mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-04 23:13:41 +01:00
report key size used in server's certificate
Extend the report to show also server certificate key size: prio ciphersuite protocols pubkey_size pfs_keysize 1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits 2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
This commit is contained in:
parent
32eba4e644
commit
f9fdd62a59
16
cipherscan
16
cipherscan
@ -72,6 +72,10 @@ test_cipher_on_target() {
|
||||
current_cipher=$(grep "New, " <<<"$tmp"|awk '{print $5}')
|
||||
current_pfs=$(grep 'Server Temp Key' <<<"$tmp"|awk '{print $4$5$6$7}')
|
||||
current_protocol=$(egrep "^\s+Protocol\s+:" <<<"$tmp"|awk '{print $3}')
|
||||
current_pubkey=$(grep 'Server public key is ' <<<"$tmp"|awk '{print $5}')
|
||||
if [ -z $current_pubkey ]; then
|
||||
current_pubkey=0
|
||||
fi
|
||||
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
||||
# connection failed, try again with next TLS version
|
||||
continue
|
||||
@ -92,6 +96,7 @@ test_cipher_on_target() {
|
||||
fi
|
||||
cipher=$current_cipher
|
||||
pfs=$current_pfs
|
||||
pubkey=$current_pubkey
|
||||
# grab the cipher and PFS key size
|
||||
done
|
||||
# if cipher is empty, that means none of the TLS version worked with
|
||||
@ -103,13 +108,13 @@ test_cipher_on_target() {
|
||||
|
||||
# if cipher contains NONE, the cipher wasn't accepted
|
||||
elif [ "$cipher" == '(NONE) ' ]; then
|
||||
result="$cipher $protocols $pfs"
|
||||
result="$cipher $protocols $pubkey $pfs"
|
||||
verbose "handshake failed, server returned ciphersuite '$result'"
|
||||
return 1
|
||||
|
||||
# the connection succeeded
|
||||
else
|
||||
result="$cipher $protocols $pfs"
|
||||
result="$cipher $protocols $pubkey $pfs"
|
||||
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
||||
return 0
|
||||
fi
|
||||
@ -173,9 +178,9 @@ display_results_in_terminal() {
|
||||
done
|
||||
|
||||
if [ $DOBENCHMARK -eq 1 ]; then
|
||||
header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
|
||||
header="prio ciphersuite protocols pubkey_size pfs_keysize avg_handshake_microsec"
|
||||
else
|
||||
header="prio ciphersuite protocols pfs_keysize"
|
||||
header="prio ciphersuite protocols pubkey_size pfs_keysize"
|
||||
fi
|
||||
ctr=0
|
||||
for result in "${results[@]}"; do
|
||||
@ -196,7 +201,8 @@ display_results_in_json() {
|
||||
[ $ctr -gt 0 ] && echo -n ','
|
||||
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
|
||||
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
|
||||
pfs=$(echo $cipher|awk '{print $3}')
|
||||
echo -n "\"pubkey\":[\"$(echo $cipher|awk '{print $3}'|sed 's/,/","/g')\"],"
|
||||
pfs=$(echo $cipher|awk '{print $4}')
|
||||
[ "$pfs" == "" ] && pfs="None"
|
||||
echo -n "\"pfs\":\"$pfs\"}"
|
||||
ctr=$((ctr+1))
|
||||
|
Loading…
Reference in New Issue
Block a user