mirror of
				https://github.com/drwetter/testssl.sh.git
				synced 2025-10-25 14:00:59 +02:00 
			
		
		
		
	Merge pull request #411 from welwood08/patch-2
Server cipher order NPN tests should use SNI
This commit is contained in:
		
						commit
						16087f8252
					
				| @ -3324,7 +3324,7 @@ run_server_preference() { | ||||
|                [[ -n "$PROXY" ]] && arg="   SPDY/NPN is" | ||||
|                [[ -n "$STARTTLS" ]] && arg="    " | ||||
|                if spdy_pre " $arg" ; then                                       # is NPN/SPDY supported and is this no STARTTLS? / no PROXY | ||||
|                     $OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                     $OPENSSL s_client -connect $NODEIP:$PORT $BUGS -nextprotoneg "$NPN_PROTOs" $SNI </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                     if sclient_connect_successful $? $TMPFILE; then | ||||
|                          proto[i]=$(grep -aw "Next protocol" $TMPFILE | sed -e 's/^Next protocol://' -e 's/(.)//' -e 's/ //g') | ||||
|                          if [[ -z "${proto[i]}" ]]; then | ||||
| @ -3499,16 +3499,16 @@ cipher_pref_check() { | ||||
|      if ! spdy_pre "     SPDY/NPN: "; then       # is NPN/SPDY supported and is this no STARTTLS? | ||||
|           outln | ||||
|      else | ||||
|           npn_protos=$($OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg \"\" </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g') | ||||
|           npn_protos=$($OPENSSL s_client $BUGS -nextprotoneg \"\" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE | grep -a "^Protocols " | sed -e 's/^Protocols.*server: //' -e 's/,//g') | ||||
|           for p in $npn_protos; do | ||||
|                order="" | ||||
|                $OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                $OPENSSL s_client $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) | ||||
|                printf "    %-10s %s " "$p:" "$cipher" | ||||
|                tested_cipher="-"$cipher | ||||
|                order="$cipher" | ||||
|                while true; do | ||||
|                     $OPENSSL s_client -cipher "ALL:$tested_cipher" -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                     $OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI </dev/null 2>>$ERRFILE >$TMPFILE | ||||
|                     sclient_connect_successful $? $TMPFILE || break | ||||
|                     cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) | ||||
|                     out "$cipher " | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user