Rephrase TLS tolerance output in terminal
This commit is contained in:
Julien Vehent
parent
0de6abab61
commit
249b3be23d
36
cipherscan
36
cipherscan
|
|
@ -184,6 +184,7 @@ TIMEOUT=30
|
||||||
SAVECRT=""
|
SAVECRT=""
|
||||||
TEST_CURVES="True"
|
TEST_CURVES="True"
|
||||||
has_curves="False"
|
has_curves="False"
|
||||||
|
TEST_TOLERANCE="True"
|
||||||
# openssl formated list of curves that will cause server to select ECC suite
|
# openssl formated list of curves that will cause server to select ECC suite
|
||||||
ecc_ciphers=""
|
ecc_ciphers=""
|
||||||
unset known_certs
|
unset known_certs
|
||||||
|
|
@ -227,6 +228,7 @@ Use one of the options below:
|
||||||
-o | --openssl path/to/your/openssl binary you want to use.
|
-o | --openssl path/to/your/openssl binary you want to use.
|
||||||
--savecrt path where to save untrusted and leaf certificates
|
--savecrt path where to save untrusted and leaf certificates
|
||||||
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
||||||
|
--[no-]tolerance test TLS tolerance
|
||||||
-v | --verbose Increase verbosity.
|
-v | --verbose Increase verbosity.
|
||||||
|
|
||||||
The rest of the arguments will be interpreted as openssl s_client argument.
|
The rest of the arguments will be interpreted as openssl s_client argument.
|
||||||
|
|
@ -771,16 +773,22 @@ display_results_in_terminal() {
|
||||||
echo "Curves fallback: $fallback_supported"
|
echo "Curves fallback: $fallback_supported"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo
|
if [[ $TEST_TOLERANCE == "True" ]]; then
|
||||||
echo "Fallbacks required:"
|
if [[ $tls_tolerance['big-TLSv1.2'] =~ TLSv1.2 ]]; then
|
||||||
for test_name in "${!tls_tolerance[@]}"; do
|
echo "TLS Tolerance: True [OK]"
|
||||||
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
|
|
||||||
echo "$test_name config not supported, connection failed"
|
|
||||||
else
|
else
|
||||||
local res=(${tls_tolerance[$test_name]})
|
echo "TLS Tolerance: False [KO]"
|
||||||
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}"
|
echo "Fallbacks required:"
|
||||||
|
for test_name in "${!tls_tolerance[@]}"; do
|
||||||
|
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
|
||||||
|
echo "$test_name config not supported, connection failed"
|
||||||
|
else
|
||||||
|
local res=(${tls_tolerance[$test_name]})
|
||||||
|
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}"
|
||||||
|
fi
|
||||||
|
done | sort
|
||||||
fi
|
fi
|
||||||
done | sort
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
display_results_in_json() {
|
display_results_in_json() {
|
||||||
|
|
@ -1375,6 +1383,14 @@ do
|
||||||
TEST_CURVES="False"
|
TEST_CURVES="False"
|
||||||
shift 1
|
shift 1
|
||||||
;;
|
;;
|
||||||
|
--tolerance)
|
||||||
|
TEST_TOLERANCE="True"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
|
--no-tolerance)
|
||||||
|
TEST_TOLERANCE="False"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
--) # End of all options
|
--) # End of all options
|
||||||
shift
|
shift
|
||||||
break
|
break
|
||||||
|
|
@ -1489,7 +1505,9 @@ if [[ ${#cipherspref[@]} -eq 0 ]] || [[ ${pref[1]} == "SSLv2" ]]; then
|
||||||
get_cipher_pref "$CIPHERS"
|
get_cipher_pref "$CIPHERS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
test_tls_tolerance
|
if [[ $TEST_TOLERANCE == "True" ]]; then
|
||||||
|
test_tls_tolerance
|
||||||
|
fi
|
||||||
|
|
||||||
test_serverside_ordering
|
test_serverside_ordering
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue