From fb5c049fd799b5c4a09b871b9582e459ea6cc4ef Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 18 Oct 2017 14:25:43 -0400 Subject: [PATCH] Add TLSv1.3 support for run_allciphers() This PR adds TLSv1.3 support for run_allciphers(). It also addresses issue #660 for run_allciphers(). --- testssl.sh | 127 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 72 insertions(+), 55 deletions(-) diff --git a/testssl.sh b/testssl.sh index 8cf5689..f72623a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3026,6 +3026,7 @@ run_allciphers() { local -i i end_of_bundle bundle bundle_size num_bundles mod_check local -a ciphers_found ciphers_found2 hexcode2 ciph2 sslvers2 rfc_ciph2 local -i -a index + local proto protos_to_try local dhlen available ciphers_to_test supported_sslv2_ciphers local has_dh_bits="$HAS_DH_BITS" local using_sockets=true @@ -3129,6 +3130,7 @@ run_allciphers() { for (( i=0; i < nr_ciphers; i++ )); do if "${ossl_supported[i]}"; then + [[ "${sslvers[i]}" == "SSLv2" ]] && continue ciphers_found2[nr_ossl_ciphers]=false sslvers2[nr_ossl_ciphers]="${sslvers[i]}" ciph2[nr_ossl_ciphers]="${ciph[i]}" @@ -3151,42 +3153,54 @@ run_allciphers() { [[ $mod_check -ne 0 ]] && bundle_size+=1 fi - for (( bundle=0; bundle < num_bundles; bundle++ )); do - end_of_bundle=$bundle*$bundle_size+$bundle_size - [[ $end_of_bundle -gt $nr_ossl_ciphers ]] && end_of_bundle=$nr_ossl_ciphers - for (( success=0; success==0 ; 1 )); do - ciphers_to_test="" - for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do - [[ "${sslvers2[i]}" != "SSLv2" ]] && ! "${ciphers_found2[i]}" && ciphers_to_test+=":${ciph2[i]}" - done - success=1 - if [[ -n "$ciphers_to_test" ]]; then - $OPENSSL s_client $(s_client_options "-no_ssl2 -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE