From 11ce6187dec1803c4bc8d9bba6f22c410fbaa610 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Tue, 28 Oct 2014 16:44:43 +0100 Subject: [PATCH] small fixes for delay firstly, test_cipher_on_target() will try at least 4 connections before incurring the sleep, for aggressive rate limiter on server side it may be too much, so sleep before every connection secondly, because running external commands like sleep incurs a fork penalty, we first check if it is necessary --- cipherscan | 12 +++++++++--- top1m/testtop1m.sh | 6 +++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/cipherscan b/cipherscan index 00858e5..3990ea6 100755 --- a/cipherscan +++ b/cipherscan @@ -48,6 +48,14 @@ TIMEOUT=30 # trust anchors are stored CAPATH="" +# because running external commands like sleep incurs a fork penalty, we +# first check if it is necessary +ratelimit() { + if [[ $DELAY != "0" ]]; then + sleep $DELAY + fi +} + usage() { echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] usage: $0 -h|--help @@ -109,6 +117,7 @@ test_cipher_on_target() { else cmnd=$sslcommand fi + ratelimit debug echo \"Q\" \| $cmnd $tls_version local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null) if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then @@ -237,7 +246,6 @@ get_cipher_pref() { get_cipher_pref "!$pciph:$ciphersuite" return 0 fi - sleep $DELAY } display_results_in_terminal() { @@ -521,7 +529,5 @@ if [ $ALLCIPHERS -gt 0 ]; then r="pass" fi echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}' - debug "Sleeping for $DELAY." - sleep $DELAY done fi diff --git a/top1m/testtop1m.sh b/top1m/testtop1m.sh index e77c1e1..e3e6920 100755 --- a/top1m/testtop1m.sh +++ b/top1m/testtop1m.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash parallel=10 max_bg=50 -absolute_max_bg=100 +absolute_max_bg=400 max_load_avg=50 if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then @@ -32,7 +32,7 @@ function scan_host() { if [ $? -gt 0 ]; then return fi - ../cipherscan -json -servername $1 $2:443 > results/$1@$2 + ../cipherscan --delay 2 -json -servername $1 $2:443 > results/$1@$2 } function scan_host_no_sni() { @@ -44,7 +44,7 @@ function scan_host_no_sni() { if [ $? -gt 0 ]; then return fi - ../cipherscan -json $1:443 > results/$1 + ../cipherscan --delay 2 -json $1:443 > results/$1 } function scan_hostname() {