2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 22:33:40 +01:00

openssl in -ssl2 mode doesn't tolerate -servername option

when openssl is run in -ssl2 mode, it doesn't accept -servername
option and just aborts operation, it doesn't consider -status
to be special though.

Remove this option when running the SSLv2 portion of the test.
This commit is contained in:
Hubert Kario 2014-06-30 23:03:27 +02:00
parent 5c4a8e8fd6
commit 0ae9d76771

View File

@ -78,13 +78,22 @@ debug(){
test_cipher_on_target() { test_cipher_on_target() {
local sslcommand=$@ local sslcommand=$@
cipher="" cipher=""
local cmnd=""
protocols="" protocols=""
pfs="" pfs=""
previous_cipher="" previous_cipher=""
for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2" for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2"
do do
debug echo \"Q\" \| $sslcommand $tls_version # sslv2 client hello doesn't support SNI extension
local tmp=$(echo "Q" | $sslcommand $tls_version 1>/dev/stdout 2>/dev/null) # in SSLv3 mode OpenSSL just ignores the setting so it's ok
# -status exception is ignored in SSLv2, go figure
if [ "$tls_version" == "-ssl2" ]; then
cmnd=$(sed 's/-servername\ [^ ]*//'<<<$sslcommand)
else
cmnd=$sslcommand
fi
debug echo \"Q\" \| $cmnd $tls_version
local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
current_ocspstaple="True" current_ocspstaple="True"
else else