2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

Simplify test_serverside_ordering() to use half as many assignments.

This commit is contained in:
Richard Soderberg 2015-09-05 04:01:36 -07:00
parent b91b153bbd
commit d2e1784eb8

View File

@ -843,36 +843,29 @@ display_results_in_json() {
} }
test_serverside_ordering() { test_serverside_ordering() {
local -a ciphersuites=()
local ciphersuite="" local ciphersuite=""
local prefered="" local prefered=""
# server supports only one cipher or no ciphers, so it effectively uses server side ordering... # server supports only one cipher or no ciphers, so it effectively uses server side ordering...
if (( ${#cipherspref[@]} < 2 )); then if (( ${#cipherspref[@]} < 2 )); then
serverside="True" serverside="True"
return 0 return 0
# server supports just two ciphers, so rotate them, that should be enough
elif (( ${#cipherspref[@]} == 2 )); then
local cipher=(${cipherspref[1]})
prefered="$cipher"
ciphersuite=$cipher
cipher=(${cipherspref[0]})
ciphersuite+=":$cipher"
# server supports 3 or more ciphers, rotate all three. This is necessary because google does
# select first client provided cipher, if it is either CDHE-RSA-AES128-GCM-SHA256 or
# ECDHE-RSA-CHACHA20-POLY1305
else
local cipher=(${cipherspref[2]})
prefered="$cipher"
ciphersuite="$cipher"
cipher=(${cipherspref[1]})
ciphersuite+=":$cipher"
cipher=(${cipherspref[0]})
ciphersuite+=":$cipher"
fi fi
local cipher=""
if (( ${#cipherspref[@]} > 2 )); then
# server supports 3 or more ciphers, rotate all three. This is necessary because google does
# select first client provided cipher, if it is either CDHE-RSA-AES128-GCM-SHA256 or
# ECDHE-RSA-CHACHA20-POLY1305
ciphersuites+=("${cipherspref[2]%% *}")
fi
# else, server supports just two ciphers, so rotate them, that should be enough
ciphersuites+=("${cipherspref[1]%% *}")
ciphersuites+=("${cipherspref[0]%% *}")
prefered="${ciphersuites[0]%% *}"
join_array_by_char ':' "${ciphersuites[@]}"
ciphersuite="$joined_array"
local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client" local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client"
if [[ -n "$CAPATH" ]]; then if [[ -n "$CAPATH" ]]; then