mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
report key size used in server's certificate
Extend the report to show also server certificate key size: prio ciphersuite protocols pubkey_size pfs_keysize 1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits 2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
This commit is contained in:
parent
32eba4e644
commit
f9fdd62a59
16
cipherscan
16
cipherscan
@ -72,6 +72,10 @@ test_cipher_on_target() {
|
|||||||
current_cipher=$(grep "New, " <<<"$tmp"|awk '{print $5}')
|
current_cipher=$(grep "New, " <<<"$tmp"|awk '{print $5}')
|
||||||
current_pfs=$(grep 'Server Temp Key' <<<"$tmp"|awk '{print $4$5$6$7}')
|
current_pfs=$(grep 'Server Temp Key' <<<"$tmp"|awk '{print $4$5$6$7}')
|
||||||
current_protocol=$(egrep "^\s+Protocol\s+:" <<<"$tmp"|awk '{print $3}')
|
current_protocol=$(egrep "^\s+Protocol\s+:" <<<"$tmp"|awk '{print $3}')
|
||||||
|
current_pubkey=$(grep 'Server public key is ' <<<"$tmp"|awk '{print $5}')
|
||||||
|
if [ -z $current_pubkey ]; then
|
||||||
|
current_pubkey=0
|
||||||
|
fi
|
||||||
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
||||||
# connection failed, try again with next TLS version
|
# connection failed, try again with next TLS version
|
||||||
continue
|
continue
|
||||||
@ -92,6 +96,7 @@ test_cipher_on_target() {
|
|||||||
fi
|
fi
|
||||||
cipher=$current_cipher
|
cipher=$current_cipher
|
||||||
pfs=$current_pfs
|
pfs=$current_pfs
|
||||||
|
pubkey=$current_pubkey
|
||||||
# grab the cipher and PFS key size
|
# grab the cipher and PFS key size
|
||||||
done
|
done
|
||||||
# if cipher is empty, that means none of the TLS version worked with
|
# if cipher is empty, that means none of the TLS version worked with
|
||||||
@ -103,13 +108,13 @@ test_cipher_on_target() {
|
|||||||
|
|
||||||
# if cipher contains NONE, the cipher wasn't accepted
|
# if cipher contains NONE, the cipher wasn't accepted
|
||||||
elif [ "$cipher" == '(NONE) ' ]; then
|
elif [ "$cipher" == '(NONE) ' ]; then
|
||||||
result="$cipher $protocols $pfs"
|
result="$cipher $protocols $pubkey $pfs"
|
||||||
verbose "handshake failed, server returned ciphersuite '$result'"
|
verbose "handshake failed, server returned ciphersuite '$result'"
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
# the connection succeeded
|
# the connection succeeded
|
||||||
else
|
else
|
||||||
result="$cipher $protocols $pfs"
|
result="$cipher $protocols $pubkey $pfs"
|
||||||
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -173,9 +178,9 @@ display_results_in_terminal() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $DOBENCHMARK -eq 1 ]; then
|
if [ $DOBENCHMARK -eq 1 ]; then
|
||||||
header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
|
header="prio ciphersuite protocols pubkey_size pfs_keysize avg_handshake_microsec"
|
||||||
else
|
else
|
||||||
header="prio ciphersuite protocols pfs_keysize"
|
header="prio ciphersuite protocols pubkey_size pfs_keysize"
|
||||||
fi
|
fi
|
||||||
ctr=0
|
ctr=0
|
||||||
for result in "${results[@]}"; do
|
for result in "${results[@]}"; do
|
||||||
@ -196,7 +201,8 @@ display_results_in_json() {
|
|||||||
[ $ctr -gt 0 ] && echo -n ','
|
[ $ctr -gt 0 ] && echo -n ','
|
||||||
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
|
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
|
||||||
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
|
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
|
||||||
pfs=$(echo $cipher|awk '{print $3}')
|
echo -n "\"pubkey\":[\"$(echo $cipher|awk '{print $3}'|sed 's/,/","/g')\"],"
|
||||||
|
pfs=$(echo $cipher|awk '{print $4}')
|
||||||
[ "$pfs" == "" ] && pfs="None"
|
[ "$pfs" == "" ] && pfs="None"
|
||||||
echo -n "\"pfs\":\"$pfs\"}"
|
echo -n "\"pfs\":\"$pfs\"}"
|
||||||
ctr=$((ctr+1))
|
ctr=$((ctr+1))
|
||||||
|
Loading…
Reference in New Issue
Block a user