BIN: adds sweet32 test to verifySSL

3 years ago · 4c2f3dbc4d
parent a4dc363ee6
commit 4c2f3dbc4d
1 changed files with 14 additions and 0 deletions
--- a/bin/.bin/webtest/verifySSL
+++ b/bin/.bin/webtest/verifySSL
@ -22,6 +22,7 @@ print_help(){

 list_vulnerabilites(){
 	echo "Beast"
+	echo "Sweet32"
 }

 check-beast(){
@ -61,6 +62,16 @@ check-beast(){

 }

+check-sweet32(){
+	local tmpfile="$(mktemp)"
+	echo "openssl s_client -cipher 3DES -connect ${host}:${port}" >> "$tmpfile"
+	echo "" | $openssl s_client -cipher 3DES -connect "${host}:${port}" >> "$tmpfile" 2>&1
+	if [ "$?" -eq 0 ]; then
+		cat "$tmpfile"
+	fi
+	rm "$tmpfile"
+}
+
 while [ "$#" -gt 0 ]; do
 	case "$1" in
 		-p|--port)
@ -98,6 +109,9 @@ case "$(echo "$vulnerability" | tr '[:upper:]' '[:lower:]')" in
 	beast)
 		check-beast
 		;;
+	sweet32)
+		check-sweet32
+		;;
 	*)
 		die "Unknown vulnerability $vulnerability"
 		;;