPd7zwbIO4/1Z18JeQdK2aeHvFub1LDFk30+3kw6eTliFe2rH1fQtafbRh3
|
||||
Y88dVQNABIf1W6V+Mcx6cTXIhu+0MYrtah4BLZ5oMqkHYAqRgTDEbcd4+XGtADgJ
|
||||
KZmjM8uLehoduT1xQAA8Kk7OqfmNCswKgpHNzsl9z47JtVp/iKRrTbWoUfRBguHG
|
||||
igB+Xg3ZAgv9ZLZFA2x6Tmd9LDhTKjojukRCyvU+pju0VDKbdiTIkXvdZLHA/Uyz
|
||||
jowzTHAcOs2tBlf8z+xxmx9cPk5GBB84gUf7TP20d6UkcfepqWkQuFUyLttjQNig
|
||||
DvCSNQUR4wq+wf/546Juf7KfjBgwI8NYfjjaAHfZtHY+TkuUsrvBlMZlHnfK+ZLu
|
||||
qsAjKigb9rOnOcEiYRaCCujbWEemfL75yQkbRi1TjNcrA3Rq539eYiksMRViqEZQ
|
||||
XcgtuFQziuSfUjXJW5EXjM8t1crO9APsnRgQxicrBFs7cfnca4DWP91KjprbHmli
|
||||
ppUm1DFhwaQdVw15ONrUpA4ynNDkDmX//////////wIBAgSCAwQCggMAVvLSfpPC
|
||||
OJVhuOkMtOYtl6vcKtuP0RXXZYBfMFufb5gQJrEypjSIxS+kRyBjNMk3qSt9iBbG
|
||||
dpSe5fuu9RtI5O5eD/UXrDNBbI2/ldLNDarV3g+hcYklzKQE6kBSWEt1soktPXEq
|
||||
PIcvYFVrOtWrH3Nw0UT/brRLZ+Ea9mnRG6CCICM0K2UxMhyjDheGCVCpmZfYJycP
|
||||
mx0H1SA5RI9lP+GkDm096CgAEtXqk1eej8/9F4vsEn5r48HKobXlZEBp+HFcIq7s
|
||||
DqrNZkg6jRhMusGjVM7mpFuyt0D5LIshsDBHjwkULJUX9Zd7pcVizbHbst2rpi8u
|
||||
n7H908pdRFvdQYfvjBwvewl7DwZoFOsL+qA5Jo1MtfgpgegouKsS3jmyRSmY4wLp
|
||||
uOjv6S1//A1sctJNwXlMI7/3IcONT3bmOwNnyvUeFJE4+lnYeClEpAsrCegcljQa
|
||||
UNOeSKR1x9ctvzlWaBM5EP2daF0JiYdo3Ug/YISDX5dJFOW4gWz95W8Ii9//6zim
|
||||
8LgA2/NP5IJBs0DPQxVbEVUI0wRPYMI4aZBm2n5bQFQKI95FQfv8ncKSul/fuTtY
|
||||
du8INZR6ogMpWdDSz5UsIMwjLzXfg30ehcCyy9ebkDtiPDr8++HrwWKGVvuQaa4p
|
||||
rPiac3fF1+DCHVKwxRsqM1zgDzNtI59Y9wb85kyPRsHTuG5kR3KUMUUYWmbuuMG6
|
||||
3yMm7K3hJhlhfiO8hIWt+ZJJHCIEJOFK7FJbsZWmFbS6ukcl1uwlmQzote2aFfYA
|
||||
5fsL7VeUaXKkJPKY3p05rvHJkayUpxn+oamOA1qW4eVYzio/ZiRtaUNLbmOvb0pU
|
||||
Z1fyypnlaVzAVynoIF43LfbJ7cdpfnoz6hd//SVA742kuQMA4VeQoXLh6dX1/qZV
|
||||
8QF7gNjLxgJoqGssaOUwxdxcXqMl+9JUBL/LtvxYs1xcrzla/tj+26XcPT+/tIWR
|
||||
89TyyCWVPBvFLeWfG5+iIXT0X6g8zJP6d9QCL+2F3yStbJngWCZtFDFD
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
"-----BEGIN PRIVATE KEY-----
|
||||
MIIIJgIBADCCBBcGCSqGSIb3DQEDATCCBAgCggQBAP//////////rfhUWKK7Spqv
|
||||
3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
|
||||
3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
|
||||
8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
|
||||
Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
|
||||
/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhH8/c3jVbO2UZA1u8
|
||||
NPTe+ZwCOGG0b8nW5skHetkdJpH39+5ZjLD6wYbZHK7+EwmFE5JwtBMMk7xDeUT0
|
||||
/URS4tdN02Ty4h5x9Uv/XK6Cq5yd9p7obSvFIjY6DavFIZebDeraHb+aQtXESE4K
|
||||
vNBr+lPd7zwbIO4/1Z18JeQdK2aeHvFub1LDFk30+3kw6eTliFe2rH1fQtafbRh3
|
||||
Y88dVQNABIf1W6V+Mcx6cTXIhu+0MYrtah4BLZ5oMqkHYAqRgTDEbcd4+XGtADgJ
|
||||
KZmjM8uLehoduT1xQAA8Kk7OqfmNCswKgpHNzsl9z47JtVp/iKRrTbWoUfRBguHG
|
||||
igB+Xg3ZAgv9ZLZFA2x6Tmd9LDhTKjojukRCyvU+pju0VDKbdiTIkXvdZLHA/Uyz
|
||||
jowzTHAcOs2tBlf8z+xxmx9cPk5GBB84gUf7TP20d6UkcfepqWkQuFUyLttjQNig
|
||||
DvCSNQUR4wq+wf/546Juf7KfjBgwI8NYfjjaAHfZtHY+TkuUsrvBlMZlHnfK+ZLu
|
||||
qsAjKigb9rOnOcEiYRaCCujbWEemfL75yQkbRi1TjNcrA3Rq539eYiksMRViqEZQ
|
||||
XcgtuFQziuSfUjXJW5EXjM8t1crO9APsnRgQxicrBFs7cfnca4DWP91KjprbHmli
|
||||
ppUm1DFhwaQdVw15ONrUpA4ynM/0aqo2rQBM9gDIOB5CWjHZUa5k/bI/zslQnUNo
|
||||
f+tp7dHMXguMw732SxDvhrYxQqOriClVWy90fJMmZcssDxzAG9cCKTiIOdKvBeRU
|
||||
UErHi3WCgihGwLo1w19cWRYMwEb9glFUH8aMnIawIrtwmYdqRg50UaipMQlwP+4c
|
||||
IX5sOCblLFGqaR4OQjz8menjFlDBIXtiSBbNrZqV+dW4AZSI2cCgof4wdaV34jGD
|
||||
+B1KPy+kVx78jOC6ik/otoVd/nKwpm7e0vur++WKMPr6vhxdcah+L3Qe+MH+hv6m
|
||||
u/3lMGd/DZfRHUn3qEQ9CCLlBqn0YU4BHiqUg4/4jNaMi7fFxkJM//////////8C
|
||||
AQIEggQEAoIEAFBZTkIN/znN/euu0INkB365wc9kj/ibO/Hj3mHLa+NHoaKH4A33
|
||||
kd3WQCjRmLnLZHlodMbrgJ8vxHtKdeFiv4i1gefsv0aVv7zX9Sp3zpRJC/bhNJkz
|
||||
BsVJwwp9b+OPfc13d2vb3ZsVyqmfUO6NdMz1x9cEiR+wrpJjrMbWqByliAkByI5w
|
||||
Znlm/aLrwOWOZ0lkY2SzB5qDcNM/I9m7Uk9pW3Q0GugWC/PMzv/+VCMb/Q56pABX
|
||||
310qNm0AZov4cBWz5qtD8AQ+cZWBndX4ydL+jLT5n5SwrXR3z8biCBdJWpxpKeVJ
|
||||
3Dal4LC1UcuJDuwtxswlm+AzfVJI3eiKL5uwsSbIg0Ls7bk7FO1LWGHbGwbL+eof
|
