mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 06:13:42 +01:00
Enable Server Name Indication by default
This commit is contained in:
parent
0de6abab61
commit
9952d90cf4
25
cipherscan
25
cipherscan
@ -184,6 +184,8 @@ TIMEOUT=30
|
||||
SAVECRT=""
|
||||
TEST_CURVES="True"
|
||||
has_curves="False"
|
||||
TEST_TOLERANCE="True"
|
||||
SNI="True"
|
||||
# openssl formated list of curves that will cause server to select ECC suite
|
||||
ecc_ciphers=""
|
||||
unset known_certs
|
||||
@ -227,6 +229,8 @@ Use one of the options below:
|
||||
-o | --openssl path/to/your/openssl binary you want to use.
|
||||
--savecrt path where to save untrusted and leaf certificates
|
||||
--[no-]curves test ECC curves supported by server (req. OpenSSL 1.0.2)
|
||||
--[no-]tolerance test TLS tolerance
|
||||
--no-sni don't use Server Name Indication
|
||||
-v | --verbose Increase verbosity.
|
||||
|
||||
The rest of the arguments will be interpreted as openssl s_client argument.
|
||||
@ -1375,6 +1379,18 @@ do
|
||||
TEST_CURVES="False"
|
||||
shift 1
|
||||
;;
|
||||
--tolerance)
|
||||
TEST_TOLERANCE="True"
|
||||
shift 1
|
||||
;;
|
||||
--no-tolerance)
|
||||
TEST_TOLERANCE="False"
|
||||
shift 1
|
||||
;;
|
||||
--no-sni)
|
||||
SNI="False"
|
||||
shift 1
|
||||
;;
|
||||
--) # End of all options
|
||||
shift
|
||||
break
|
||||
@ -1414,7 +1430,13 @@ if [[ -z $TARGET || $TARGET =~ ^[-:] || $TARGET =~ :.*[^0-9] ]]; then
|
||||
exit 1
|
||||
fi
|
||||
if ! [[ $TARGET =~ : ]]; then
|
||||
sni_target=$TARGET
|
||||
TARGET="${TARGET}:443"
|
||||
else
|
||||
# strip the port for the sni_target
|
||||
if [[ "$TARGET" =~ (.*):([0-9]{1,5}) ]]; then
|
||||
sni_target="${BASH_REMATCH[1]}"
|
||||
fi
|
||||
fi
|
||||
|
||||
debug "target: $TARGET"
|
||||
@ -1463,6 +1485,9 @@ if [[ $VERBOSE != 0 ]] ; then
|
||||
fi
|
||||
|
||||
SCLIENTARGS="${PARAMS[*]}"
|
||||
if [[ $SNI == "True" ]]; then
|
||||
SCLIENTARGS="$SCLIENTARGS -servername $sni_target"
|
||||
fi
|
||||
debug "sclientargs: $SCLIENTARGS"
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user