mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-25 07:23:41 +01:00
commit
0ab0575274
54
cipherscan
54
cipherscan
@ -63,6 +63,44 @@ fi
|
|||||||
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
||||||
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
||||||
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
||||||
|
# as some servers are intolerant to large client hello's (or ones that have
|
||||||
|
# RC4 ciphers below position 64), use the following for cipher testing in case
|
||||||
|
# of problems
|
||||||
|
FALLBACKCIPHERSUITE=(
|
||||||
|
'ECDHE-RSA-AES128-GCM-SHA256'
|
||||||
|
'ECDHE-RSA-AES128-SHA256'
|
||||||
|
'ECDHE-RSA-AES128-SHA'
|
||||||
|
'ECDHE-RSA-DES-CBC3-SHA'
|
||||||
|
'ECDHE-RSA-RC4-SHA'
|
||||||
|
'DHE-RSA-AES128-SHA'
|
||||||
|
'DHE-DSS-AES128-SHA'
|
||||||
|
'DHE-RSA-CAMELLIA128-SHA'
|
||||||
|
'DHE-RSA-AES256-SHA'
|
||||||
|
'DHE-DSS-AES256-SHA'
|
||||||
|
'DHE-RSA-CAMELLIA256-SHA'
|
||||||
|
'EDH-RSA-DES-CBC3-SHA'
|
||||||
|
'AES128-SHA'
|
||||||
|
'CAMELLIA128-SHA'
|
||||||
|
'AES256-SHA'
|
||||||
|
'CAMELLIA256-SHA'
|
||||||
|
'DES-CBC3-SHA'
|
||||||
|
'RC4-SHA'
|
||||||
|
'RC4-MD5'
|
||||||
|
'SEED-SHA'
|
||||||
|
'IDEA-CBC-SHA'
|
||||||
|
'IDEA-CBC-MD5'
|
||||||
|
'RC2-CBC-MD5'
|
||||||
|
'DES-CBC3-MD5'
|
||||||
|
'EXP1024-DHE-DSS-DES-CBC-SHA'
|
||||||
|
'EDH-RSA-DES-CBC-SHA'
|
||||||
|
'EXP1024-DES-CBC-SHA'
|
||||||
|
'DES-CBC-MD5'
|
||||||
|
'EXP1024-RC4-SHA'
|
||||||
|
'EXP-EDH-RSA-DES-CBC-SHA'
|
||||||
|
'EXP-DES-CBC-SHA'
|
||||||
|
'EXP-RC2-CBC-MD5'
|
||||||
|
'EXP-RC4-MD5'
|
||||||
|
)
|
||||||
DEBUG=0
|
DEBUG=0
|
||||||
VERBOSE=0
|
VERBOSE=0
|
||||||
DELAY=0
|
DELAY=0
|
||||||
@ -1066,6 +1104,22 @@ results=()
|
|||||||
# Call to the recursive loop that retrieves the cipher preferences
|
# Call to the recursive loop that retrieves the cipher preferences
|
||||||
get_cipher_pref $CIPHERSUITE
|
get_cipher_pref $CIPHERSUITE
|
||||||
|
|
||||||
|
# in case the server is intolerant to our big hello, try again with
|
||||||
|
# a smaller one
|
||||||
|
# do that either when the normal scan returns no ciphers or just SSLv2
|
||||||
|
# ciphers (where it's likely that the limiting by OpenSSL worked)
|
||||||
|
pref=(${cipherspref[0]})
|
||||||
|
if [[ ${#cipherspref[@]} -eq 0 ]] || [[ ${pref[1]} == "SSLv2" ]]; then
|
||||||
|
cipherspref=()
|
||||||
|
ciphercertificates=()
|
||||||
|
results=()
|
||||||
|
OLDIFS="$IFS"
|
||||||
|
IFS=":"
|
||||||
|
CIPHERS="${FALLBACKCIPHERSUITE[*]}"
|
||||||
|
IFS="$OLDIFS"
|
||||||
|
get_cipher_pref "$CIPHERS"
|
||||||
|
fi
|
||||||
|
|
||||||
test_serverside_ordering
|
test_serverside_ordering
|
||||||
|
|
||||||
if [[ $TEST_CURVES == "True" ]]; then
|
if [[ $TEST_CURVES == "True" ]]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user