Print unsupported ciphers in light grey

This PR changes testssl.sh so that when ciphers are being listed in wide mode (i.e., using `neat_list()`) and the `--show-each` option is set, ciphers that are not available are printed in light grey, whereas ciphers that are available continue to be printed in black. This makes it easier to distinguish between ciphers that are available and those that are not (the "available/"not a/v" column remains).

This PR does not change the way that ciphers that are available are printed, but it includes a hook that would allow that to change. For example, for ciphers that are available, the name of the cipher suite could be printed in a different color depending on its quality (as is done for the "Negotiated cipher" in `run_server_preference()`). The same could be done for the "Encryption" and "Bits" columns.
This commit is contained in:
David Cooper 2017-01-25 10:41:36 -05:00 committed by GitHub
parent 0bb792225e
commit d47601f413
1 changed files with 56 additions and 12 deletions

View File

@ -2187,10 +2187,14 @@ neat_header(){
# arg2: cipher in openssl notation # arg2: cipher in openssl notation
# arg3: keyexchange # arg3: keyexchange
# arg4: encryption (maybe included "export") # arg4: encryption (maybe included "export")
# arg5: "true" if the cipher's "quality" should be highlighted
# "false" if the line should be printed in light grey
# empty if line should be printed in black
neat_list(){ neat_list(){
local hexcode="$1" local hexcode="$1"
local ossl_cipher="$2" tls_cipher="" local ossl_cipher="$2" tls_cipher=""
local kx enc strength local kx enc strength
local -i i str_len
kx="${3//Kx=/}" kx="${3//Kx=/}"
enc="${4//Enc=/}" enc="${4//Enc=/}"
@ -2217,6 +2221,46 @@ neat_list(){
kx="$kx " kx="$kx "
done done
fi fi
if [[ -n "$5" ]]; then
# FIXME: When $5 is true, highlight ciphers based on quality.
if [[ "$5" == "false" ]]; then
str_len=${#hexcode}
hexcode="$(pr_litegrey "$hexcode")"
for (( i=str_len; i < 7; i++ )); do
hexcode+=" "
done
str_len=${#kx}
kx="$(pr_litegrey "$kx")"
for (( i=str_len; i < 10; i++ )); do
kx+=" "
done
str_len=${#enc}
enc="$(pr_litegrey "$enc")"
for (( i=str_len; i < 10; i++ )); do
enc+=" "
done
str_len=${#strength}
strength="$(pr_litegrey "$strength")"
for (( i=str_len; i < 8; i++ )); do
strength+=" "
done
str_len=${#tls_cipher}
tls_cipher="$(pr_litegrey "$tls_cipher")"
for (( i=str_len; i < 49; i++ )); do
tls_cipher+=" "
done
str_len=${#ossl_cipher}
ossl_cipher="$(pr_litegrey "$ossl_cipher")"
for (( i=str_len; i < 33; i++ )); do
ossl_cipher+=" "
done
fi
fi
#echo "${#kx}" # should be always 20 / 13 #echo "${#kx}" # should be always 20 / 13
printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher" printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher"
} }
@ -2469,12 +2513,12 @@ test_just_one(){
for (( i=0; i < nr_ciphers; i++ )); do for (( i=0; i < nr_ciphers; i++ )); do
export="${export2[i]}" export="${export2[i]}"
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
pr_cyan " available" pr_cyan " available"
fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") available" fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") available"
else else
out " not a/v" pr_litegrey " not a/v"
fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") not a/v" fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") not a/v"
fi fi
outln outln
@ -2720,7 +2764,7 @@ run_allciphers() {
for (( i=0 ; i<nr_ciphers; i++ )); do for (( i=0 ; i<nr_ciphers; i++ )); do
if "${ciphers_found[i]}" || ( "$SHOW_EACH_C" && ( "$using_sockets" || "${ossl_supported[i]}" ) ); then if "${ciphers_found[i]}" || ( "$SHOW_EACH_C" && ( "$using_sockets" || "${ossl_supported[i]}" ) ); then
export=${export2[i]} export=${export2[i]}
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
available="" available=""
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if ${ciphers_found[i]}; then if ${ciphers_found[i]}; then
@ -2728,7 +2772,7 @@ run_allciphers() {
pr_cyan "$available" pr_cyan "$available"
else else
available="not a/v" available="not a/v"
out "$available" pr_litegrey "$available"
fi fi
fi fi
outln "${sigalg[i]}" outln "${sigalg[i]}"
@ -3009,7 +3053,7 @@ run_cipher_per_proto() {
if "${ciphers_found[i]}" || "$SHOW_EACH_C"; then if "${ciphers_found[i]}" || "$SHOW_EACH_C"; then
export=${export2[i]} export=${export2[i]}
normalized_hexcode[i]="$(tolower "${normalized_hexcode[i]}")" normalized_hexcode[i]="$(tolower "${normalized_hexcode[i]}")"
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
available="" available=""
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
@ -3017,7 +3061,7 @@ run_cipher_per_proto() {
pr_cyan "$available" pr_cyan "$available"
else else
available="not a/v" available="not a/v"
out "$available" pr_litegrey "$available"
fi fi
fi fi
outln "${sigalg[i]}" outln "${sigalg[i]}"
@ -6607,12 +6651,12 @@ run_pfs() {
fi fi
fi fi
if "$WIDE"; then if "$WIDE"; then
neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if ${ciphers_found[i]}; then if ${ciphers_found[i]}; then
pr_done_best "available" pr_done_best "available"
else else
out "not a/v" pr_litegrey "not a/v"
fi fi
fi fi
outln "${sigalg[i]}" outln "${sigalg[i]}"
@ -10175,7 +10219,7 @@ run_beast(){
for (( i=0; i < nr_ciphers; i++ )); do for (( i=0; i < nr_ciphers; i++ )); do
if "${ciphers_found[i]}" || "$SHOW_EACH_C"; then if "${ciphers_found[i]}" || "$SHOW_EACH_C"; then
export="${export2[i]}" export="${export2[i]}"
neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
if [[ -n "$higher_proto_supported" ]]; then if [[ -n "$higher_proto_supported" ]]; then
@ -10184,7 +10228,7 @@ run_beast(){
pr_svrty_medium "available" pr_svrty_medium "available"
fi fi
else else
out "not a/v" pr_litegrey "not a/v"
fi fi
fi fi
outln "${sigalg[i]}" outln "${sigalg[i]}"
@ -10476,12 +10520,12 @@ run_rc4() {
if "$WIDE"; then if "$WIDE"; then
#FIXME: JSON+CSV in wide mode is missing #FIXME: JSON+CSV in wide mode is missing
export="${export2[i]}" export="${export2[i]}"
neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
if "$SHOW_EACH_C"; then if "$SHOW_EACH_C"; then
if "${ciphers_found[i]}"; then if "${ciphers_found[i]}"; then
pr_svrty_high "available" pr_svrty_high "available"
else else
out "not a/v" pr_litegrey "not a/v"
fi fi
fi fi
outln "${sigalg[i]}" outln "${sigalg[i]}"