diff --git a/testssl.sh b/testssl.sh index 6d2462bb..0597af24 100755 --- a/testssl.sh +++ b/testssl.sh @@ -616,6 +616,7 @@ pr_italicln() { pr_italic "$1" ; outln; } pr_strikethru() { [[ "$COLOR" -ne 0 ]] && out "\033[9m$1" || out "$1"; pr_off; } # ugly! pr_strikethruln() { pr_strikethru "$1" ; outln; } pr_underline() { [[ "$COLOR" -ne 0 ]] && out "\033[4m$1" || out "$1"; pr_off; } +pr_underlineln() { pr_underline "$1"; outln; } pr_reverse() { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off; } pr_reverse_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[7m\033[1m$1" || out "$1"; pr_off; } @@ -2626,7 +2627,7 @@ run_allciphers() { outln if "$using_sockets"; then - pr_headlineln " Testing $nr_ciphers_tested via OpenSSL and sockets against the server, ordered by encryption strength " + pr_headlineln " Testing $nr_ciphers_tested ciphers via OpenSSL plus sockets against the server, ordered by encryption strength " else pr_headlineln " Testing all $nr_ciphers_tested locally available ciphers against the server, ordered by encryption strength " [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl" @@ -2803,7 +2804,7 @@ run_cipher_per_proto() { outln if "$using_sockets"; then - pr_headlineln " Testing per protocol via OpenSSL and sockets against the server, ordered by encryption strength " + pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength " else pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength " [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl" @@ -4214,18 +4215,13 @@ run_protocols() { if "$SSL_NATIVE"; then using_sockets=false - pr_headlineln "(via native openssl)" + pr_underlineln "via native openssl" else + using_sockets=true if [[ -n "$STARTTLS" ]]; then - pr_headlineln "(via openssl, SSLv2 via sockets) " - using_sockets=false + pr_underlineln "via sockets " else - using_sockets=true - if "$EXPERIMENTAL"; then - pr_headlineln "(via sockets except SPDY+HTTP2) " - else - pr_headlineln "(via sockets except TLS 1.2, SPDY+HTTP2) " - fi + pr_underlineln "via sockets except SPDY+HTTP2 " fi fi outln @@ -4429,7 +4425,7 @@ run_protocols() { esac pr_bold " TLS 1.2 "; - if "$using_sockets" && "$EXPERIMENTAL"; then #TODO: IIS servers do have a problem here with our handshake + if "$using_sockets"; then tls_sockets "03" "$TLS12_CIPHER" else run_prototest_openssl "-tls1_2" @@ -4549,7 +4545,7 @@ run_std_cipherlists() { read_dhbits_from_file() { local bits what_dh temp curve="" local add="" - local old_fart=" (openssl cannot show DH bits)" + local old_fart=" (your $OPENSSL cannot show DH bits)" temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$1") # extract line what_dh=$(awk -F',' '{ print $1 }' <<< $temp) @@ -5252,7 +5248,7 @@ determine_trust() { if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]] && \ [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.0" ]] && \ [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.1" ]]; then - addtl_warning="(Your openssl <= 1.0.2 might be too unreliable to determine trust)" + addtl_warning="(Your $OPENSSL <= 1.0.2 might be too unreliable to determine trust)" fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning" fi debugme outln @@ -6500,7 +6496,7 @@ run_pfs() { [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false outln - pr_headlineln " Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 " + pr_headline " Testing robust (perfect) forward secrecy"; pr_underlineln ", (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 " if ! "$using_sockets"; then [[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl" if ! "$HAS_DH_BITS" && "$WIDE"; then