Use $HAS_SSL2

I changed the code to use the global $HAS_SSL2 rather than $sslv2_locally_supported.

I don't think there's a need to use $HAS_SSL3 in run_allciphers(), since the call to "$OPENSSL s_client" for non-SSLv2 ciphers does not specify a protocol. It's also not needed in run_cipher_per_proto(), since there is already a call to locally_supported() before anything further is done with a protocol.
This commit is contained in:
David Cooper 2016-04-19 09:47:52 -04:00
parent c6db49066f
commit fe098d4b39

View File

@ -1578,11 +1578,10 @@ run_allciphers() {
local dhlen local dhlen
local available local available
local ciphers_to_test local ciphers_to_test
local sslv2_locally_supported=false sslv2_supported=false local sslv2_supported=false
# get a list of all the cipher suites to test (only need the hexcode, ciph, sslvers, kx, enc, and export values) # get a list of all the cipher suites to test (only need the hexcode, ciph, sslvers, kx, enc, and export values)
while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
[[ "${sslvers[nr_ciphers]}" == "SSLv2" ]] && sslv2_locally_supported=true
nr_ciphers=$nr_ciphers+1 nr_ciphers=$nr_ciphers+1
done < <($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>>$ERRFILE) done < <($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>>$ERRFILE)
@ -1592,7 +1591,7 @@ run_allciphers() {
outln outln
neat_header neat_header
if $sslv2_locally_supported; then if "$HAS_SSL2"; then
$OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE </dev/null
sclient_connect_successful "$?" "$TMPFILE" sclient_connect_successful "$?" "$TMPFILE"
[[ "$?" -eq 0 ]] && sslv2_supported=true [[ "$?" -eq 0 ]] && sslv2_supported=true