do a scan with -no_tlsext openssl if possible

2015-05-29 20:25:47 +02:00 · 2015-05-29 20:25:47 +02:00 · 5c98fe2107
parent a71bfe5ebd
commit 5c98fe2107
2 changed files with 35 additions and 2 deletions
--- a/31
+++ b/31
@ -283,6 +283,20 @@ c_hash() {
    done
 }

+crude_grep() {
+    while read line; do
+        if [[ $line =~ $1 ]]; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+check_option_support() {
+    $OPENSSLBIN s_client -help 2>&1 | crude_grep "$1"
+    return $?
+}
+
 parse_openssl_output() {
    # clear variables in case matching doesn't hit them
    current_ocspstaple="False"
@ -1220,6 +1234,23 @@ test_tls_tolerance() {
            tls_tolerance['small-TLSv1.0']="True $current_protocol $current_cipher $current_trusted"
        fi

+        #
+        # v3 format TLSv1.0 hello, small cipher list, no extensions
+        #
+        if check_option_support "-no_tlsext"; then
+            ratelimit
+            verbose "Testing fallback with $sslcommand -no_tls1_2 -no_tls1_1 -no_tlsext"
+            local tmp=$(echo Q | $sslcommand -no_tls1_2 -no_tls1_1 -no_tlsext 2>/dev/null)
+            parse_openssl_output <<<"$tmp"
+            verbose "Negotiated proto: $current_protocol, cipher: $current_cipher"
+            if [[ -z $current_protocol || $current_cipher == "(NONE)" \
+                || $current_cipher == '0000' ]]; then
+                    tls_tolerance['small-TLSv1.0-notlsext']="False"
+            else
+                tls_tolerance['small-TLSv1.0-notlsext']="True $current_protocol $current_cipher $current_trusted"
+            fi
+        fi
+
        #
        # v3 format SSLv3 hello, small cipher list
        #
--- a/top1m/parse_results.py
+++ b/top1m/parse_results.py
@ -112,6 +112,8 @@ fallback_ids[' '] = i
 i+=1
 fallback_ids['small-SSLv3'] = i
 i+=1
+fallback_ids['small-TLSv1.0-notlsext'] = i
+i+=1
 fallback_ids['small-TLSv1.0'] = i
 i+=1
 fallback_ids['small-TLSv1.1'] = i
@ -734,8 +736,8 @@ for stat in sorted(protocolstats):

 print("\nRequired fallbacks                       Count     Percent")
 print("----------------------------------------+---------+-------")
-print("big  smal v2   ")
-print("----+----+-----+------------------------+---------+-------")
+print("big  small v2   ")
+print("----+-----+-----+------------------------+---------+-------")
 for stat in sorted(fallbacks):
    percent = round(fallbacks[stat] / total * 100, 4)
    sys.stdout.write(stat.ljust(40) + " " + str(fallbacks[stat]).ljust(10) + str(percent).ljust(4) + "\n")