mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
- BEAST now also works in wide mode
- renamed --long in --wide - added --show-each to help - inserted help
This commit is contained in:
parent
a76ca52c4c
commit
f9605c4f35
188
testssl.sh
188
testssl.sh
@ -779,6 +779,7 @@ normalize_ciphercode() {
|
|||||||
fi
|
fi
|
||||||
HEXC="$part1$part2$part3"
|
HEXC="$part1$part2$part3"
|
||||||
fi
|
fi
|
||||||
|
# FIXME: we shuld just echo this and avoid the global var HEXC
|
||||||
HEXC=$(echo $HEXC | tr 'A-Z' 'a-z' | sed 's/0x/x/') #tolower + strip leading 0
|
HEXC=$(echo $HEXC | tr 'A-Z' 'a-z' | sed 's/0x/x/') #tolower + strip leading 0
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -898,6 +899,11 @@ neat_header(){
|
|||||||
outln "%s-------------------------------------------------------------------------${MAP_RFC_FNAME:+----------------------------------------------}"
|
outln "%s-------------------------------------------------------------------------${MAP_RFC_FNAME:+----------------------------------------------}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# arg1: hexcode
|
||||||
|
# arg2: cipher in openssl notation
|
||||||
|
# arg3: keyexchange
|
||||||
|
# arg4: encryption (maybe included "export")
|
||||||
neat_list(){
|
neat_list(){
|
||||||
kx=$(echo "$3" | sed 's/Kx=//g')
|
kx=$(echo "$3" | sed 's/Kx=//g')
|
||||||
enc=$(echo $4 | sed 's/Enc=//g')
|
enc=$(echo $4 | sed 's/Enc=//g')
|
||||||
@ -1184,7 +1190,7 @@ run_std_cipherlists() {
|
|||||||
read_dhbits_from_file() {
|
read_dhbits_from_file() {
|
||||||
local bits what_dh
|
local bits what_dh
|
||||||
local add=""
|
local add=""
|
||||||
local old_fart=" (openssl too old to show DH bits)"
|
local old_fart=" (openssl is too old to show DH bits)"
|
||||||
|
|
||||||
if ! $HAS_DH_BITS; then
|
if ! $HAS_DH_BITS; then
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -1225,8 +1231,6 @@ read_dhbits_from_file() {
|
|||||||
else
|
else
|
||||||
out "$bits $add"
|
out "$bits $add"
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
pr_bold "FIXME: >$what_dh|$bits<"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
@ -1998,7 +2002,7 @@ sslv2_sockets() {
|
|||||||
if [[ "$lines" -gt 1 ]] ;then
|
if [[ "$lines" -gt 1 ]] ;then
|
||||||
ciphers_detected=$(($V2_HELLO_CIPHERSPEC_LENGTH / 3 ))
|
ciphers_detected=$(($V2_HELLO_CIPHERSPEC_LENGTH / 3 ))
|
||||||
if [ 0 -eq "$ciphers_detected" ] ; then
|
if [ 0 -eq "$ciphers_detected" ] ; then
|
||||||
pr_litered "supported but couldn't detect a cipher"; outln "(may need further attention)"
|
pr_litered "supported but couldn't detect a cipher"; outln " (may need further attention)"
|
||||||
else
|
else
|
||||||
pr_red "offered (NOT ok)"; outln " -- $ciphers_detected ciphers"
|
pr_red "offered (NOT ok)"; outln " -- $ciphers_detected ciphers"
|
||||||
fi
|
fi
|
||||||
@ -2709,51 +2713,80 @@ beast(){
|
|||||||
local detected_proto
|
local detected_proto
|
||||||
local detected_cbc_cipher=""
|
local detected_cbc_cipher=""
|
||||||
local higher_proto_supported=""
|
local higher_proto_supported=""
|
||||||
local -i ret=0
|
local openssl_ret=0
|
||||||
|
local vuln_beast=false
|
||||||
local spaces=" "
|
local spaces=" "
|
||||||
local cr=$'\n'
|
local cr=$'\n'
|
||||||
local first=true
|
local first=true
|
||||||
local continued=false
|
local continued=false
|
||||||
|
local cbc_cipher_list="SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA:PSK-AES256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RSA-PSK-AES128-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:RSA-PSK-3DES-EDE-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:ADH-DES-CBC-SHA:EXP1024-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DH-RSA-DES-CBC-SHA:EXP-DH-DSS-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5"
|
||||||
|
|
||||||
[ $VULN_COUNT -le $VULN_THRESHLD ] && outln && pr_blue "--> Testing for BEAST vulnerability" && outln "\n"
|
if [ $VULN_COUNT -le $VULN_THRESHLD ] || [ $LONG -eq 0 ] ; then
|
||||||
|
outln
|
||||||
|
pr_blue "--> Testing for BEAST vulnerability" && outln "\n"
|
||||||
|
fi
|
||||||
pr_bold " BEAST"; out " (CVE-2011-3389) "
|
pr_bold " BEAST"; out " (CVE-2011-3389) "
|
||||||
|
[[ $LONG -eq 0 ]] && outln
|
||||||
|
|
||||||
# 2) test handfull of common CBC ciphers
|
# 2) test handfull of common CBC ciphers
|
||||||
for proto in ssl3 tls1; do
|
for proto in ssl3 tls1; do
|
||||||
$OPENSSL s_client -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
|
$OPENSSL s_client -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then # protocol supported?