||||
TijrETwUgsBNiLdmLeDtfWBTDAH3kZnBpZjRhCgIRuRUleTRevvnMtBXR9td5Lkj
|
||||
N4quHZbx0S9novQLV7EF6+mNW0fddbHxC6mK0C3vCGCTLUTjFoyW6DJMInUYrerO
|
||||
kTEyH0JCMrA/mIGmU4QR7dXuMPJiTwg+TS3jZYmwa4nL5hES7Ssf9PSaqdyV2ZzU
|
||||
/oVLTfIuvpFbcidZF7j2DFaObtV6ZjqegufOaNJmTItWJzNJ31s0ZUGwXLq5jygh
|
||||
HMAW+uzNVX5nv7ezvjOANrOAosSDN1zFVRrUBOilaKbvguwp1fym2bnqiCFD1tKw
|
||||
CMgtTOTwP8/j1XAMlD/Afu/VTJls3IY3r6ANoCX8hLTXK3ykcewV2irV4nB+8p09
|
||||
KhhWSr3zF0qj5Keo33oMUnEaN2eIeIUegXKxpp4WtT4JEUE0ritZF8SzZmoHkANw
|
||||
dgtDm8Ryx/SaZ+QwrqhVFOsSU8TgvIHc455j4M1o8DBAdUiTbXniYlSNslzbvfbK
|
||||
57uJbPwrw/Op3DzFvZPnOx5vfnDsR9qOmAknfNfgKtEFc0AAno5BiyaiIlHuBUte
|
||||
TS5AsCL7q4Q9ybS7WehGOWOwHzZEa7DlUJ1kqjFCxBXgYMEKSbwKF5vHpp6x2O3x
|
||||
0OPzODz1JGoRT5yYXY3UiboRlkldet4NPNufg4MoKW6XooLXq/bIVQNSZtg1gBO6
|
||||
ipWJlxpfmPhjOdljGlXsstvaazESsMaff5xG8dIIOb+yMFh6DC6GElU49GGzfnAe
|
||||
EB+RNHS/o8boRFQn4r6/KiVCODk0qGK3TvYStsjXo93vA+KfJwSsqtckwX+wcl5l
|
||||
mWWvMF+iHQ+gL4L1hz7hH/m7UZGy+o/7mi7lKDSPLvSlGwzzdWcvEQj4Hv4IHQQh
|
||||
eeSHdeSwhqaL1XjP6JXa+IEY/wXzwIMHohtw+epFwLZhg8NFxkzHUpCKLDZrEDc8
|
||||
Y9zPgF69gpA9VpStqLAqHxBvEm4BYFoFyfw=
|
||||
-----END PRIVATE KEY-----
|
||||
" "105" "106" "107" "108" "109" "10a" "10b" "10c" "10d" "10e" "10f" )
|
411
testssl.sh
411
testssl.sh
@ -76,9 +76,22 @@
|
||||
# this missing feature! The idea is if this script can't tell something
|
||||
# for sure it speaks up so that you have clear picture.
|
||||
|
||||
|
||||
# debugging help:
|
||||
readonly PS4='${LINENO}> ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
||||
readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
||||
|
||||
DEBUGTIME=${DEBUGTIME:-false}
|
||||
|
||||
if grep -q xtrace <<< "$SHELLOPTS"; then
|
||||
if "$DEBUGTIME" ; then
|
||||
# separate debugging, doesn't mess up the screen, $DEBUGTIME determines whether we also do performance analysis
|
||||
exec 42>&2 2> >(tee /tmp/testssl-$$.log | sed -u 's/^.*$/now/' | date -f - +%s.%N >/tmp/testssl-$$.time)
|
||||
# for pasting both togher see https://stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353
|
||||
else
|
||||
exec 42>| /tmp/testssl-$$.log
|
||||
BASH_XTRACEFD=42
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# make sure that temporary files are cleaned up after use in ANY case
|
||||
trap "cleanup" QUIT EXIT
|
||||
@ -190,6 +203,12 @@ HAD_SLEPT=0
|
||||
CAPATH="${CAPATH:-/etc/ssl/certs/}" # Does nothing yet (FC has only a CA bundle per default, ==> openssl version -d)
|
||||
FNAME=${FNAME:-""} # file name to read commands from
|
||||
IKNOW_FNAME=false
|
||||
MEASURE_TIME_FILE=${MEASURE_TIME_FILE:-""}
|
||||
if [[ -n "$MEASURE_TIME_FILE" ]] && [[ -z "$MEASURE_TIME" ]]; then
|
||||
MEASURE_TIME=true
|
||||
else
|
||||
MEASURE_TIME=${MEASURE_TIME:-false}
|
||||
fi
|
||||
|
||||
# further global vars just declared here
|
||||
readonly NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
|
||||
@ -259,8 +278,10 @@ GET_REQ11=""
|
||||
readonly UA_STD="TLS tester from $SWURL"
|
||||
readonly UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"
|
||||
FIRST_FINDING=true # Is this the first finding we are outputting to file?
|
||||
START_TIME=0
|
||||
END_TIME=0
|
||||
START_TIME=0 # time in epoch when the action started
|
||||
END_TIME=0 # .. ended
|
||||
SCAN_TIME=0 # diff of both: total scan time
|
||||
LAST_TIME=0 # only used for performance measurements (MEASURE_TIME=true)
|
||||
|
||||
# Devel stuff, see -q below
|
||||
TLS_LOW_BYTE=""
|
||||
@ -560,7 +581,7 @@ html_reserved(){
|
||||
}
|
||||
|
||||
html_out() {
|
||||
"$do_html" || return
|
||||
"$do_html" || return 0
|
||||
[[ -n "$HTMLFILE" ]] && [[ ! -d "$HTMLFILE" ]] && printf -- "%b" "${1//%/%%}" >> "$HTMLFILE"
|
||||
# here and other printf's: a little bit of sanitzing with bash internal search&replace -- otherwise printf will hiccup at '%'. '--' and %b do the rest.
|
||||
}
|
||||
@ -786,7 +807,6 @@ strip_quote() {
|
||||
|
||||
#################### JSON FILE FORMATING ####################
|
||||
fileout_pretty_json_header() {
|
||||
START_TIME=$(date +%s)
|
||||
target="$NODE"
|
||||
$do_mx_all_ips && target="$URI"
|
||||
|
||||
@ -801,9 +821,8 @@ fileout_pretty_json_header() {
|
||||
}
|
||||
|
||||
fileout_pretty_json_footer() {
|
||||
local scan_time=$((END_TIME - START_TIME))
|
||||
echo -e " ],
|
||||
\"scanTime\" : \"$scan_time\"\n}"
|
||||
\"scanTime\" : \"$SCAN_TIME\"\n}"
|
||||
}
|
||||
|
||||
fileout_json_header() {
|
||||
@ -973,7 +992,7 @@ html_header() {
|
||||
fname_prefix="mx-$URI"
|
||||
else
|
||||
( [[ -z "$HTMLFILE" ]] || [[ -d "$HTMLFILE" ]] ) && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
|
||||
fname_prefix="$NODE"_"$PORT"
|
||||
fname_prefix="${NODE}"_p"${PORT}"
|
||||
fi
|
||||
|
||||
if [[ -n "$HTMLFILE" ]] && [[ ! -d "$HTMLFILE" ]]; then
|
||||
@ -1770,7 +1789,7 @@ run_hpkp() {
|
||||
hpkp_ca="$($OPENSSL x509 -in $HOSTCERT -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')"
|
||||
|
||||
# Get keys/hashes from intermediate certificates
|
||||
$OPENSSL s_client -showcerts $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||
$OPENSSL s_client $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||
# Place the server's certificate in $HOSTCERT and any intermediate
|
||||
# certificates that were provided in $TEMPDIR/intermediatecerts.pem
|
||||
# http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
|
||||
@ -2361,7 +2380,7 @@ std_cipherlists() {
|
||||
;;
|
||||
esac
|
||||
tmpfile_handle $FUNCNAME.$debugname.txt
|
||||
[[ $DEBUG -ge 1 ]] && out " -- $1" || outln #FIXME: should be in standard output at some time
|
||||
[[ $DEBUG -ge 1 ]] && outln " -- $1" || outln #FIXME: should be in standard output at some time
|
||||
else
|
||||
singlespaces=$(sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g' <<< "$2")
|
||||
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
|
||||
@ -2371,8 +2390,6 @@ std_cipherlists() {
|
||||
fi
|
||||
fileout "std_$4" "WARN" "Cipher $2 ($1) not supported by local OpenSSL ($OPENSSL)"
|
||||
fi
|
||||
# we need 1 x lf in those cases:
|
||||
debugme echo
|
||||
}
|
||||
|
||||
|
||||
@ -2382,9 +2399,9 @@ std_cipherlists() {
|
||||
socksend() {
|
||||
# the following works under BSD and Linux, which is quite tricky. So don't mess with it unless you're really sure what you do
|
||||
if "$HAS_SED_E"; then
|
||||
data=$(echo "$1" | sed -e 's/# .*$//g' -e 's/ //g' | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\/g' | tr -d '\n')
|
||||
data=$(sed -e 's/# .*$//g' -e 's/ //g' <<< "$1" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\/g' | tr -d '\n')
|
||||
else
|
||||
data=$(echo "$1" | sed -e 's/# .*$//g' -e 's/ //g' | sed -r 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\/g' | tr -d '\n')
|
||||
data=$(sed -e 's/# .*$//g' -e 's/ //g' <<< "$1" | sed -r 's/^[[:space:]]+//; s/[[:space:]]+$//; /^$/d' | sed 's/,/\\/g' | tr -d '\n')
|
||||
fi
|
||||
[[ $DEBUG -ge 4 ]] && echo "\"$data\""
|
||||
printf -- "$data" >&5 2>/dev/null &
|
||||
@ -3387,12 +3404,13 @@ create_client_simulation_tls_clienthello() {
|
||||
|
||||
if [[ "$extension_type" != "0000" ]]; then
|
||||
# The extension will just be copied into the revised ClientHello
|
||||
sni_extension_found=true
|
||||
offset=$offset-4
|
||||
len=$len_extension+8
|
||||
tls_extensions+="${tls_handshake_ascii:$offset:$len}"
|
||||
offset=$offset+$len
|
||||
elif [[ -n "$SNI" ]]; then
|
||||
else
|
||||
sni_extension_found=true
|
||||
if [[ -n "$SNI" ]]; then
|
||||
# Create a server name extension that corresponds to $SNI
|
||||
len_servername=${#NODE}
|
||||
hexdump_format_str="$len_servername/1 \"%02x\""
|
||||
@ -3404,6 +3422,7 @@ create_client_simulation_tls_clienthello() {
|
||||
tls_extensions+="000000${len_sni_ext}00${len_sni_listlen}0000${len_servername_hex}${servername_hexstr}"
|
||||
offset=$offset+$len_extension+4
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if ! $sni_extension_found; then
|
||||
@ -3456,7 +3475,6 @@ client_simulation_sockets() {
|
||||
sleep $USLEEP_SND
|
||||
|
||||
sockread_serverhello 32768
|
||||
TLS_NOW=$(LC_ALL=C date "+%s")
|
||||
|
||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
||||
@ -3465,7 +3483,7 @@ client_simulation_sockets() {
|
||||
hello_done=$?
|
||||
|
||||
for(( 1 ; hello_done==1; 1 )); do
|
||||
sock_reply_file2=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
|
||||
sock_reply_file2=${SOCK_REPLY_FILE}.2
|
||||
mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
|
||||
|
||||
debugme echo "requesting more server hello data..."
|
||||
@ -3483,9 +3501,8 @@ client_simulation_sockets() {
|
||||
hello_done=0
|
||||
else
|
||||
tls_hello_ascii+="$next_packet"
|
||||
|
||||
sock_reply_file3=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
|
||||
mv "$SOCK_REPLY_FILE" "$sock_reply_file3"
|
||||
sock_reply_file3=${SOCK_REPLY_FILE}.3
|
||||
mv "$SOCK_REPLY_FILE" "$sock_reply_file3" #FIXME: we moved that already
|
||||
mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
|
||||
cat "$sock_reply_file3" >> "$SOCK_REPLY_FILE"
|
||||
rm "$sock_reply_file3"
|
||||
@ -3583,7 +3600,7 @@ run_client_simulation() {
|
||||
debugme tmln_out
|
||||
for name in "${short[@]}"; do
|
||||
#FIXME: printf formatting would look better, especially if we want a wide option here
|
||||
out " ${names[i]} "
|
||||
out " $(printf -- "%-33s" "${names[i]}")"
|
||||
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
||||
client_simulation_sockets "${handshakebytes[i]}"
|
||||
sclient_success=$?
|
||||
@ -3607,7 +3624,7 @@ run_client_simulation() {
|
||||
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
|
||||
bits=$(awk -F',' '{ print $3 }' <<< $temp)
|
||||
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp)
|
||||
bits=$(tr -d ' bits' <<< $bits)
|
||||
bits="${bits/ bits/}"
|
||||
if [[ "$what_dh" == "DH" ]]; then
|
||||
[[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1
|
||||
[[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1
|
||||
@ -4217,7 +4234,7 @@ read_dhbits_from_file() {
|
||||
else
|
||||
bits=$(awk -F',' '{ print $2 }' <<< $temp)
|
||||
fi
|
||||
bits=$(tr -d ' bits' <<< $bits)
|
||||
bits="${bits/ bits/}"
|
||||
|
||||
if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then
|
||||
curve="$what_dh"
|
||||
@ -4507,27 +4524,7 @@ run_server_preference() {
|
||||
i=$(($i + 1))
|
||||
done
|
||||
|
||||
[[ -n "$PROXY" ]] && arg=" SPDY/NPN is"
|
||||
[[ -n "$STARTTLS" ]] && arg=" "
|
||||
if spdy_pre " $arg" ; then # is NPN/SPDY supported and is this no STARTTLS? / no PROXY
|
||||
# ALPN needs also some lines here
|
||||
$OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
if sclient_connect_successful $? $TMPFILE; then
|
||||
proto[i]=$(grep -aw "Next protocol" $TMPFILE | sed -e 's/^Next protocol://' -e 's/(.)//' -e 's/ //g')
|
||||
if [[ -z "${proto[i]}" ]]; then
|
||||
cipher[i]=""
|
||||
else
|
||||
cipher[i]=$(get_cipher $TMPFILE)
|
||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then
|
||||
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
||||
[[ -z "${cipher[i]}" ]] && cipher[i]=$(get_cipher $TMPFILE)
|
||||
fi
|
||||
[[ $DEBUG -ge 2 ]] && tmln_out "Default cipher for ${proto[i]}: ${cipher[i]}"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
outln # we miss for STARTTLS 1x LF otherwise
|
||||
fi
|
||||
|
||||
for i in 1 2 3 4 5 6; do
|
||||
if [[ -n "${cipher[i]}" ]]; then # cipher not empty
|
||||
@ -4825,44 +4822,6 @@ cipher_pref_check() {
|
||||
done
|
||||
outln
|
||||
|
||||
if ! spdy_pre " SPDY/NPN: "; then # is NPN/SPDY supported and is this no STARTTLS?
