Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-09 20:22:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2905 from testssl/fix_2884

Browse Source 
Consistency for function ciphers_by_strength()
This commit is contained in:
Dirk Wetter
2025-09-30 15:53:34 +02:00
committed by GitHub
parent d66b67befe 78ecf53b67
commit d6decc7f79
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -4486,6 +4486,7 @@ run_allciphers() {
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad) # test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
# for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they # for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they
# are good or bad) and list them in order to encryption strength. # are good or bad) and list them in order to encryption strength.
#
ciphers_by_strength() { ciphers_by_strength() {
local proto="$1" proto_hex="$2" proto_text="$3" local proto="$1" proto_hex="$2" proto_text="$3"
local using_sockets="$4" wide="$5" serverpref_known="$6" local using_sockets="$4" wide="$5" serverpref_known="$6"
@ -4911,7 +4912,7 @@ run_cipher_per_proto() {
while read proto proto_hex proto_text; do while read proto proto_hex proto_text; do
pr_underline "$(printf -- "%b" "$proto_text")" pr_underline "$(printf -- "%b" "$proto_text")"
ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets" "true" "false" ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets" "true" "false"
done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3")" done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLSv1\n -tls1_1 02 TLSv1.1\n -tls1_2 03 TLSv1.2\n -tls1_3 04 TLSv1.3")"
return 0 return 0
#FIXME: no error condition #FIXME: no error condition
} }
@ -4930,6 +4931,7 @@ run_cipher_per_proto() {
# then either: # then either:
# 1) replace it with one corresponding to $SNI; or # 1) replace it with one corresponding to $SNI; or
# 2) remove it, if $SNI is empty # 2) remove it, if $SNI is empty
#
modify_clienthello() { modify_clienthello() {
local tls_handshake_ascii="$1" local tls_handshake_ascii="$1"
local new_key_share="$2" cookie="$3" local new_key_share="$2" cookie="$3"
@ -7321,7 +7323,7 @@ run_server_preference() {
if "$TLS13_ONLY" && ! "$has_tls13_cipher_order"; then if "$TLS13_ONLY" && ! "$has_tls13_cipher_order"; then
terminal_msg="no (TLS 1.3 only)" terminal_msg="no (TLS 1.3 only)"
limitedsense=" (limited sense as client will pick)" limitedsense=" (limited sense as client will pick)"
fileout_msg="not a cipher order for TLS 1.3 configured" fileout_msg="not a server cipher order for TLS 1.3 configured"
elif ! "$TLS13_ONLY" && [[ -z "$cipher2" ]]; then elif ! "$TLS13_ONLY" && [[ -z "$cipher2" ]]; then
pr_warning "unable to determine" pr_warning "unable to determine"
elif ! "$has_cipher_order" && ! "$has_tls13_cipher_order"; then elif ! "$has_cipher_order" && ! "$has_tls13_cipher_order"; then
@ -7329,7 +7331,7 @@ run_server_preference() {
terminal_msg="no (NOT ok)" terminal_msg="no (NOT ok)"
[[ "$fileout_rating" == INFO ]] && terminal_msg="no" [[ "$fileout_rating" == INFO ]] && terminal_msg="no"
limitedsense=" (limited sense as client will pick)" limitedsense=" (limited sense as client will pick)"
fileout_msg="NOT a cipher order configured" fileout_msg="NOT a server cipher order configured"
elif "$has_cipher_order" && ! "$has_tls13_cipher_order" && [[ "$default_proto" == TLSv1.3 ]]; then elif "$has_cipher_order" && ! "$has_tls13_cipher_order" && [[ "$default_proto" == TLSv1.3 ]]; then
if [[ $NO_CIPHER_ORDER_LEVEL -eq 5 ]]; then if [[ $NO_CIPHER_ORDER_LEVEL -eq 5 ]]; then
pr_svrty_good "yes (OK)"; out " -- only for < TLS 1.3" pr_svrty_good "yes (OK)"; out " -- only for < TLS 1.3"
@ -7404,6 +7406,7 @@ run_server_preference() {
} }
# arg1: true if the list that is returned does not need to be ordered by preference. # arg1: true if the list that is returned does not need to be ordered by preference.
#
check_tls12_pref() { check_tls12_pref() {
local unordered_list_ok="$1" local unordered_list_ok="$1"
local chacha20_ciphers="" non_chacha20_ciphers="" local chacha20_ciphers="" non_chacha20_ciphers=""
@ -7499,6 +7502,7 @@ check_tls12_pref() {
} }
# At the moment only called from run_server_preference() # At the moment only called from run_server_preference()
#
cipher_pref_check() { cipher_pref_check() {
local proto="$1" proto_hex="$2" proto_text="$3" local proto="$1" proto_hex="$2" proto_text="$3"
local using_sockets="$4" local using_sockets="$4"