mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-04 23:13:41 +01:00
Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
Previously scan would report: prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits Now it correctly reports: prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
This commit is contained in:
parent
afcc92db02
commit
ac3e5f4d62
@ -64,6 +64,7 @@ test_cipher_on_target() {
|
||||
cipher=""
|
||||
protocols=""
|
||||
pfs=""
|
||||
previous_cipher=""
|
||||
for tls_version in "-ssl2" "-ssl3" "-tls1" "-tls1_1" "-tls1_2"
|
||||
do
|
||||
debug echo \"quit\\n\" \| $sslcommand $tls_version
|
||||
@ -74,7 +75,15 @@ test_cipher_on_target() {
|
||||
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
||||
# connection failed, try again with next TLS version
|
||||
continue
|
||||
else
|
||||
verbose "connection successful; protocol: $current_protocol, cipher: $current_cipher, previous cipher: $previous_cipher"
|
||||
fi
|
||||
# handling of TLSv1.2 only cipher suites
|
||||
if [ ! -z "$previous_cipher" ] && [ "$previous_cipher" != "$current_cipher" ] && [ "$current_cipher" != "0000" ]; then
|
||||
unset protocols
|
||||
fi
|
||||
previous_cipher=$current_cipher
|
||||
|
||||
# connection succeeded, add TLS version to positive results
|
||||
if [ -z "$protocols" ]; then
|
||||
protocols=$current_protocol
|
||||
|
Loading…
Reference in New Issue
Block a user