mirror of
				https://github.com/drwetter/testssl.sh.git
				synced 2025-10-26 21:31:01 +01:00 
			
		
		
		
	Merge branch 'master' into more_sslv2_sslv3_fixes
Conflicts: testssl.sh
This commit is contained in:
		
						commit
						1add0f86f9
					
				
							
								
								
									
										17
									
								
								testssl.sh
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								testssl.sh
									
									
									
									
									
								
							| @ -717,7 +717,7 @@ run_http_header() { | ||||
|      wait_kill $! $HEADER_MAXSLEEP | ||||
|      if [[ $? -eq 0 ]]; then | ||||
|           # we do the get command again as it terminated within $HEADER_MAXSLEEP. Thus it didn't hang, we do it | ||||
|           # again in the foreground ito get an ccurate header time! | ||||
|           # again in the foreground to get an accurate header time! | ||||
|           printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $addcmd >$HEADERFILE 2>$ERRFILE | ||||
|           NOW_TIME=$(date "+%s") | ||||
|           HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 }  /^Date:/ { print $2 }' $HEADERFILE) | ||||
| @ -3858,7 +3858,7 @@ tls_time() { | ||||
|           debugme out "$TLS_TIME" | ||||
|           outln | ||||
|      else | ||||
|           pr_warning "SSLv3 through TLS 1.2 didn't return a timestamp" | ||||
|           pr_warningln "SSLv3 through TLS 1.2 didn't return a timestamp" | ||||
|           fileout "tls_time" "INFO" "No TLS timestamp returned by SSLv3 through TLSv1.2" | ||||
|      fi | ||||
|      return 0 | ||||
| @ -7182,6 +7182,7 @@ check4openssl_oldfarts() { | ||||
|                *)   outln " Update openssl binaries or compile from github.com/PeterMosmans/openssl" ;; | ||||
|           esac | ||||
|           ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives " | ||||
|           [[ $? -ne 0 ]] && exit -2 | ||||
|      fi | ||||
|      outln | ||||
| } | ||||
| @ -7877,7 +7878,7 @@ sclient_auth() { | ||||
| # | ||||
| determine_optimal_proto() { | ||||
|      local all_failed | ||||
|      local addcmd="" | ||||
|      local sni="" | ||||
| 
 | ||||
|      #TODO: maybe query known openssl version before this workaround. 1.0.1 doesn't need this | ||||
| 
 | ||||
| @ -7895,8 +7896,9 @@ determine_optimal_proto() { | ||||
|           done | ||||
|           debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO" | ||||
|      else | ||||
|           for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2 ''; do | ||||
|                $OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI </dev/null >$TMPFILE 2>>$ERRFILE | ||||
|           for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do | ||||
|                [[ "$OPTIMAL_PROTO" =~ ssl ]] && sni="" || sni=$SNI | ||||
|                $OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $sni </dev/null >$TMPFILE 2>>$ERRFILE | ||||
|                if sclient_auth $? $TMPFILE; then | ||||
|                     all_failed=1 | ||||
|                     break | ||||
| @ -7904,6 +7906,11 @@ determine_optimal_proto() { | ||||
|                all_failed=0 | ||||
|           done | ||||
|           debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO" | ||||
|           if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then | ||||
|                pr_magentaln "$NODEIP:$PORT appears to only support SSLv2." | ||||
|                ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives " | ||||
|                [[ $? -ne 0 ]] && exit -2 | ||||
|           fi | ||||
|      fi | ||||
|      grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true     # FIX #190 | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user