From 11ce6187dec1803c4bc8d9bba6f22c410fbaa610 Mon Sep 17 00:00:00 2001
From: Hubert Kario <hkario@redhat.com>
Date: Tue, 28 Oct 2014 16:44:43 +0100
Subject: [PATCH] small fixes for delay

firstly, test_cipher_on_target() will try at least 4 connections before
incurring the sleep, for aggressive rate limiter on server side it may be
too much, so sleep before every connection

secondly, because running external commands like sleep incurs a fork
penalty, we first check if it is necessary
---
 cipherscan         | 12 +++++++++---
 top1m/testtop1m.sh |  6 +++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/cipherscan b/cipherscan
index 00858e5..3990ea6 100755
--- a/cipherscan
+++ b/cipherscan
@@ -48,6 +48,14 @@ TIMEOUT=30
 # trust anchors are stored
 CAPATH=""
 
+# because running external commands like sleep incurs a fork penalty, we
+# first check if it is necessary
+ratelimit() {
+    if [[ $DELAY != "0" ]]; then
+        sleep $DELAY
+    fi
+}
+
 usage() {
     echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
     usage: $0 -h|--help
@@ -109,6 +117,7 @@ test_cipher_on_target() {
         else
             cmnd=$sslcommand
         fi
+        ratelimit
         debug echo \"Q\" \| $cmnd $tls_version
         local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
         if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
@@ -237,7 +246,6 @@ get_cipher_pref() {
         get_cipher_pref "!$pciph:$ciphersuite"
         return 0
     fi
-    sleep $DELAY
 }
 
 display_results_in_terminal() {
@@ -521,7 +529,5 @@ if [ $ALLCIPHERS -gt 0 ]; then
             r="pass"
         fi
         echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}'
-        debug "Sleeping for $DELAY."
-        sleep $DELAY
     done
 fi
diff --git a/top1m/testtop1m.sh b/top1m/testtop1m.sh
index e77c1e1..e3e6920 100755
--- a/top1m/testtop1m.sh
+++ b/top1m/testtop1m.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 parallel=10
 max_bg=50
-absolute_max_bg=100
+absolute_max_bg=400
 max_load_avg=50
 
 if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
@@ -32,7 +32,7 @@ function scan_host() {
     if [ $? -gt 0 ]; then
         return
     fi
-    ../cipherscan -json -servername $1 $2:443 > results/$1@$2
+    ../cipherscan --delay 2 -json -servername $1 $2:443 > results/$1@$2
 }
 
 function scan_host_no_sni() {
@@ -44,7 +44,7 @@ function scan_host_no_sni() {
     if [ $? -gt 0 ]; then
         return
     fi
-    ../cipherscan -json $1:443 > results/$1
+    ../cipherscan --delay 2 -json $1:443 > results/$1
 }
 
 function scan_hostname() {