LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00
Code Issues Releases Wiki Activity

do a scan with -no_tlsext openssl if possible

Browse Source
This commit is contained in:
Hubert Kario 2015-05-29 20:25:47 +02:00
parent a71bfe5ebd
commit 5c98fe2107
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
cipherscan
View File

@ -283,6 +283,20 @@ c_hash() {
done done
} }
crude_grep() {
while read line; do
if [[ $line =~ $1 ]]; then
return 0
fi
done
return 1
}
check_option_support() {
$OPENSSLBIN s_client -help 2>&1 | crude_grep "$1"
return $?
}
parse_openssl_output() { parse_openssl_output() {
# clear variables in case matching doesn't hit them # clear variables in case matching doesn't hit them
current_ocspstaple="False" current_ocspstaple="False"
@ -1220,6 +1234,23 @@ test_tls_tolerance() {
tls_tolerance['small-TLSv1.0']="True $current_protocol $current_cipher $current_trusted" tls_tolerance['small-TLSv1.0']="True $current_protocol $current_cipher $current_trusted"
fi fi
#
# v3 format TLSv1.0 hello, small cipher list, no extensions
#
if check_option_support "-no_tlsext"; then
ratelimit
verbose "Testing fallback with $sslcommand -no_tls1_2 -no_tls1_1 -no_tlsext"
local tmp=$(echo Q | $sslcommand -no_tls1_2 -no_tls1_1 -no_tlsext 2>/dev/null)
parse_openssl_output <<<"$tmp"
verbose "Negotiated proto: $current_protocol, cipher: $current_cipher"
if [[ -z $current_protocol || $current_cipher == "(NONE)" \
|| $current_cipher == '0000' ]]; then
tls_tolerance['small-TLSv1.0-notlsext']="False"
else
tls_tolerance['small-TLSv1.0-notlsext']="True $current_protocol $current_cipher $current_trusted"
fi
fi
# #
# v3 format SSLv3 hello, small cipher list # v3 format SSLv3 hello, small cipher list
# #

6
top1m/parse_results.py
View File

@ -112,6 +112,8 @@ fallback_ids[' '] = i
i+=1 i+=1
fallback_ids['small-SSLv3'] = i fallback_ids['small-SSLv3'] = i
i+=1 i+=1
fallback_ids['small-TLSv1.0-notlsext'] = i
i+=1
fallback_ids['small-TLSv1.0'] = i fallback_ids['small-TLSv1.0'] = i
i+=1 i+=1
fallback_ids['small-TLSv1.1'] = i fallback_ids['small-TLSv1.1'] = i
@ -734,8 +736,8 @@ for stat in sorted(protocolstats):
print("\nRequired fallbacks Count Percent") print("\nRequired fallbacks Count Percent")
print("----------------------------------------+---------+-------") print("----------------------------------------+---------+-------")
print("big smal v2 ") print("big small v2 ")
print("----+----+-----+------------------------+---------+-------") print("----+-----+-----+------------------------+---------+-------")
for stat in sorted(fallbacks): for stat in sorted(fallbacks):
percent = round(fallbacks[stat] / total * 100, 4) percent = round(fallbacks[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(40) + " " + str(fallbacks[stat]).ljust(10) + str(percent).ljust(4) + "\n") sys.stdout.write(stat.ljust(40) + " " + str(fallbacks[stat]).ljust(10) + str(percent).ljust(4) + "\n")