|
||||
outln
|
||||
else
|
||||
npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g')
|
||||
for p in $npn_protos; do
|
||||
order=""
|
||||
$OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||
out "$(printf " %-10s " "$p:")"
|
||||
tested_cipher="-"$cipher
|
||||
order="$cipher "
|
||||
if ! "$FAST"; then
|
||||
while true; do
|
||||
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
sclient_connect_successful $? $TMPFILE || break
|
||||
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||
tested_cipher="$tested_cipher:-$cipher"
|
||||
order+="$cipher "
|
||||
done
|
||||
fi
|
||||
if [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||
rfc_order=""
|
||||
while read -d " " cipher; do
|
||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
||||
if [[ -n "$rfc_ciph" ]]; then
|
||||
rfc_order+="$rfc_ciph "
|
||||
else
|
||||
rfc_order+="$cipher "
|
||||
fi
|
||||
done <<< "$order"
|
||||
order="$rfc_order"
|
||||
fi
|
||||
out_row_aligned_max_width "$order" " " $TERM_WIDTH out
|
||||
outln
|
||||
[[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order"
|
||||
done
|
||||
fi
|
||||
|
||||
outln
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return 0
|
||||
@ -5068,6 +5027,30 @@ sclient_connect_successful() {
|
||||
return 1
|
||||
}
|
||||
|
||||
extract_new_tls_extensions() {
|
||||
local tls_extensions
|
||||
|
||||
# this is not beautiful (grep+sed)
|
||||
# but maybe we should just get the ids and do a private matching, according to
|
||||
# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
||||
tls_extensions=$(grep -a 'TLS server extension ' "$1" | \
|
||||
sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' \
|
||||
-e 's/,.*$/,/g' -e 's/),$/\"/g' \
|
||||
-e 's/elliptic curves\/#10/supported_groups\/#10/g')
|
||||
tls_extensions=$(echo $tls_extensions) # into one line
|
||||
|
||||
if [[ -n "$tls_extensions" ]]; then
|
||||
# check to see if any new TLS extensions were returned and add any new ones to TLS_EXTENSIONS
|
||||
while read -d "\"" -r line; do
|
||||
if [[ $line != "" ]] && [[ ! "$TLS_EXTENSIONS" =~ "$line" ]]; then
|
||||
#FIXME: This is a string of quoted strings, so this seems to determine the output format already. Better e.g. would be an array
|
||||
TLS_EXTENSIONS+=" \"${line}\""
|
||||
fi
|
||||
done <<<$tls_extensions
|
||||
[[ "${TLS_EXTENSIONS:0:1}" == " " ]] && TLS_EXTENSIONS="${TLS_EXTENSIONS:1}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Note that since, at the moment, this function is only called by run_server_defaults()
|
||||
# and run_heartbleed(), this function does not look for the status request or NPN
|
||||
# extensions. For run_heartbleed(), only the heartbeat extension needs to be detected.
|
||||
@ -5110,7 +5093,7 @@ determine_tls_extensions() {
|
||||
success=$?
|
||||
fi
|
||||
[[ $success -eq 2 ]] && success=0
|
||||
[[ $success -eq 0 ]] && tls_extensions="$(grep -a 'TLS Extensions: ' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/TLS Extensions: //' )"
|
||||
[[ $success -eq 0 ]] && extract_new_tls_extensions "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt"
|
||||
if [[ -r "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" ]]; then
|
||||
cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
@ -5137,24 +5120,9 @@ determine_tls_extensions() {
|
||||
sclient_connect_successful $? $TMPFILE
|
||||
success=$?
|
||||
fi
|
||||
if [[ $success -eq 0 ]]; then
|
||||
tls_extensions=$(grep -a 'TLS server extension ' $TMPFILE | \
|
||||
sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' \
|
||||
-e 's/,.*$/,/g' -e 's/),$/\"/g' \
|
||||
-e 's/elliptic curves\/#10/supported_groups\/#10/g')
|
||||
tls_extensions=$(echo $tls_extensions) # into one line
|
||||
fi
|
||||
[[ $success -eq 0 ]] && extract_new_tls_extensions $TMPFILE
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
fi
|
||||
if [[ -n "$tls_extensions" ]]; then
|
||||
# check to see if any new TLS extensions were returned and add any new ones to TLS_EXTENSIONS
|
||||
while read -d "\"" -r line; do
|
||||
if [[ $line != "" ]] && [[ ! "$TLS_EXTENSIONS" =~ "$line" ]]; then
|
||||
TLS_EXTENSIONS+=" \"${line}\""
|
||||
fi
|
||||
done <<<$tls_extensions
|
||||
[[ "${TLS_EXTENSIONS:0:1}" == " " ]] && TLS_EXTENSIONS="${TLS_EXTENSIONS:1}"
|
||||
fi
|
||||
return $success
|
||||
}
|
||||
|
||||
@ -5163,7 +5131,7 @@ determine_tls_extensions() {
|
||||
get_server_certificate() {
|
||||
local protocols_to_try proto addcmd
|
||||
local success
|
||||
local npn_params="" tls_extensions line
|
||||
local npn_params="" line
|
||||
local savedir
|
||||
local nrsaved
|
||||
|
||||
@ -5212,7 +5180,7 @@ get_server_certificate() {
|
||||
# this all needs to be moved into determine_tls_extensions()
|
||||
>$TEMPDIR/tlsext.txt
|
||||
# first shot w/o any protocol, then in turn we collect all extensions
|
||||
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $addcmd -tlsextdebug -status </dev/null 2>$ERRFILE >$TMPFILE
|
||||
$OPENSSL s_client $STARTTLS $BUGS $1 -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tlsextdebug -status </dev/null 2>$ERRFILE >$TMPFILE
|
||||
sclient_connect_successful $? $TMPFILE && grep -a 'TLS server extension' $TMPFILE >$TEMPDIR/tlsext.txt
|
||||
for proto in $protocols_to_try; do
|
||||
# we could know here which protcols are supported
|
||||
