2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

Rephrase TLS tolerance output in terminal

This commit is contained in:
Julien Vehent 2015-09-18 12:35:17 -04:00
parent 0de6abab61
commit 249b3be23d

View File

@ -184,6 +184,7 @@ TIMEOUT=30
SAVECRT="" SAVECRT=""
TEST_CURVES="True" TEST_CURVES="True"
has_curves="False" has_curves="False"
TEST_TOLERANCE="True"
# openssl formated list of curves that will cause server to select ECC suite # openssl formated list of curves that will cause server to select ECC suite
ecc_ciphers="" ecc_ciphers=""
unset known_certs unset known_certs
@ -227,6 +228,7 @@ Use one of the options below:
-o | --openssl path/to/your/openssl binary you want to use. -o | --openssl path/to/your/openssl binary you want to use.
--savecrt path where to save untrusted and leaf certificates --savecrt path where to save untrusted and leaf certificates
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2) --[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
--[no-]tolerance test TLS tolerance
-v | --verbose Increase verbosity. -v | --verbose Increase verbosity.
The rest of the arguments will be interpreted as openssl s_client argument. The rest of the arguments will be interpreted as openssl s_client argument.
@ -771,16 +773,22 @@ display_results_in_terminal() {
echo "Curves fallback: $fallback_supported" echo "Curves fallback: $fallback_supported"
fi fi
echo if [[ $TEST_TOLERANCE == "True" ]]; then
echo "Fallbacks required:" if [[ $tls_tolerance['big-TLSv1.2'] =~ TLSv1.2 ]]; then
for test_name in "${!tls_tolerance[@]}"; do echo "TLS Tolerance: True [OK]"
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
echo "$test_name config not supported, connection failed"
else else
local res=(${tls_tolerance[$test_name]}) echo "TLS Tolerance: False [KO]"
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}" echo "Fallbacks required:"
for test_name in "${!tls_tolerance[@]}"; do
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
echo "$test_name config not supported, connection failed"
else
local res=(${tls_tolerance[$test_name]})
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}"
fi
done | sort
fi fi
done | sort fi
} }
display_results_in_json() { display_results_in_json() {
@ -1375,6 +1383,14 @@ do
TEST_CURVES="False" TEST_CURVES="False"
shift 1 shift 1
;; ;;
--tolerance)
TEST_TOLERANCE="True"
shift 1
;;
--no-tolerance)
TEST_TOLERANCE="False"
shift 1
;;
--) # End of all options --) # End of all options
shift shift
break break
@ -1489,7 +1505,9 @@ if [[ ${#cipherspref[@]} -eq 0 ]] || [[ ${pref[1]} == "SSLv2" ]]; then
get_cipher_pref "$CIPHERS" get_cipher_pref "$CIPHERS"
fi fi
test_tls_tolerance if [[ $TEST_TOLERANCE == "True" ]]; then
test_tls_tolerance
fi
test_serverside_ordering test_serverside_ordering