mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 08:59:31 +01:00
introducing --fast for the impatient
This commit is contained in:
parent
37933d6fa1
commit
d4ed7466ce
18
testssl.sh
18
testssl.sh
@ -151,6 +151,7 @@ DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ ar
|
|||||||
# 4: display bytes sent via sockets
|
# 4: display bytes sent via sockets
|
||||||
# 5: display bytes received via sockets
|
# 5: display bytes received via sockets
|
||||||
# 6: whole 9 yards
|
# 6: whole 9 yards
|
||||||
|
FAST=${FAST:-false} # preference: show only first cipher, run_allciphers with openssl instead of sockets
|
||||||
WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc.
|
WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc.
|
||||||
LOGFILE=${LOGFILE:-""} # logfile if used
|
LOGFILE=${LOGFILE:-""} # logfile if used
|
||||||
JSONFILE=${JSONFILE:-""} # jsonfile if used
|
JSONFILE=${JSONFILE:-""} # jsonfile if used
|
||||||
@ -2038,9 +2039,8 @@ run_allciphers() {
|
|||||||
local has_dh_bits="$HAS_DH_BITS"
|
local has_dh_bits="$HAS_DH_BITS"
|
||||||
local using_sockets=true
|
local using_sockets=true
|
||||||
|
|
||||||
if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then
|
"$SSL_NATIVE" && using_sockets=false
|
||||||
using_sockets=false
|
"$FAST" && using_sockets=false
|
||||||
fi
|
|
||||||
|
|
||||||
if "$using_sockets"; then
|
if "$using_sockets"; then
|
||||||
# get a list of all the cipher suites to test (only need the hexcode, ciph, kx, enc, and export values)
|
# get a list of all the cipher suites to test (only need the hexcode, ciph, kx, enc, and export values)
|
||||||
@ -2065,7 +2065,6 @@ run_allciphers() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
nr_ciphers=$TLS_NR_CIPHERS
|
nr_ciphers=$TLS_NR_CIPHERS
|
||||||
|
|
||||||
sslv2_sockets "${sslv2_ciphers:2}" "true"
|
sslv2_sockets "${sslv2_ciphers:2}" "true"
|
||||||
if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then
|
if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then
|
||||||
sslv2_supported=true
|
sslv2_supported=true
|
||||||
@ -3888,7 +3887,7 @@ run_server_preference() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if $has_cipher_order; then
|
if "$has_cipher_order"; then
|
||||||
cipher1=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/^ \+Cipher \+://' -e 's/ //g')
|
cipher1=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/^ \+Cipher \+://' -e 's/ //g')
|
||||||
addcmd2=""
|
addcmd2=""
|
||||||
if [[ -n "$STARTTLS_OPTIMAL_PROTO" ]]; then
|
if [[ -n "$STARTTLS_OPTIMAL_PROTO" ]]; then
|
||||||
@ -4195,6 +4194,7 @@ cipher_pref_check() {
|
|||||||
out "$order"
|
out "$order"
|
||||||
else
|
else
|
||||||
out " $cipher" # this is the first cipher for protocol
|
out " $cipher" # this is the first cipher for protocol
|
||||||
|
if ! "$FAST"; then
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
@ -4205,6 +4205,7 @@ cipher_pref_check() {
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
[[ -z "$order" ]] || fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
|
[[ -z "$order" ]] || fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order"
|
||||||
done
|
done
|
||||||
outln
|
outln
|
||||||
@ -4220,6 +4221,7 @@ cipher_pref_check() {
|
|||||||
printf " %-10s %s " "$p:" "$cipher"
|
printf " %-10s %s " "$p:" "$cipher"
|
||||||
tested_cipher="-"$cipher
|
tested_cipher="-"$cipher
|
||||||
order="$cipher"
|
order="$cipher"
|
||||||
|
if ! "$FAST"; then
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
@ -4228,6 +4230,7 @@ cipher_pref_check() {
|
|||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
outln
|
outln
|
||||||
[[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order"
|
[[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order"
|
||||||
done
|
done
|
||||||
@ -8605,6 +8608,8 @@ single check as <options> ("$PROG_NAME URI" does everything except -E):
|
|||||||
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
|
||||||
|
|
||||||
tuning / connect options (most also can be preset via environment variables):
|
tuning / connect options (most also can be preset via environment variables):
|
||||||
|
--fast omits some checks: using openssl for all ciphers (-e), show only first
|
||||||
|
preferred cipher
|
||||||
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
|
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
|
||||||
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||||
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
||||||
@ -10197,6 +10202,9 @@ parse_cmd_line() {
|
|||||||
--show[-_]each)
|
--show[-_]each)
|
||||||
SHOW_EACH_C=true
|
SHOW_EACH_C=true
|
||||||
;;
|
;;
|
||||||
|
--fast)
|
||||||
|
FAST=true
|
||||||
|
;;
|
||||||
--bugs)
|
--bugs)
|
||||||
BUGS="-bugs"
|
BUGS="-bugs"
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user