|
||||||
if $continued; then
|
if $continued; then # second round: we hit TLS1:
|
||||||
pr_litegreenln "no SSL3 or TLS1"
|
pr_litegreenln "no SSL3 or TLS1"
|
||||||
return 0
|
return 0
|
||||||
else
|
else # protocol not succeeded but it';s the first time
|
||||||
continued=true
|
continued=true
|
||||||
continue # protocol no supported, so we do not need to check each cipher with that protocol
|
continue # protocol no supported, so we do not need to check each cipher with that protocol
|
||||||
fi
|
fi
|
||||||
|
fi # protocol succeeded
|
||||||
|
# protocol with cbc_cipher check follows now
|
||||||
|
|
||||||
|
if [[ $LONG -eq 0 ]] ; then
|
||||||
|
outln "\n $(echo $proto | tr '[a-z]' '[A-Z]'):";
|
||||||
|
neat_header # NOTTHATNICE: we display the header also if in the end no cbc cipher is available on the client side
|
||||||
fi
|
fi
|
||||||
while read hexcode dash cbc_cipher sslvers kx auth enc mac export ; do
|
while read hexcode dash cbc_cipher sslvers kx auth enc mac; do
|
||||||
$OPENSSL s_client -cipher "$cbc_cipher" -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
|
$OPENSSL s_client -cipher "$cbc_cipher" -"$proto" $STARTTLS -connect $NODEIP:$PORT $SNI >$TMPFILE 2>/dev/null </dev/null
|
||||||
#normalize_ciphercode $hexcode
|
openssl_ret=$?
|
||||||
#neat_list $HEXC $ciph $kx $enc | grep -wai "$arg"
|
[[ $openssl_ret -eq 0 ]] && vuln_beast=true
|
||||||
if [ $? -eq 0 ]; then
|
if [ $LONG -eq 0 ]; then
|
||||||
detected_cbc_cipher="$detected_cbc_cipher ""$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')"
|
normalize_ciphercode $hexcode
|
||||||
|
if [[ "$SHOW_EACH_C" -ne 0 ]]; then
|
||||||
|
neat_list $HEXC $cbc_cipher $kx $enc
|
||||||
|
if [[ $openssl_ret -eq 0 ]]; then
|
||||||
|
pr_brownln "available"
|
||||||
|
else
|
||||||
|
outln "not a/v"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
[[ $openssl_ret -eq 0 ]] && neat_list $HEXC $cbc_cipher $kx $enc && outln
|
||||||
|
fi
|
||||||
|
else # short display:
|
||||||
|
if [ $openssl_ret -eq 0 ]; then
|
||||||
|
detected_cbc_cipher="$detected_cbc_cipher ""$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')"
|
||||||
|
vuln_beast=true
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
done < <($OPENSSL ciphers -V 'ALL:eNULL' | grep -a CBC) # -V doesn't work with openssl < 1.0
|
done < <($OPENSSL ciphers -V 'ALL:eNULL' | grep -a CBC) # -V doesn't work with openssl < 1.0
|
||||||
# ^^^^^ process substitution as shopt will either segfault or doesn't work with old bash versions
|
# ^^^^^ process substitution as shopt will either segfault or doesn't work with old bash versions
|
||||||
|
|
||||||
#detected_cbc_cipher=$(echo $detected_cbc_cipher | sed 's/ //g')
|
if [ $LONG -ne 0 ]; then
|
||||||
if [ -z "$detected_cbc_cipher" ]; then
|
if [ -n "$detected_cbc_cipher" ]; then
|
||||||
[[ $proto == "tls1" ]] && ! $first && printf "$spaces"
|
detected_cbc_cipher=$(echo "$detected_cbc_cipher" | sed -e "s/ /\\${cr} ${spaces}/9" -e "s/ /\\${cr} ${spaces}/6" -e "s/ /\\${cr} ${spaces}/3")
|
||||||
pr_litegreenln "no CBC ciphers for $(echo $proto | tr '[a-z]' '[A-Z]') (OK)"
|
! $first && out "$spaces"
|
||||||
first=false
|
out "$(echo $proto | tr '[a-z]' '[A-Z]'):"; pr_brownln "$detected_cbc_cipher"
|
||||||
|
detected_cbc_cipher="" # empty for next round
|
||||||
|
first=false
|
||||||
|
else
|
||||||
|
[[ $proto == "tls1" ]] && ! $first && printf "$spaces"
|
||||||
|
