2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-25 15:33:41 +01:00

small fixes for delay

firstly, test_cipher_on_target() will try at least 4 connections before
incurring the sleep, for aggressive rate limiter on server side it may be
too much, so sleep before every connection

secondly, because running external commands like sleep incurs a fork
penalty, we first check if it is necessary
This commit is contained in:
Hubert Kario 2014-10-28 16:44:43 +01:00
parent 71ba3c88b0
commit 11ce6187de
2 changed files with 12 additions and 6 deletions

View File

@ -48,6 +48,14 @@ TIMEOUT=30
# trust anchors are stored # trust anchors are stored
CAPATH="" CAPATH=""
# because running external commands like sleep incurs a fork penalty, we
# first check if it is necessary
ratelimit() {
if [[ $DELAY != "0" ]]; then
sleep $DELAY
fi
}
usage() { usage() {
echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port> echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
usage: $0 -h|--help usage: $0 -h|--help
@ -109,6 +117,7 @@ test_cipher_on_target() {
else else
cmnd=$sslcommand cmnd=$sslcommand
fi fi
ratelimit
debug echo \"Q\" \| $cmnd $tls_version debug echo \"Q\" \| $cmnd $tls_version
local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null) local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
@ -237,7 +246,6 @@ get_cipher_pref() {
get_cipher_pref "!$pciph:$ciphersuite" get_cipher_pref "!$pciph:$ciphersuite"
return 0 return 0
fi fi
sleep $DELAY
} }
display_results_in_terminal() { display_results_in_terminal() {
@ -521,7 +529,5 @@ if [ $ALLCIPHERS -gt 0 ]; then
r="pass" r="pass"
fi fi
echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}' echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}'
debug "Sleeping for $DELAY."
sleep $DELAY
done done
fi fi

View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
parallel=10 parallel=10
max_bg=50 max_bg=50
absolute_max_bg=100 absolute_max_bg=400
max_load_avg=50 max_load_avg=50
if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
@ -32,7 +32,7 @@ function scan_host() {
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
return return
fi fi
../cipherscan -json -servername $1 $2:443 > results/$1@$2 ../cipherscan --delay 2 -json -servername $1 $2:443 > results/$1@$2
} }
function scan_host_no_sni() { function scan_host_no_sni() {
@ -44,7 +44,7 @@ function scan_host_no_sni() {
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
return return
fi fi
../cipherscan -json $1:443 > results/$1 ../cipherscan --delay 2 -json $1:443 > results/$1
} }
function scan_hostname() { function scan_hostname() {