Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove fixes for run_rc4()

Browse Source
This commit is contained in:
David Cooper 2016-07-25 16:30:30 -04:00 committed by GitHub
parent b142962063
commit d2f1e15243
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -6951,7 +6951,7 @@ run_rc4() {
local hexcode dash rc4_cipher sslvers kx auth enc mac export
local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5"
local rc4_detected=""
local available="" addcmd=""
local available=""
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln
@ -6962,9 +6962,7 @@ run_rc4() {
fi
pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) "
[[ "$OPTIMAL_PROTO" == "-ssl2" ]] && addcmd="$OPTIMAL_PROTO"
[[ ! "$OPTIMAL_PROTO" =~ ssl ]] && addcmd="$SNI"
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $addcmd >$TMPFILE 2>$ERRFILE </dev/null
$OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE </dev/null
if sclient_connect_successful $? $TMPFILE; then
"$WIDE" || pr_svrty_high "VULNERABLE (NOT ok): "
rc4_offered=1
@ -6973,11 +6971,7 @@ run_rc4() {
neat_header
fi
while read hexcode dash rc4_cipher sslvers kx auth enc mac; do
if [[ "$sslvers" == "SSLv2" ]]; then
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 </dev/null >$TMPFILE 2>$ERRFILE
else
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
fi
$OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? $TMPFILE
sclient_success=$? # here we may have a fp with openssl < 1.0, TBC
if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then