mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 06:13:42 +01:00
Merge pull request #89 from jvehent/output20150918
A few fixes to the terminal output
This commit is contained in:
commit
901e3cbdfc
101
cipherscan
101
cipherscan
@ -197,11 +197,13 @@ DELAY=0
|
|||||||
ALLCIPHERS=""
|
ALLCIPHERS=""
|
||||||
OUTPUTFORMAT="terminal"
|
OUTPUTFORMAT="terminal"
|
||||||
TIMEOUT=30
|
TIMEOUT=30
|
||||||
|
USECOLORS="True"
|
||||||
# place where to put the found intermediate CA certificates and where
|
# place where to put the found intermediate CA certificates and where
|
||||||
# trust anchors are stored
|
# trust anchors are stored
|
||||||
SAVECRT=""
|
SAVECRT=""
|
||||||
TEST_CURVES="True"
|
TEST_CURVES="True"
|
||||||
has_curves="False"
|
has_curves="False"
|
||||||
|
TEST_TOLERANCE="True"
|
||||||
# openssl formated list of curves that will cause server to select ECC suite
|
# openssl formated list of curves that will cause server to select ECC suite
|
||||||
ecc_ciphers=""
|
ecc_ciphers=""
|
||||||
unset known_certs
|
unset known_certs
|
||||||
@ -245,6 +247,8 @@ Use one of the options below:
|
|||||||
-o | --openssl path/to/your/openssl binary you want to use.
|
-o | --openssl path/to/your/openssl binary you want to use.
|
||||||
--savecrt path where to save untrusted and leaf certificates
|
--savecrt path where to save untrusted and leaf certificates
|
||||||
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
||||||
|
--[no-]tolerance test TLS tolerance
|
||||||
|
--no-colors don't use terminal colors
|
||||||
-v | --verbose Increase verbosity.
|
-v | --verbose Increase verbosity.
|
||||||
|
|
||||||
The rest of the arguments will be interpreted as openssl s_client argument.
|
The rest of the arguments will be interpreted as openssl s_client argument.
|
||||||
@ -685,6 +689,19 @@ display_results_in_terminal() {
|
|||||||
local ocspstaple
|
local ocspstaple
|
||||||
local curvesordering
|
local curvesordering
|
||||||
local different=False
|
local different=False
|
||||||
|
# Configure colors, if terminal supports them
|
||||||
|
if [[ $USECOLORS == "True" && -x /usr/bin/tput ]] && tput setaf 1 >&/dev/null; then
|
||||||
|
c_blue="\033[0;34m"
|
||||||
|
c_green="\033[0;32m"
|
||||||
|
c_red="\033[0;31m"
|
||||||
|
c_reset="\033[0m"
|
||||||
|
else
|
||||||
|
c_reset=
|
||||||
|
c_blue=
|
||||||
|
c_green=
|
||||||
|
c_red=
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Target: $TARGET"; echo
|
echo "Target: $TARGET"; echo
|
||||||
for cipher in "${cipherspref[@]}"; do
|
for cipher in "${cipherspref[@]}"; do
|
||||||
# get first in array
|
# get first in array
|
||||||
@ -760,39 +777,69 @@ display_results_in_terminal() {
|
|||||||
fi
|
fi
|
||||||
done|column -t
|
done|column -t
|
||||||
echo
|
echo
|
||||||
|
|
||||||
|
if [[ ($sigalg =~ RSA && $pubkey -gt 2047) || ($sigalg =~ DSA && $pubkey -gt 255) ]]; then
|
||||||
|
pubkey="${c_green}${pubkey}${c_reset}"
|
||||||
|
else
|
||||||
|
pubkey="${c_red}${pubkey}${c_reset}"
|
||||||
|
fi
|
||||||
|
if [[ $sigalg =~ md5|sha1 ]]; then
|
||||||
|
sigalg="${c_red}${sigalg}${c_reset}"
|
||||||
|
else
|
||||||
|
sigalg="${c_green}${sigalg}${c_reset}"
|
||||||
|
fi
|
||||||
|
if [[ $trusted == "True" ]]; then
|
||||||
|
trusted="${c_green}trusted${c_reset}"
|
||||||
|
else
|
||||||
|
trusted="${c_green}untrusted${c_reset}"
|
||||||
|
fi
|
||||||
if [[ $different != "True" ]]; then
|
if [[ $different != "True" ]]; then
|
||||||
if [[ "$trusted" == "True" ]]; then
|
echo -e "Certificate: $trusted, $pubkey bits, $sigalg signature"
|
||||||
echo "Certificate: trusted, $pubkey bit, $sigalg signature"
|
|
||||||
else
|
|
||||||
echo "Certificate: UNTRUSTED, $pubkey bit, $sigalg signature"
|
|
||||||