@ -5239,25 +5207,7 @@ get_server_certificate() {
|
||||
GOST_STATUS_PROBLEM=true
|
||||
fi
|
||||
fi
|
||||
#tls_extensions=$(awk -F'"' '/TLS server extension / { printf "\""$2"\" " }' $TMPFILE)
|
||||
#
|
||||
# this is not beautiful (grep+sed)
|
||||
# but maybe we should just get the ids and do a private matching, according to
|
||||
# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
||||
tls_extensions=$(grep -a 'TLS server extension ' $TEMPDIR/tlsext.txt | \
|
||||
sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' \
|
||||
-e 's/,.*$/,/g' -e 's/),$/\"/g' \
|
||||
-e 's/elliptic curves\/#10/supported_groups\/#10/g')
|
||||
tls_extensions=$(echo $tls_extensions) # into one line
|
||||
|
||||
# check to see if any new TLS extensions were returned and add any new ones to TLS_EXTENSIONS
|
||||
while read -d "\"" -r line; do
|
||||
if [[ $line != "" ]] && [[ ! "$TLS_EXTENSIONS" =~ "$line" ]]; then
|
||||
#FIXME: This is a string of quoted strings, so this seems to deterime the output format already. Better e.g. would be an array
|
||||
TLS_EXTENSIONS+=" \"${line}\""
|
||||
fi
|
||||
done <<<$tls_extensions
|
||||
[[ "${TLS_EXTENSIONS:0:1}" == " " ]] && TLS_EXTENSIONS="${TLS_EXTENSIONS:1}"
|
||||
extract_new_tls_extensions $TMPFILE
|
||||
|
||||
# Place the server's certificate in $HOSTCERT and any intermediate
|
||||
# certificates that were provided in $TEMPDIR/intermediatecerts.pem
|
||||
@ -6975,10 +6925,9 @@ close_socket(){
|
||||
|
||||
|
||||
# first: helper function for protocol checks
|
||||
# arg1: formatted string here in the code
|
||||
code2network() {
|
||||
# arg1: formatted string here in the code
|
||||
NW_STR=$(sed -e 's/,/\\\x/g' <<< "$1" | sed -e 's/# .*$//g' -e 's/ //g' -e '/^$/d' | tr -d '\n' | tr -d '\t')
|
||||
#TODO: just echo, no additional global var
|
||||
}
|
||||
|
||||
len2twobytes() {
|
||||
@ -7355,7 +7304,7 @@ parse_sslv2_serverhello() {
|
||||
let offset=26+$certificate_len
|
||||
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
|
||||
for (( i=0 ; i<nr_ciphers_detected; i++ )); do
|
||||
echo "Supported cipher: x$(echo ${v2_hello_ascii:offset:6} | tr 'A-Z' 'a-z')" >> $TMPFILE
|
||||
echo "Supported cipher: x$(tolower "${v2_hello_ascii:offset:6}")" >> $TMPFILE
|
||||
let offset=$offset+6
|
||||
done
|
||||
echo "======================================" >> $TMPFILE
|
||||
@ -7805,23 +7754,23 @@ parse_tls_serverhello() {
|
||||
return 1
|
||||
fi
|
||||
case $extension_type in
|
||||
0000) tls_extensions+=" \"server name/#0\"" ;;
|
||||
0001) tls_extensions+=" \"max fragment length/#1\"" ;;
|
||||
0002) tls_extensions+=" \"client certificate URL/#2\"" ;;
|
||||
0003) tls_extensions+=" \"trusted CA keys/#3\"" ;;
|
||||
0004) tls_extensions+=" \"truncated HMAC/#4\"" ;;
|
||||
0005) tls_extensions+=" \"status request/#5\"" ;;
|
||||
0006) tls_extensions+=" \"user mapping/#6\"" ;;
|
||||
0007) tls_extensions+=" \"client authz/#7\"" ;;
|
||||
0008) tls_extensions+=" \"server authz/#8\"" ;;
|
||||
0009) tls_extensions+=" \"cert type/#9\"" ;;
|
||||
000A) tls_extensions+=" \"supported_groups/#10\"" ;;
|
||||
000B) tls_extensions+=" \"EC point formats/#11\"" ;;
|
||||
000C) tls_extensions+=" \"SRP/#12\"" ;;
|
||||
000D) tls_extensions+=" \"signature algorithms/#13\"" ;;
|
||||
000E) tls_extensions+=" \"use SRTP/#14\"" ;;
|
||||
000F) tls_extensions+=" \"heartbeat/#15\"" ;;
|
||||
0010) tls_extensions+=" \"application layer protocol negotiation/#16\""
|
||||
0000) tls_extensions+="TLS server extension \"server name\" (id=0), len=$extension_len\n" ;;
|
||||
0001) tls_extensions+="TLS server extension \"max fragment length\" (id=1), len=$extension_len\n" ;;
|
||||
0002) tls_extensions+="TLS server extension \"client certificate URL\" (id=2), len=$extension_len\n" ;;
|
||||
0003) tls_extensions+="TLS server extension \"trusted CA keys\" (id=3, len=$extension_len\n)" ;;
|
||||
0004) tls_extensions+="TLS server extension \"truncated HMAC\" (id=4), len=$extension_len\n" ;;
|
||||
0005) tls_extensions+="TLS server extension \"status request\" (id=5), len=$extension_len\n" ;;
|
||||
0006) tls_extensions+="TLS server extension \"user mapping\" (id=6), len=$extension_len\n" ;;
|
||||
0007) tls_extensions+="TLS server extension \"client authz\" (id=7), len=$extension_len\n" ;;
|
||||
0008) tls_extensions+="TLS server extension \"server authz\" (id=8), len=$extension_len\n" ;;
|
||||
0009) tls_extensions+="TLS server extension \"cert type\" (id=9), len=$extension_len\n" ;;
|
||||
000A) tls_extensions+="TLS server extension \"supported_groups\" (id=10), len=$extension_len\n" ;;
|
||||
000B) tls_extensions+="TLS server extension \"EC point formats\" (id=11), len=$extension_len\n" ;;
|
||||
000C) tls_extensions+="TLS server extension \"SRP\" (id=12), len=$extension_len\n" ;;
|
||||
000D) tls_extensions+="TLS server extension \"signature algorithms\" (id=13), len=$extension_len\n" ;;
|
||||
000E) tls_extensions+="TLS server extension \"use SRTP\" (id=14), len=$extension_len\n" ;;
|
||||
000F) tls_extensions+="TLS server extension \"heartbeat\" (id=15), len=$extension_len\n" ;;
|
||||
0010) tls_extensions+="TLS server extension \"application layer protocol negotiation\" (id=16), len=$extension_len\n"
|
||||
if [[ $extension_len -lt 4 ]]; then
|
||||
debugme echo "Malformed application layer protocol negotiation extension."
