From 49c023f27fc83f9527137e7846c3919e7c85e30c Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 28 Nov 2016 10:45:44 -0500 Subject: [PATCH] run_allciphers() bug fixes This PR fixes two minor bugs in run_allciphers(): * If `$SSL_NATIVE` or `$FAST` is `true`, then the cipher mapping file will not be used (unless `$OPENSSL ciphers` does not support the `-V` option), so there is no "fallback" to openssl, even if `[[ $TLS_NR_CIPHERS == 0 ]]`. * If `$using_sockets` is `false` and `$SHOW_EACH_C` is `true`, then `ossl_supported` should be checked to see if the cipher was tested, not `TLS_CIPHER_OSSL_SUPPORTED`. --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 884c143..9a0f39a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2321,9 +2321,9 @@ run_allciphers() { else pr_headlineln " Testing all $nr_ciphers_tested locally available ciphers against the server, ordered by encryption strength " outln - [[ $TLS_NR_CIPHERS == 0 ]] && pr_warning " Cipher mapping not available, doing a fallback to openssl" + [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl" if ! "$HAS_DH_BITS"; then - [[ $TLS_NR_CIPHERS == 0 ]] && out "." + [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && out "." pr_warningln " Your $OPENSSL cannot show DH/ECDH bits" fi fi @@ -2450,7 +2450,7 @@ run_allciphers() { done for (( i=0 ; i