diff --git a/utils/curves.bash b/utils/curves.bash new file mode 100755 index 0000000..6d62ad4 --- /dev/null +++ b/utils/curves.bash @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +# +# PoC for checking the ellipticale curves negotiated +# x448 and x25519 are missing, others are not supported +# License see testssl.sh + + +HN="$1" +[ -z "$HN" ] && HN=testssl.sh +for curve in $(bin/openssl.Linux.x86_64 ecparam -list_curves | awk -F':' '/:/ { print $1 }'); do + printf "$curve: " + #if bin/openssl.Linux.x86_64 s_client -curves $curve -connect $HN:443 -servername $HN /dev/null | grep -q "BEGIN CERTIFICATE" ; then + # echo 'YES' + #else + # echo '--' + #fi + if bin/openssl.Linux.x86_64 s_client -cipher ECDH -curves $curve -connect $HN:443 -servername $HN /dev/null | grep "Server Temp Key:" ; then + : + else + echo '--' + fi +done + +# vim:ts=5:sw=5:expandtab +# $Id: curves.bash,v 1.2 2016/07/08 09:39:27 dirkw Exp $ +