|
||||
return 1
|
||||
@ -7844,24 +7793,24 @@ parse_tls_serverhello() {
|
||||
echo "" >> $TMPFILE
|
||||
echo "===============================================================================" >> $TMPFILE
|
||||
;;
|
||||
0011) tls_extensions+=" \"certificate status version 2/#17\"" ;;
|
||||
0012) tls_extensions+=" \"signed certificate timestamps/#18\"" ;;
|
||||
0013) tls_extensions+=" \"client certificate type/#19\"" ;;
|
||||
0014) tls_extensions+=" \"server certificate type/#20\"" ;;
|
||||
0015) tls_extensions+=" \"TLS padding/#21\"" ;;
|
||||
0016) tls_extensions+=" \"encrypt-then-mac/#22\"" ;;
|
||||
0017) tls_extensions+=" \"extended master secret/#23\"" ;;
|
||||
0018) tls_extensions+=" \"token binding/#24\"" ;;
|
||||
0019) tls_extensions+=" \"cached info/#25\"" ;;
|
||||
0023) tls_extensions+=" \"session ticket/#35\"" ;;
|
||||
0028) tls_extensions+=" \"key share/#40\"" ;;
|
||||
0029) tls_extensions+=" \"pre-shared key/#41\"" ;;
|
||||
002A) tls_extensions+=" \"early data/#42\"" ;;
|
||||
002B) tls_extensions+=" \"supported versions/#43\"" ;;
|
||||
002C) tls_extensions+=" \"cookie/#44\"" ;;
|
||||
002D) tls_extensions+=" \"psk key exchange modes/#45\"" ;;
|
||||
002E) tls_extensions+=" \"ticket early data info/#46\"" ;;
|
||||
3374) tls_extensions+=" \"next protocol/#13172\""
|
||||
0011) tls_extensions+="TLS server extension \"certificate status version 2\" (id=17), len=$extension_len\n" ;;
|
||||
0012) tls_extensions+="TLS server extension \"signed certificate timestamps\" (id=18), len=$extension_len\n" ;;
|
||||
0013) tls_extensions+="TLS server extension \"client certificate type\" (id=19), len=$extension_len\n" ;;
|
||||
0014) tls_extensions+="TLS server extension \"server certificate type\" (id=20), len=$extension_len\n" ;;
|
||||
0015) tls_extensions+="TLS server extension \"TLS padding\" (id=21), len=$extension_len\n" ;;
|
||||
0016) tls_extensions+="TLS server extension \"encrypt-then-mac\" (id=22), len=$extension_len\n" ;;
|
||||
0017) tls_extensions+="TLS server extension \"extended master secret\" (id=23), len=$extension_len\n" ;;
|
||||
0018) tls_extensions+="TLS server extension \"token binding\" (id=24), len=$extension_len\n" ;;
|
||||
0019) tls_extensions+="TLS server extension \"cached info\" (id=25), len=$extension_len\n" ;;
|
||||
0023) tls_extensions+="TLS server extension \"session ticket\" (id=35), len=$extension_len\n" ;;
|
||||
0028) tls_extensions+="TLS server extension \"key share\" (id=40), len=$extension_len\n" ;;
|
||||
0029) tls_extensions+="TLS server extension \"pre-shared key\" (id=41), len=$extension_len\n" ;;
|
||||
002A) tls_extensions+="TLS server extension \"early data\" (id=42), len=$extension_len\n" ;;
|
||||
002B) tls_extensions+="TLS server extension \"supported versions\" (id=43), len=$extension_len\n" ;;
|
||||
002C) tls_extensions+="TLS server extension \"cookie\" (id=44), len=$extension_len\n" ;;
|
||||
002D) tls_extensions+="TLS server extension \"psk key exchange modes\" (id=45), len=$extension_len\n" ;;
|
||||
002E) tls_extensions+="TLS server extension \"ticket early data info\" (id=46), len=$extension_len\n" ;;
|
||||
3374) tls_extensions+="TLS server extension \"next protocol\" (id=13172), len=$extension_len\n"
|
||||
local -i protocol_len
|
||||
echo -n "Protocols advertised by server: " >> $TMPFILE
|
||||
let offset=$extns_offset+12+$i
|
||||
@ -7883,8 +7832,8 @@ parse_tls_serverhello() {
|
||||
echo "" >> $TMPFILE
|
||||
echo "===============================================================================" >> $TMPFILE
|
||||
;;
|
||||
FF01) tls_extensions+=" \"renegotiation info/#65281\"" ;;
|
||||
*) tls_extensions+=" \"unrecognized extension/#$(printf "%d\n\n" "0x$extension_type")\"" ;;
|
||||
FF01) tls_extensions+="TLS server extension \"renegotiation info\" (id=65281), len=$extension_len\n" ;;
|
||||
*) tls_extensions+="TLS server extension \"unrecognized extension\" (id=$(printf "%d\n\n" "0x$extension_type")), len=$extension_len\n" ;;
|
||||
esac
|
||||
done
|
||||
fi
|
||||
@ -7914,7 +7863,7 @@ parse_tls_serverhello() {
|
||||
esac
|
||||
echo "===============================================================================" >> $TMPFILE
|
||||
fi
|
||||
[[ -n "$tls_extensions" ]] && echo "TLS Extensions: ${tls_extensions:1}" >> $TMPFILE
|
||||
[[ -n "$tls_extensions" ]] && echo -e "$tls_extensions" >> $TMPFILE
|
||||
|
||||
if [[ $DEBUG -ge 2 ]]; then
|
||||
echo "TLS server hello message:"
|
||||
@ -7937,7 +7886,12 @@ parse_tls_serverhello() {
|
||||
esac
|
||||
fi
|
||||
if [[ -n "$tls_extensions" ]]; then
|
||||
echo " tls_extensions: ${tls_extensions:1}"
|
||||
echo -n " tls_extensions: "
|
||||
newline_to_spaces "$(grep -a 'TLS server extension ' $TMPFILE | \
|
||||
sed -e 's/TLS server extension //g' -e 's/\" (id=/\/#/g' \
|
||||
-e 's/,.*$/,/g' -e 's/),$/\"/g' \
|
||||
-e 's/elliptic curves\/#10/supported_groups\/#10/g')"
|
||||
echo ""
|
||||
if [[ "$tls_extensions" =~ "application layer protocol negotiation" ]]; then
|
||||
echo " ALPN protocol: $(grep "ALPN protocol:" "$TMPFILE" | sed 's/ALPN protocol: //')"
|
||||
fi
|
||||
@ -8315,7 +8269,7 @@ socksend_tls_clienthello() {
|
||||
local extension_session_ticket extension_next_protocol extension_padding
|
||||
local extension_supported_groups="" extension_supported_point_formats=""
|
||||
local extra_extensions extra_extensions_list=""
|
||||
local offer_compression=false compression_metods
|
||||
local offer_compression=false compression_methods
|
||||
|
||||
# TLSv1.3 ClientHello messages MUST specify only the NULL compression method.
|
||||
[[ "$4" == "true" ]] && [[ "0x$tls_low_byte" -le "0x03" ]] && offer_compression=true
