diff --git a/testssl.sh b/testssl.sh index 55f71fb..e32259a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2630,7 +2630,7 @@ run_cipher_match(){ [[ -z "$ciphers_to_test" ]] && break $OPENSSL s_client $addcmd -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE >$ERRFILE >$TMPFILE if sclient_connect_successful $? $TMPFILE ; then - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + cipher=$(get_cipher $TMPFILE) order+=" $cipher" tested_cipher="$tested_cipher:-$cipher" nr_ciphers_found_r1+=1 @@ -4510,7 +4510,7 @@ check_tls12_pref() { $OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI >$ERRFILE >$TMPFILE if sclient_connect_successful $? $TMPFILE ; then batchremoved_success=true # signals that we have some of those ciphers and need to put everything together later on - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + cipher=$(get_cipher $TMPFILE) order+=" $cipher" batchremoved="$batchremoved:-$cipher" nr_ciphers_found_r1+=1 @@ -4531,7 +4531,7 @@ check_tls12_pref() { while true; do $OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI >$ERRFILE >$TMPFILE if sclient_connect_successful $? $TMPFILE ; then - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + cipher=$(get_cipher $TMPFILE) order+=" $cipher" tested_cipher="$tested_cipher:-$cipher" nr_ciphers_found_r2+=1 @@ -4602,7 +4602,7 @@ cipher_pref_check() { while true; do $OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:COMPLEMENTOFALL$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni >$ERRFILE >$TMPFILE sclient_connect_successful $? $TMPFILE || break - cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE) + cipher=$(get_cipher $TMPFILE) [[ -z "$cipher" ]] && break order+="$cipher " tested_cipher+=":-"$cipher @@ -4666,7 +4666,7 @@ cipher_pref_check() { [[ -z "$ciphers_to_test" ]] && break tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey" [[ $? -ne 0 ]] && break - cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") + cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do [[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break done @@ -4717,14 +4717,14 @@ cipher_pref_check() { [[ -z "$ciphers_to_test" ]] && break tls_sockets "$proto_hex" "${ciphers_to_test:2}, 00,ff" "ephemeralkey" [[ $? -ne 0 ]] && break - cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") + cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") for (( i=0; i < nr_ciphers; i++ )); do [[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break done if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then cipher="$(rfc2openssl "$cipher")" # If there is no OpenSSL name for the cipher, then use the RFC name - [[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") + [[ -z "$cipher" ]] && cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt") fi order+="$cipher " done @@ -6255,7 +6255,7 @@ run_pfs() { [[ -z "$ciphers_to_test" ]] && break $OPENSSL s_client -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI &>$TMPFILE $TMPFILE 2>>$ERRFILE $TMPFILE 2>$ERRFILE