fi
|
|
||||||
echo "TLS ticket lifetime hint: $tickethint"
|
echo "TLS ticket lifetime hint: $tickethint"
|
||||||
fi
|
fi
|
||||||
if [[ $ocspstaple == "True" ]]; then
|
if [[ $ocspstaple == "True" ]]; then
|
||||||
echo "OCSP stapling: supported"
|
echo -e "OCSP stapling: ${c_green}supported${c_reset}"
|
||||||
else
|
else
|
||||||
echo "OCSP stapling: not supported"
|
echo -e "OCSP stapling: ${c_red}not supported${c_reset}"
|
||||||
fi
|
fi
|
||||||
if [[ $serverside == "True" ]]; then
|
if [[ $serverside == "True" ]]; then
|
||||||
echo "Cipher ordering: server"
|
echo -e "Cipher ordering: ${c_green}server${c_reset}"
|
||||||
else
|
else
|
||||||
echo "Cipher ordering: client"
|
echo -e "Cipher ordering: ${c_red}client${c_reset}"
|
||||||
fi
|
fi
|
||||||
if [[ $TEST_CURVES == "True" ]]; then
|
if [[ $TEST_CURVES == "True" ]]; then
|
||||||
echo "Curves ordering: $curvesordering"
|
if [[ $curvesordering == "server" ]]; then
|
||||||
echo "Curves fallback: $fallback_supported"
|
curvesordering="${c_green}${curvesordering}${c_reset}"
|
||||||
|
else
|
||||||
|
if [[ $curvesordering == "" ]]; then
|
||||||
|
curvesordering="${c_red}none"
|
||||||
|
fi
|
||||||
|
curvesordering="${c_red}${curvesordering}${c_reset}"
|
||||||
|
fi
|
||||||
|
if [[ $fallback_supported == "True" ]]; then
|
||||||
|
fallback_supported="${c_green}yes${c_reset}"
|
||||||
|
else
|
||||||
|
fallback_supported="${c_red}no${c_reset}"
|
||||||
|
fi
|
||||||
|
echo -e "Curves ordering: $curvesordering - fallback: $fallback_supported"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo
|
if [[ $TEST_TOLERANCE == "True" ]]; then
|
||||||
echo "Fallbacks required:"
|
if [[ $tls_tolerance['big-TLSv1.2'] =~ TLSv1.2 ]]; then
|
||||||
for test_name in "${!tls_tolerance[@]}"; do
|
echo -e "TLS Tolerance: ${c_green}yes${c_reset}"
|
||||||
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
|
|
||||||
echo "$test_name config not supported, connection failed"
|
|
||||||
else
|
else
|
||||||
local res=(${tls_tolerance[$test_name]})
|
echo "TLS Tolerance: ${c_red}no${c_reset}"
|
||||||
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}"
|
echo "Fallbacks required:"
|
||||||
|
for test_name in "${!tls_tolerance[@]}"; do
|
||||||
|
if [[ ${tls_tolerance[$test_name]} == "False" ]]; then
|
||||||
|
echo "$test_name config not supported, connection failed"
|
||||||
|
else
|
||||||
|
local res=(${tls_tolerance[$test_name]})
|
||||||
|
echo "$test_name no fallback req, connected: ${res[1]} ${res[2]}"
|
||||||
|
fi
|
||||||
|
done | sort
|
||||||
fi
|
fi
|
||||||
done | sort
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
display_results_in_json() {
|
display_results_in_json() {
|
||||||
@ -1367,6 +1414,18 @@ do
|
|||||||
TEST_CURVES="False"
|
TEST_CURVES="False"
|
||||||
shift 1
|
shift 1
|
||||||
;;
|
;;
|
||||||
|
--tolerance)
|
||||||
|
TEST_TOLERANCE="True"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
|
--no-tolerance)
|
||||||
|
TEST_TOLERANCE="False"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
|
--no-colors)
|
||||||
|
USECOLORS="False"
|
||||||
|
shift 1
|
||||||
|
;;
|
||||||
--) # End of all options
|
--) # End of all options
|
||||||
shift
|
shift
|
||||||
break
|
break
|
||||||
@ -1482,7 +1541,9 @@ if (( ${#cipherspref[@]} == 0 )) || [[ ${pref[1]} == "SSLv2" ]]; then
|
|||||||
get_cipher_pref "$FALLBACKCIPHERSUITESTRING"
|
get_cipher_pref "$FALLBACKCIPHERSUITESTRING"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
test_tls_tolerance
|
if [[ $TEST_TOLERANCE == "True" ]]; then
|
||||||
|
test_tls_tolerance
|
||||||
|
fi
|
||||||
|
|
||||||
test_serverside_ordering
|
test_serverside_ordering
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user