From fe098d4b394be0ebe230c5332dbbf876426fd6e1 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Tue, 19 Apr 2016 09:47:52 -0400
Subject: [PATCH] Use $HAS_SSL2

I changed the code to use the global $HAS_SSL2 rather than $sslv2_locally_supported.

I don't think there's a need to use $HAS_SSL3 in run_allciphers(), since the call to "$OPENSSL s_client" for non-SSLv2 ciphers does not specify a protocol. It's also not needed in run_cipher_per_proto(), since there is already a call to locally_supported() before anything further is done with a protocol.
---
 testssl.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index a820aee..6478a9d 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1578,11 +1578,10 @@ run_allciphers() {
      local dhlen
      local available
      local ciphers_to_test
-     local sslv2_locally_supported=false sslv2_supported=false
+     local sslv2_supported=false
 
      # get a list of all the cipher suites to test (only need the hexcode, ciph, sslvers, kx, enc, and export values)
      while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
-          [[ "${sslvers[nr_ciphers]}" == "SSLv2" ]] && sslv2_locally_supported=true
           nr_ciphers=$nr_ciphers+1
      done < <($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>>$ERRFILE)
 
@@ -1592,7 +1591,7 @@ run_allciphers() {
      outln
      neat_header
 
-     if $sslv2_locally_supported; then
+     if "$HAS_SSL2"; then
           $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
           sclient_connect_successful "$?" "$TMPFILE"
           [[ "$?" -eq 0 ]] && sslv2_supported=true