pr_litegreenln "no CBC ciphers for $(echo $proto | tr '[a-z]' '[A-Z]') (OK)"
|
||||||
|
first=false
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
detected_cbc_cipher=$(echo "$detected_cbc_cipher" | sed -e "s/ /\\${cr} ${spaces}/9" -e "s/ /\\${cr} ${spaces}/6" -e "s/ /\\${cr} ${spaces}/3")
|
$vuln_beast || pr_litegreenln " no CBC ciphers for $(echo $proto | tr '[a-z]' '[A-Z]') (OK)"
|
||||||
[ $ret -eq 1 ] && out "$spaces"
|
|
||||||
out "$(echo $proto | tr '[a-z]' '[A-Z]'):"; pr_brownln "$detected_cbc_cipher"
|
|
||||||
ret=1
|
|
||||||
detected_cbc_cipher=""
|
|
||||||
first=false
|
|
||||||
fi
|
fi
|
||||||
done
|
done # for proto in ssl3 tls1
|
||||||
|
|
||||||
# 2) support for TLS 1.1+1.2?
|
# 2) support for TLS 1.1+1.2?
|
||||||
for proto in tls1_1 tls1_2; do
|
for proto in tls1_1 tls1_2; do
|
||||||
@ -2762,14 +2795,22 @@ beast(){
|
|||||||
higher_proto_supported="$higher_proto_supported ""$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol .*://' -e 's/ //g')"
|
higher_proto_supported="$higher_proto_supported ""$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol .*://' -e 's/ //g')"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ $ret -eq 1 ] ; then
|
if $vuln_beast ; then
|
||||||
[ ! -z "$higher_proto_supported" ] && outln "${spaces}-- but also supports higher protocols (possible mitigation):$higher_proto_supported"
|
if [ ! -z "$higher_proto_supported" ] ; then
|
||||||
|
if [ $LONG -eq 0 ]; then
|
||||||
|
outln
|
||||||
|
pr_brown "VULNERABLE"
|
||||||
|
outln " -- but also supports higher protocols (possible mitigation):$higher_proto_supported"
|
||||||
|
else
|
||||||
|
outln "${spaces}-- but also supports higher protocols (possible mitigation):$higher_proto_supported"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# printf "For a full individual test of each CBC cipher suites support by your $OPENSSL run \"$0 -x CBC $NODE\"\n"
|
# printf "For a full individual test of each CBC cipher suites support by your $OPENSSL run \"$0 -x CBC $NODE\"\n"
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $ret
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
lucky13() {
|
lucky13() {
|
||||||
@ -2784,8 +2825,8 @@ lucky13() {
|
|||||||
# https://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks
|
# https://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks
|
||||||
# http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
|
# http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
|
||||||
rc4() {
|
rc4() {
|
||||||
local ret
|
local ret rc4_offered
|
||||||
local hexcode n ciph sslvers kx auth enc mac strength
|
local hexcode n ciph sslvers kx auth enc mac export
|
||||||
|
|
||||||
if [ $VULN_COUNT -le $VULN_THRESHLD ] || [ $LONG -eq 0 ] ; then
|
if [ $VULN_COUNT -le $VULN_THRESHLD ] || [ $LONG -eq 0 ] ; then
|
||||||
outln
|
outln
|
||||||
@ -2809,7 +2850,7 @@ rc4() {
|
|||||||
fi
|
fi
|
||||||
if [ $LONG -eq 0 ]; then
|
if [ $LONG -eq 0 ]; then
|
||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc $strength
|
neat_list $HEXC $ciph $kx $enc
|
||||||
if [[ "$SHOW_EACH_C" -ne 0 ]]; then
|
if [[ "$SHOW_EACH_C" -ne 0 ]]; then
|
||||||
if [[ $ret -eq 0 ]]; then
|
if [[ $ret -eq 0 ]]; then
|
||||||
pr_litered "available"
|
pr_litered "available"
|
||||||
@ -2931,57 +2972,58 @@ help() {
|
|||||||
|
|
||||||
$PROG_NAME <options>
|
$PROG_NAME <options>
|
||||||
|
|
||||||
<-h|--help> what you're looking at
|
<-h|--help> what you're looking at
|
||||||
<-b|--banner> displays banner + version of $PROG_NAME
|
<-b|--banner> displays banner + version of $PROG_NAME
|
||||||
<-v|--version> same as previous
|
<-v|--version> same as previous
|
||||||
<-V|--local> pretty print all local ciphers
|
<-V|--local> pretty print all local ciphers
|
||||||
<-V|--local> <pattern> what local cipher with <pattern> is a/v?
|
<-V|--local> <pattern> what local cipher with <pattern> is a/v?
|
||||||
|
|
||||||
$PROG_NAME <options> URI ("$PROG_NAME URI" does everything except ciphers per proto/each cipher)
|
$PROG_NAME <options> URI ("$PROG_NAME URI" does everything except ciphers per proto/each cipher)
|
||||||
|
|
||||||
<-e|--each-cipher> checks each local cipher remotely
|
<-e|--each-cipher> checks each local cipher remotely
|
||||||
<-E|--cipher-per-proto> checks those per protocol
|
<-E|--cipher-per-proto> checks those per protocol
|
||||||
<-f|--ciphers> checks common cipher suites
|
<-f|--ciphers> checks common cipher suites
|
||||||
<-p|--protocols> checks TLS/SSL protocols
|
<-p|--protocols> checks TLS/SSL protocols
|
||||||
<-S|--server_defaults> displays the servers default picks and certificate info
|
<-S|--server_defaults> displays the servers default picks and certificate info
|
||||||
<-P|--preference> displays the servers picks: protocol+cipher
|
<-P|--preference> displays the servers picks: protocol+cipher
|
||||||
<-y|--spdy|--npn> checks for SPDY/NPN
|
<-y|--spdy|--npn> checks for SPDY/NPN
|
||||||
<-x|--single-cipher> <pattern> tests matched <pattern> of cipher
|
<-x|--single-cipher> pattern tests matched <pattern> of cipher
|
||||||
<-U|--vulnerable> tests all vulnerabilities
|
<-U|--vulnerable> tests all vulnerabilities
|
||||||
<-B|--heartbleed> tests for heartbleed vulnerability
|
<-B|--heartbleed> tests for heartbleed vulnerability
|
||||||
<-I|--ccs|--ccs-injection> tests for CCS injection vulnerability
|
<-I|--ccs|--ccs-injection> tests for CCS injection vulnerability
|
||||||
<-R|--renegotiation> tests renegotiation vulnerabilities
|
<-R|--renegotiation> tests for renegotiation vulnerabilities
|
||||||
<-C|--compression|--crime> tests CRIME vulnerability
|
<-C|--compression|--crime> tests for CRIME vulnerability
|
||||||
<-T|--breach> tests BREACH vulnerability
|
<-T|--breach> tests for BREACH vulnerability
|
||||||
<-O|--poodle> tests for POODLE (SSL) vulnerability
|
<-O|--poodle> tests for POODLE (SSL) vulnerability
|
||||||
<-F|--freak> tests FREAK vulnerability
|
<-F|--freak> tests for FREAK vulnerability
|
||||||
<-A|--beast> tests BEAST vulnerability
|
<-A|--beast> tests for BEAST vulnerability
|
||||||
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
|
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
|
||||||
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
|
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
|
||||||
<-H|--header|--headers> tests HSTS, HPKP, server/app banner, security headers, cookie
|
<-H|--header|--headers> tests HSTS, HPKP, server/app banner, security headers, cookie
|
||||||
|
|
||||||
special invocations:
|
special invocations:
|
||||||
|
|
||||||
<-t|--starttls> protocol does a default run against a STARTTLS enabled service
|
<-t|--starttls> protocol does a default run against a STARTTLS enabled service
|
||||||
<--mx> domain/host tests MX records from high to low priority (STARTTLS, port 25)
|