|
||||
@ -8415,7 +8369,7 @@ socksend_tls_clienthello() {
|
||||
# Each extension should appear in the ClientHello at most once. So,
|
||||
# find out what extensions were provided as an argument and only use
|
||||
# the provided values for those extensions.
|
||||
extra_extensions="$(echo "$3" | tr 'A-Z' 'a-z')"
|
||||
extra_extensions="$(tolower "$3")"
|
||||
code2network "$extra_extensions"
|
||||
len_all=${#extra_extensions}
|
||||
for (( i=0; i < len_all; i=i+16+4*0x$len_extension_hex )); do
|
||||
@ -8530,9 +8484,9 @@ socksend_tls_clienthello() {
|
||||
|
||||
if "$offer_compression"; then
|
||||
# See http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml#comp-meth-ids-2
|
||||
compression_metods="03,01,40,00" # Offer NULL, DEFLATE, and LZS compression
|
||||
compression_methods="03,01,40,00" # Offer NULL, DEFLATE, and LZS compression
|
||||
else
|
||||
compression_metods="01,00" # Only offer NULL compression (0x00)
|
||||
compression_methods="01,00" # Only offer NULL compression (0x00)
|
||||
fi
|
||||
|
||||
TLS_CLIENT_HELLO="
|
||||
@ -8551,7 +8505,7 @@ socksend_tls_clienthello() {
|
||||
,00 # Session ID length
|
||||
,$len_ciph_suites_word # Cipher suites length
|
||||
,$cipher_suites
|
||||
,$compression_metods"
|
||||
,$compression_methods"
|
||||
|
||||
fd_socket 5 || return 6
|
||||
|
||||
@ -10771,7 +10725,7 @@ file output options (can also be preset via environment variables):
|
||||
--htmlfile <htmlfile> additional output as HTML to the specifed file
|
||||
--hints additional hints to findings
|
||||
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
|
||||
--append if <csvfile> or <jsonfile> exists rather append then overwrite
|
||||
--append if <logfile>, <csvfile> or <jsonfile> exists rather append then overwrite
|
||||
|
||||
|
||||
Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
|
||||
@ -10794,7 +10748,6 @@ maketempf() {
|
||||
}
|
||||
|
||||
prepare_debug() {
|
||||
local hexc mac ossl_ciph ossl_supported_tls="" ossl_supported_sslv2=""
|
||||
if [[ $DEBUG -ne 0 ]]; then
|
||||
cat >$TEMPDIR/environment.txt << EOF
|
||||
|
||||
@ -10872,6 +10825,12 @@ EOF
|
||||
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' &>$TEMPDIR/all_local_ciphers.txt
|
||||
fi
|
||||
# see also $TEMPDIR/s_client_has.txt from find_openssl_binary
|
||||
}
|
||||
|
||||
|
||||
prepare_arrays() {
|
||||
local hexc mac ossl_ciph
|
||||
local ossl_supported_tls="" ossl_supported_sslv2=""
|
||||
|
||||
if [[ -e $CIPHERS_BY_STRENGTH_FILE ]]; then
|
||||
"$HAS_SSL2" && ossl_supported_sslv2="$($OPENSSL ciphers -ssl2 -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE)"
|
||||
@ -10969,6 +10928,8 @@ cleanup () {
|
||||
outln
|
||||
"$APPEND" || fileout_footer
|
||||
html_footer
|
||||
# debugging off, see above
|
||||
grep -q xtrace <<< "$SHELLOPTS" && exec 2>&42 42>&-
|
||||
}
|
||||
|
||||
fatal() {
|
||||
@ -11048,14 +11009,14 @@ parse_hn_port() {
|
||||
|
||||
NODE="$1"
|
||||
# strip "https" and trailing urlpath supposed it was supplied additionally
|
||||
echo "$NODE" | grep -q 'https://' && NODE=$(echo "$NODE" | sed -e 's/^https\:\/\///')
|
||||
grep -q 'https://' <<< "$NODE" && NODE=$(sed -e 's/^https\:\/\///' <<< "$NODE")
|
||||
|
||||
# strip trailing urlpath
|
||||
NODE=$(echo "$NODE" | sed -e 's/\/.*$//')
|
||||
NODE=$(sed -e 's/\/.*$//' <<< "$NODE")
|
||||
|
||||
# if there's a trailing ':' probably a starttls/application protocol was specified
|
||||
if grep -q ':$' <<< $NODE; then
|
||||
if grep -wq http <<< $NODE; then
|
||||
if grep -q ':$' <<< "$NODE"; then
|
||||
if grep -wq http <<< "$NODE"; then
|
||||
fatal "\"http\" is not what you meant probably" 1
|
||||
else
|
||||
fatal "\"$1\" is not a valid URI" 1
|
||||
@ -11073,14 +11034,14 @@ parse_hn_port() {
|
||||
NODE=$(sed -e 's/\[//' -e 's/\]//' <<< "$NODE")
|
||||
else
|
||||
# determine v4 port, supposed it was supplied additionally
|
||||
echo "$NODE" | grep -q ':' && \
|
||||
PORT=$(echo "$NODE" | sed 's/^.*\://') && NODE=$(echo "$NODE" | sed 's/\:.*$//')
|
||||
grep -q ':' <<< "$NODE" && \
|
||||
PORT=$(sed 's/^.*\://' <<< "$NODE") && NODE=$(sed 's/\:.*$//' <<< "$NODE")
|
||||
fi
|
||||
debugme echo $NODE:$PORT
|
||||
SNI="-servername $NODE"
|
||||
|
||||
URL_PATH=$(echo "$1" | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
||||
URL_PATH=$(echo "$URL_PATH" | sed 's/\/\//\//g') # we rather want // -> /
|
||||
URL_PATH=$(sed 's/https:\/\///' <<< "$1" | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
||||
URL_PATH=$(sed 's/\/\//\//g' <<< "$URL_PATH") # we rather want // -> /
|
||||
[[ -z "$URL_PATH" ]] && URL_PATH="/"
|
||||
debugme echo $URL_PATH
|
||||
return 0 # NODE, URL_PATH, PORT is set now
|
||||
@ -11092,7 +11053,7 @@ parse_hn_port() {
|
||||
prepare_logging() {
|
||||
local fname_prefix="$1"
|
||||
|
||||
[[ -z "$fname_prefix" ]] && fname_prefix="$NODE"_"$PORT"
|
||||
[[ -z "$fname_prefix" ]] && fname_prefix="${NODE}"_p"${PORT}"
|
||||
|
||||
if "$do_logging"; then
|
||||
if [[ -z "$LOGFILE" ]]; then
|
||||
@ -11103,6 +11064,7 @@ prepare_logging() {
|
||||
else
|
||||
: # just for clarity: a log file was specified, no need to do anything else
|
||||
fi
|
||||
[[ -e $LOGFILE ]] && fatal "\"$LOGFILE\" exists. Either use \"--append\" or (re)move it" 1
|
||||
>$LOGFILE
|
||||
tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>${LOGFILE}
|
||||
tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>${LOGFILE}
|
||||
@ -11130,7 +11092,6 @@ prepare_logging() {
|
||||
fi
|
||||
fi
|
||||
fileout_header # write out any CSV/JSON header line
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -11675,7 +11636,14 @@ display_rdns_etc() {
|
||||
}
|
||||
|
||||
datebanner() {
|
||||
local scan_time_f=""
|
||||
|
||||
if [[ "$1" =~ Done ]] ; then
|
||||
scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows
|
||||
pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $NODEIP:$PORT ($NODE) <<--"
|
||||
else
|
||||
pr_reverse "$1 $(date +%F) $(date +%T) -->> $NODEIP:$PORT ($NODE) <<--"
|
||||
fi
|
||||
outln "\n"
|
||||
[[ "$1" =~ Start ]] && display_rdns_etc
|
||||
}
|
||||
@ -11888,7 +11856,7 @@ parse_opt_equal_sign() {
|
||||
echo ${1#*=}
|
||||
return 1 # = means we don't need to shift args!
