LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2025-06-07 19:43:40 +02:00
Code Issues Releases Wiki Activity

Merge 5f670deb10 into 1f92094b3d

Browse Source
This commit is contained in:
Hubert Kario 2014-04-03 21:53:12 +00:00
commit 141b4e0a04
2 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@ -30,24 +30,24 @@ Example
$ ./cipherscan www.google.com:443 $ ./cipherscan www.google.com:443
................... ...................
prio ciphersuite protocols pfs_keysize prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-CHACHA20-POLY1305 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
3 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 3 ECDHE-RSA-AES128-SHA TLSv1.2 ECDH,P-256,256bits
4 ECDHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 4 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
5 AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 5 AES128-GCM-SHA256 TLSv1.2
6 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 6 AES128-SHA256 TLSv1.2
7 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 7 AES128-SHA TLSv1.2
8 ECDHE-RSA-AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 8 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
9 ECDHE-RSA-AES256-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 9 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2
10 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 10 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
11 AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 11 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
12 AES256-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 12 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
13 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 13 AES256-GCM-SHA384 TLSv1.2
14 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 14 AES256-SHA256 TLSv1.2
15 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 15 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
16 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 16 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
17 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 17 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
18 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 18 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
$ ./cipherscan -starttls xmpp jabber.ccc.de:5222 $ ./cipherscan -starttls xmpp jabber.ccc.de:5222
......... .........
prio ciphersuite protocols pfs_keysize prio ciphersuite protocols pfs_keysize

16
cipherscan
View File

@ -68,6 +68,7 @@ test_cipher_on_target() {
cipher="" cipher=""
protocols="" protocols=""
pfs="" pfs=""
previous_cipher=""
for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2" for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2"
do do
local tmp=$(mktemp) local tmp=$(mktemp)
@ -82,6 +83,21 @@ EOF
rm "$tmp" rm "$tmp"
continue continue
fi fi
# handling of TLSv1.2 only cipher suites
if [ ! -z "$previous_cipher" ] && [ "$previous_cipher" != "$current_cipher" ]; then
protocols=""
fi
previous_cipher=$cipher
# SSLv2 ciphers use their own specific namespace (and RC4-MD5 is the
# only cipher that exists in both and we care for for)
if [ "$current_protocol" == "SSLv2" ] && [ "$current_cipher" != "RC4-MD5" ]; then
protocols=$current_protocol
cipher=$current_cipher
pfs=$current_pfs
rm "$tmp"
break 1
fi
# connection succeeded, add TLS version to positive results # connection succeeded, add TLS version to positive results
if [ -z "$protocols" ]; then if [ -z "$protocols" ]; then
protocols=$current_protocol protocols=$current_protocol