LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00
Code Issues Releases Wiki Activity

Add handling for TLS-variant ticket hint value.

Browse Source 
This, as previous commits, adds support for reporting the TLS ticket
hint value per-protocol, which results in a lot of 'None' for SSLv3 (as
expected).
This commit is contained in:
Richard Soderberg 2015-09-18 16:29:32 -07:00
parent 638e0cbd10
commit eb752c541c
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cipherscan
View File

@ -512,6 +512,7 @@ test_cipher_on_target() {
certificates="" certificates=""
declare -A sigalgs=() declare -A sigalgs=()
declare -A pfses=() declare -A pfses=()
declare -A tickethints=()
for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do for tls_version in "${TLS_VERSIONS_TO_TEST[@]}"; do
# sslv2 client hello doesn't support SNI extension # sslv2 client hello doesn't support SNI extension
# in SSLv3 mode OpenSSL just ignores the setting so it's ok # in SSLv3 mode OpenSSL just ignores the setting so it's ok
@ -628,7 +629,7 @@ test_cipher_on_target() {
pubkey=$current_pubkey pubkey=$current_pubkey
sigalgs[$current_protocol]="$current_sigalg" sigalgs[$current_protocol]="$current_sigalg"
trusted=$current_trusted trusted=$current_trusted
tickethint=$current_tickethint tickethints[$current_protocol]=$current_tickethint
ocspstaple=$current_ocspstaple ocspstaple=$current_ocspstaple
certificates="$current_certificates" certificates="$current_certificates"
# grab the cipher and PFS key size # grab the cipher and PFS key size
@ -677,6 +678,24 @@ test_cipher_on_target() {
pfs="${pfses[@]}" pfs="${pfses[@]}"
fi fi
# Flatten the tickethints list to a single item if every entry is the same.
if (( ${#tickethints[*]} > 1 )); then
local tickethints_values=()
for each_protocol in "${protocols[@]}"; do
tickethints_values+=("${tickethints[$each_protocol]}")
done
if [[ $OUTPUTFORMAT == 'json' ]]; then
# Don't deduplicate for JSON.
join_array_by_char ',' "${tickethints_values[@]}"
else
flatten_or_join_array_by_char ',' "${tickethints_values[@]}"
fi
tickethint="$joined_array"
else
# Just extract the one value that's present and use it.
tickethint="${tickethints[@]}"
fi
# Pre-join this, since we use it in a couple of places below. # Pre-join this, since we use it in a couple of places below.
join_array_by_char ',' "${protocols[@]}" join_array_by_char ',' "${protocols[@]}"
protocols_csv="$joined_array" protocols_csv="$joined_array"
@ -1009,7 +1028,7 @@ display_results_in_json() {
if [[ -n $CAPATH ]]; then if [[ -n $CAPATH ]]; then
echo -n "\"certificates\":[${ciphercertificates[$ctr]}]," echo -n "\"certificates\":[${ciphercertificates[$ctr]}],"
fi fi
echo -n "\"ticket_hint\":\"${cipher_arr[5]}\"," echo -n "\"ticket_hint\":[\"${cipher_arr[5]//,/\",\"}\"],"
echo -n "\"ocsp_stapling\":\"${cipher_arr[6]}\"," echo -n "\"ocsp_stapling\":\"${cipher_arr[6]}\","
echo -n "\"pfs\":[\"${cipher_arr[7]//\;/\",\"}\"]" echo -n "\"pfs\":[\"${cipher_arr[7]//\;/\",\"}\"]"
if [[ "${cipher_arr[0]}" =~ ECDH ]]; then if [[ "${cipher_arr[0]}" =~ ECDH ]]; then