LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-09-29 08:03:42 +02:00
Code Issues Releases Wiki Activity

FreeBSD compatible

Browse Source 
Detect the OS and use gtimeout from sysutils/coreutils
This commit is contained in:
Olivier Paroz 2014-09-15 17:06:59 +02:00
parent ded65c40df
commit 0662fa61d8
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
cipherscan
View File

@ -4,9 +4,19 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this # License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/. # file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Author: Julien Vehent [:ulfr] - 2013 # Author: Julien Vehent [:ulfr] - 2013
#
# Modified by Olivier Paroz in September 2014
#
# On FreeBSD, you will need the following ports: textproc/gnugrep and sysutils/coreutils
#
OS=`uname`
DOBENCHMARK=0 DOBENCHMARK=0
BENCHMARKITER=30 BENCHMARKITER=30
TIMEOUTBIN=timeout
if [ "${OS}" = "FreeBSD" ]; then
TIMEOUTBIN=gtimeout
fi
OPENSSLBIN="$(dirname $0)/openssl" OPENSSLBIN="$(dirname $0)/openssl"
if [ -z "$CACERTS" ]; then if [ -z "$CACERTS" ]; then
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
@ -36,7 +46,11 @@ usage() {
usage: $0 -h|--help usage: $0 -h|--help
$0 attempts to connect to a target site using all the ciphersuites it knows. $0 attempts to connect to a target site using all the ciphersuites it knows.
Julien Vehent [:ulfr] - https://github.com/jvehent/cipherscan
Original script by Julien Vehent. [:ulfr] - https://github.com/jvehent/cipherscan
FreeBSD version by Olivier Paroz. [:ulfr] - https://github.com/oparoz/cipherscan
OpenSSL 1.0.2 is a REQUIREMENT and you will also need the following ports on FreeBSD: textproc/gnugrep and sysutils/coreutils
Port defaults to 443 Port defaults to 443
@ -165,7 +179,7 @@ test_cipher_on_target() {
# Calculate the average handshake time for a specific ciphersuite # Calculate the average handshake time for a specific ciphersuite
bench_cipher() { bench_cipher() {
local ciphersuite="$1" local ciphersuite="$1"
local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client $SCLIENTARGS -connect $TARGET -cipher $ciphersuite" local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client $SCLIENTARGS -connect $TARGET -cipher $ciphersuite"
local t="$(date +%s%N)" local t="$(date +%s%N)"
verbose "Benchmarking handshake on '$TARGET' with ciphersuite '$ciphersuite'" verbose "Benchmarking handshake on '$TARGET' with ciphersuite '$ciphersuite'"
for i in $(seq 1 $BENCHMARKITER); do for i in $(seq 1 $BENCHMARKITER); do
@ -189,9 +203,9 @@ get_cipher_pref() {
[ "$OUTPUTFORMAT" == "terminal" ] && [ $DEBUG -lt 1 ] && echo -n '.' [ "$OUTPUTFORMAT" == "terminal" ] && [ $DEBUG -lt 1 ] && echo -n '.'
local ciphersuite="$1" local ciphersuite="$1"
if [ -e $CACERTS ]; then if [ -e $CACERTS ]; then
local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -CAfile $CACERTS -status $SCLIENTARGS -connect $TARGET -cipher $ciphersuite" local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client -CAfile $CACERTS -status $SCLIENTARGS -connect $TARGET -cipher $ciphersuite"
else else
local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -status $SCLIENTARGS -connect $TARGET -cipher $ciphersuite" local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client -status $SCLIENTARGS -connect $TARGET -cipher $ciphersuite"
fi fi
verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'" verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'"
test_cipher_on_target "$sslcommand" test_cipher_on_target "$sslcommand"
@ -410,7 +424,7 @@ if [ $ALLCIPHERS -gt 0 ]; then
echo; echo "All accepted ciphersuites" echo; echo "All accepted ciphersuites"
for c in $($OPENSSLBIN ciphers -v ALL:COMPLEMENTOFALL 2>/dev/null |awk '{print $1}'|sort|uniq); do for c in $($OPENSSLBIN ciphers -v ALL:COMPLEMENTOFALL 2>/dev/null |awk '{print $1}'|sort|uniq); do
r="fail" r="fail"
osslcommand="timeout $TIMEOUT $OPENSSLBIN s_client $SCLIENTARGS -connect $TARGET -cipher $c" osslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client $SCLIENTARGS -connect $TARGET -cipher $c"
test_cipher_on_target "$osslcommand" test_cipher_on_target "$osslcommand"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
r="pass" r="pass"