<--mx> domain/host tests MX records from high to low priority (STARTTLS, port 25)
|
||||||
|
|
||||||
|
|
||||||
partly mandatory parameters:
|
partly mandatory parameters:
|
||||||
|
|
||||||
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
|
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
|
||||||
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
|
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
|
||||||
protocol is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl)
|
protocol is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap (for the latter two you need e.g. the supplied openssl)
|
||||||
|
|
||||||
tuning options:
|
tuning options:
|
||||||
|
|
||||||
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||||
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
||||||
--openssl <PATH> use this openssl binary (default: look in \$PATH, RUN_DIR of $PROG_NAME
|
--openssl <PATH> use this openssl binary (default: look in \$PATH, RUN_DIR of $PROG_NAME
|
||||||
--sneaky be less verbose wrt referer headers
|
--sneaky be less verbose wrt referer headers
|
||||||
--long wide output for tests like RC4 also with hexcode, kx, strength
|
--wide wide output for tests like RC4, BEAST. also with hexcode, kx, strength
|
||||||
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off|false" skips connection warning
|
--show-each for each wide output (see --wide, -V, -x, e, -E): display all ciphers not only succeeded ones
|
||||||
--color 0: no escape or other codes 1: b/w escape codes 2: color (default)
|
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off|false" skips connection warning
|
||||||
--debug 1: screen output normal but debug output in itemp files. 2-6: see line ~60
|
--color 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
|
||||||
|
--debug 1: screen output normal but debug output in itemp files. 2-6: see line ~60
|
||||||
|
|
||||||
|
|
||||||
Need HTML output? Just pipe through "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like
|
Need HTML output? Just pipe through "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like
|
||||||
@ -3546,7 +3588,7 @@ startup() {
|
|||||||
shift
|
shift
|
||||||
do_tls_sockets=true
|
do_tls_sockets=true
|
||||||
outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}" ;;
|
outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}" ;;
|
||||||
--long) LONG=0 ;;
|
--wide) LONG=0 ;;
|
||||||
--assuming-http|--assuming_http|--assume_http|--assume-http)
|
--assuming-http|--assuming_http|--assume_http|--assume-http)
|
||||||
ASSUMING_HTTP=0 ;;
|
ASSUMING_HTTP=0 ;;
|
||||||
--sneaky)
|
--sneaky)
|
||||||
@ -3557,7 +3599,7 @@ startup() {
|
|||||||
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
|
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
|
||||||
esac
|
esac
|
||||||
shift ;;
|
shift ;;
|
||||||
--show-each-cipher)
|
--show-each|--show_each)
|
||||||
SHOW_EACH_C=1 ;; #FIXME: sense is vice versa
|
SHOW_EACH_C=1 ;; #FIXME: sense is vice versa
|
||||||
--debug)
|
--debug)
|
||||||
DEBUG="$2"
|
DEBUG="$2"
|
||||||
@ -3675,6 +3717,6 @@ fi
|
|||||||
|
|
||||||
exit $ret
|
exit $ret
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.261 2015/05/27 12:28:17 dirkw Exp $
|
# $Id: testssl.sh,v 1.262 2015/05/27 15:04:34 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab
|
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab
|
||||||
|
Loading…
Reference in New Issue
Block a user