From bd7337926e7a5920100bd388d8733e5f2fef7cae Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Wed, 13 Jan 2021 16:30:33 +0000 Subject: [PATCH] BIN: Small adjustments to verifySSL The script now prepends the command that is echoed with a $ in order to indicate it is a command that is run Also stops the script showing each cipher that is tested --- bin/.bin/webtest/verifySSL | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/bin/.bin/webtest/verifySSL b/bin/.bin/webtest/verifySSL index c9c5f3d0..883463cb 100755 --- a/bin/.bin/webtest/verifySSL +++ b/bin/.bin/webtest/verifySSL @@ -35,14 +35,9 @@ check-beast(){ echo "" | $openssl s_client -ssl3 -connect "${host}:${port}" > /dev/null 2>&1 ssl3="$?" - if [ $tls1 -gt 0 ] && [ $ssl3 -gt 0 ]; then - die "Neither TLSv1 or SSLv3 connected successfully so there is no need to test the ciphers" - fi - $openssl ciphers -v | grep -i cbc | cut -d' ' -f1 | while read cipher; do - echo "Testing $cipher" >&2 if [ $tls1 -eq 0 ]; then - echo "openssl s_client -tls1 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile" + echo "\$ openssl s_client -tls1 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile" echo "" | $openssl s_client -tls1 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1 if [ "$?" -eq 0 ]; then cat "$tmpfile" @@ -51,7 +46,7 @@ check-beast(){ fi if [ $ssl3 -eq 0 ]; then - echo "openssl s_client -ssl3 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile" + echo "\$ openssl s_client -ssl3 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile" echo "" | $openssl s_client -ssl3 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1 if [ "$?" -eq 0 ]; then cat "$tmpfile" @@ -64,7 +59,7 @@ check-beast(){ check-sweet32(){ local tmpfile="$(mktemp)" - echo "openssl s_client -cipher 3DES -connect ${host}:${port}" >> "$tmpfile" + echo "\$ openssl s_client -cipher 3DES -connect ${host}:${port}" >> "$tmpfile" echo "" | $openssl s_client -cipher 3DES -connect "${host}:${port}" >> "$tmpfile" 2>&1 if [ "$?" -eq 0 ]; then cat "$tmpfile"