|
||||
else
|
||||
echo $2
|
||||
echo "$2"
|
||||
return 0 # we need to shift
|
||||
fi
|
||||
}
|
||||
@ -12283,42 +12251,60 @@ reset_hostdepended_vars() {
|
||||
SERVER_SIZE_LIMIT_BUG=false
|
||||
}
|
||||
|
||||
# rough estimate, in the future we maybe want to make use of nano secs (%N)
|
||||
# note this is for performance debugging purposes (MEASURE_TIME=yes), so eye candy is not important
|
||||
time_right_align() {
|
||||
local new_delta
|
||||
|
||||
"$MEASURE_TIME" || return
|
||||
new_delta=$(( $(date +%s) - LAST_TIME ))
|
||||
printf "%${COLUMNS}s" "$new_delta"
|
||||
[[ -e "$MEASURE_TIME_FILE" ]] && echo "$1 : $new_delta " >> $MEASURE_TIME_FILE
|
||||
LAST_TIME=$(( $new_delta + LAST_TIME ))
|
||||
}
|
||||
|
||||
lets_roll() {
|
||||
local ret
|
||||
local section_number=1
|
||||
|
||||
if [[ "$1" == init ]]; then
|
||||
# called once upfront to be able to measure preperation time b4 everything starts
|
||||
START_TIME=$(date +%s)
|
||||
LAST_TIME=$START_TIME
|
||||
[[ -n "$MEASURE_TIME_FILE" ]] && >$MEASURE_TIME_FILE
|
||||
return 0
|
||||
fi
|
||||
time_right_align initialized
|
||||
|
||||
[[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" 2
|
||||
nodeip_to_proper_ip6
|
||||
reset_hostdepended_vars
|
||||
determine_rdns
|
||||
|
||||
START_TIME=$(date +%s)
|
||||
|
||||
((SERVER_COUNTER++))
|
||||
determine_service "$1" # any starttls service goes here
|
||||
|
||||
$do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets "" "true"; echo "$?" ; exit 0; }
|
||||
$do_tls_sockets && [[ $TLS_LOW_BYTE -ne 22 ]] && { tls_sockets "$TLS_LOW_BYTE" "$HEX_CIPHER" "all"; echo "$?" ; exit 0; }
|
||||
$do_test_just_one && test_just_one ${single_cipher}
|
||||
$do_test_just_one && test_just_one ${single_cipher} && time_right_align
|
||||
|
||||
# all top level functions now following have the prefix "run_"
|
||||
fileout_section_header $section_number false && ((section_number++))
|
||||
$do_protocols && { run_protocols; ret=$(($? + ret)); }
|
||||
$do_spdy && { run_spdy; ret=$(($? + ret)); }
|
||||
$do_http2 && { run_http2; ret=$(($? + ret)); }
|
||||
$do_protocols && { run_protocols; ret=$(($? + ret)); time_right_align run_protocols; }
|
||||
$do_spdy && { run_spdy; ret=$(($? + ret)); time_right_align run_spdy; }
|
||||
$do_http2 && { run_http2; ret=$(($? + ret)); time_right_align run_http2; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_std_cipherlists && { run_std_cipherlists; ret=$(($? + ret)); }
|
||||
$do_std_cipherlists && { run_std_cipherlists; ret=$(($? + ret)); time_right_align run_std_cipherlists; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_pfs && { run_pfs; ret=$(($? + ret)); }
|
||||
$do_pfs && { run_pfs; ret=$(($? + ret)); time_right_align run_pfs; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_server_preference && { run_server_preference; ret=$(($? + ret)); }
|
||||
$do_server_preference && { run_server_preference; ret=$(($? + ret)); time_right_align run_server_preference; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_server_defaults && { run_server_defaults; ret=$(($? + ret)); }
|
||||
$do_server_defaults && { run_server_defaults; ret=$(($? + ret)); time_right_align run_server_defaults; }
|
||||
|
||||
if $do_header; then
|
||||
#TODO: refactor this into functions
|
||||
@ -12333,6 +12319,7 @@ lets_roll() {
|
||||
run_cookie_flags "$URL_PATH"
|
||||
run_more_flags "$URL_PATH"
|
||||
run_rp_banner "$URL_PATH"
|
||||
time_right_align do_header
|
||||
fi
|
||||
else
|
||||
((section_number++))
|
||||
@ -12345,34 +12332,38 @@ lets_roll() {
|
||||
fi
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_heartbleed && { run_heartbleed; ret=$(($? + ret)); }
|
||||
$do_ccs_injection && { run_ccs_injection; ret=$(($? + ret)); }
|
||||
$do_renego && { run_renego; ret=$(($? + ret)); }
|
||||
$do_crime && { run_crime; ret=$(($? + ret)); }
|
||||
$do_breach && { run_breach "$URL_PATH" ; ret=$(($? + ret)); }
|
||||
$do_ssl_poodle && { run_ssl_poodle; ret=$(($? + ret)); }
|
||||
$do_tls_fallback_scsv && { run_tls_fallback_scsv; ret=$(($? + ret)); }
|
||||
$do_sweet32 && { run_sweet32; ret=$(($? + ret)); }
|
||||
$do_freak && { run_freak; ret=$(($? + ret)); }
|
||||
$do_drown && { run_drown ret=$(($? + ret)); }
|
||||
$do_logjam && { run_logjam; ret=$(($? + ret)); }
|
||||
$do_beast && { run_beast; ret=$(($? + ret)); }
|
||||
$do_lucky13 && { run_lucky13; ret=$(($? + ret)); }
|
||||
$do_rc4 && { run_rc4; ret=$(($? + ret)); }
|
||||
$do_heartbleed && { run_heartbleed; ret=$(($? + ret)); time_right_align run_heartbleed; }
|
||||
$do_ccs_injection && { run_ccs_injection; ret=$(($? + ret)); time_right_align run_ccs_injection; }
|
||||
$do_renego && { run_renego; ret=$(($? + ret)); time_right_align run_renego; }
|
||||
$do_crime && { run_crime; ret=$(($? + ret)); time_right_align run_crime; }
|
||||
$do_breach && { run_breach "$URL_PATH" ; ret=$(($? + ret)); time_right_align run_breach; }
|
||||
$do_ssl_poodle && { run_ssl_poodle; ret=$(($? + ret)); time_right_align run_ssl_poodle; }
|
||||
$do_tls_fallback_scsv && { run_tls_fallback_scsv; ret=$(($? + ret)); time_right_align run_tls_fallback_scsv; }
|
||||
$do_sweet32 && { run_sweet32; ret=$(($? + ret)); time_right_align run_sweet32; }
|
||||
$do_freak && { run_freak; ret=$(($? + ret)); time_right_align run_freak; }
|
||||
$do_drown && { run_drown ret=$(($? + ret)); time_right_align run_drown; }
|
||||
$do_logjam && { run_logjam; ret=$(($? + ret)); time_right_align run_logjam; }
|
||||
$do_beast && { run_beast; ret=$(($? + ret)); time_right_align run_beast; }
|
||||
$do_lucky13 && { run_lucky13; ret=$(($? + ret)); time_right_align run_lucky13; }
|
||||
$do_rc4 && { run_rc4; ret=$(($? + ret)); time_right_align run_rc4; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_allciphers && { run_allciphers; ret=$(($? + ret)); }
|
||||
$do_cipher_per_proto && { run_cipher_per_proto; ret=$(($? + ret)); }
|
||||
$do_allciphers && { run_allciphers; ret=$(($? + ret)); time_right_align run_allciphers; }
|
||||
$do_cipher_per_proto && { run_cipher_per_proto; ret=$(($? + ret)); time_right_align run_cipher_per_proto; }
|
||||
|
||||
fileout_section_header $section_number true && ((section_number++))
|
||||
$do_client_simulation && { run_client_simulation; ret=$(($? + ret)); }
|
||||
$do_client_simulation && { run_client_simulation; ret=$(($? + ret)); time_right_align run_client_simulation; }
|
||||
|
||||
fileout_section_footer true
|
||||
|
||||
outln
|
||||
END_TIME=$(date +%s)
|
||||
SCAN_TIME=$(( END_TIME - START_TIME ))
|
||||
datebanner " Done"
|
||||
|
||||
"$MEASURE_TIME" && printf "%${COLUMNS}s\n" "$SCAN_TIME"
|
||||
[[ -e "$MEASURE_TIME_FILE" ]] && echo "Total : $SCAN_TIME " >> $MEASURE_TIME_FILE
|
||||
|
||||
return $ret
|
||||
}
|
||||
|
||||
@ -12380,7 +12371,7 @@ lets_roll() {
|
||||
|
||||
################# main #################
|
||||
|
||||
|
||||
lets_roll init
|
||||
initialize_globals
|
||||
parse_cmd_line "$@"
|
||||
html_header
|
||||
@ -12389,6 +12380,7 @@ set_color_functions
|
||||
maketempf
|
||||
find_openssl_binary
|
||||
prepare_debug
|
||||
prepare_arrays
|
||||
mybanner
|
||||
check_proxy
|
||||
check4openssl_oldfarts
|
||||
@ -12404,6 +12396,7 @@ if $do_display_only; then
|
||||
fi
|
||||
|
||||
if $do_mass_testing; then
|
||||
prepare_logging
|
||||
run_mass_testing
|
||||
exit $?
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user