projects / tls-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
anotehr attempt at fixing protocol listing for Fedora's OpenSSL
[tls-check.git] / tls-check
diff --git a/tls-check b/tls-check
index 8a64d84734c7daaabe45f3e9bf4eb914bc09cf0b..fcbf94105f7f686bbe035e625d3790f839bff637 100755 (executable)
--- a/tls-check
+++ b/tls-check
@@ -118,9 +118,13 @@ class CipherPropsProvider:
         self.high = set(list_ciphers("HIGH"))
         self.props = {}
     
         self.high = set(list_ciphers("HIGH"))
         self.props = {}
     
-    def __getProps(self, cipher):
+    def getProps(self, protocol, cipher):
+        # strip the sub-version-number from the protocol
+        pos = protocol.find('_')
+        if pos >= 0:
+            protocol = protocol[:pos]
         # as OpenSSL about this cipher
         # as OpenSSL about this cipher
-        cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", cipher]).decode('UTF-8').strip()
+        cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", "-"+protocol, cipher]).decode('UTF-8').strip()
         assert '\n' not in cipherInfo, "Cipher "+cipher+" produced unexpected output:\n"+cipherInfo
         cipherInfoFields = cipherInfo.split()
         # get # of bits
         assert '\n' not in cipherInfo, "Cipher "+cipher+" produced unexpected output:\n"+cipherInfo
         cipherInfoFields = cipherInfo.split()
         # get # of bits
@@ -156,19 +160,12 @@ class CipherPropsProvider:
             strength = CipherStrength.unknown
         # done!
         return CipherProps(bits=bits, strength=strength, isPfs=isPfs)
             strength = CipherStrength.unknown
         # done!
         return CipherProps(bits=bits, strength=strength, isPfs=isPfs)
-    
-    def getProps(self, cipher):
-        if cipher in self.props:
-            return self.props[cipher]
-        props = self.__getProps(cipher)
-        self.props[cipher] = props
-        return props
 
 # main program
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(description='Check TLS ciphers supported by a host')
     parser.add_argument("--starttls", dest="starttls",
 
 # main program
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(description='Check TLS ciphers supported by a host')
     parser.add_argument("--starttls", dest="starttls",
-                        help="Use a STARTTLS variant to establish the TLS connection. Possible values include smpt, imap.")
+                        help="Use a STARTTLS variant to establish the TLS connection. Possible values include smtp, imap.")
     parser.add_argument("--wait-time", "-t", dest="wait_time", default="10",
                         help="Time (in ms) to wait between two connections to the server. Default is 10ms.")
     parser.add_argument("host", metavar='HOST[:PORT]',
     parser.add_argument("--wait-time", "-t", dest="wait_time", default="10",
                         help="Time (in ms) to wait between two connections to the server. Default is 10ms.")
     parser.add_argument("host", metavar='HOST[:PORT]',
@@ -200,7 +197,7 @@ if __name__ == "__main__":
         else:
             for cipher, supported in ciphers.items():
                 if supported:
         else:
             for cipher, supported in ciphers.items():
                 if supported:
-                    cipherProps = propsProvider.getProps(cipher)
+                    cipherProps = propsProvider.getProps(protocol, cipher)
                     fsText = ConsoleFormat.color("FS", ConsoleFormat.GREEN) if cipherProps.isPfs else ConsoleFormat.color("no FS", ConsoleFormat.RED)
                     bitColor = ConsoleFormat.GREEN if cipherProps.bits >= 128 else (ConsoleFormat.YELLOW if cipherProps.bits >= 100 else ConsoleFormat.RED)
                     print("    {0} ({1}, {2}, {3})".format(cipher.ljust(STATE_WIDTH), cipherProps.strength.colorName(), ConsoleFormat.color(str(cipherProps.bits)+" bits", bitColor), fsText))
                     fsText = ConsoleFormat.color("FS", ConsoleFormat.GREEN) if cipherProps.isPfs else ConsoleFormat.color("no FS", ConsoleFormat.RED)
                     bitColor = ConsoleFormat.GREEN if cipherProps.bits >= 128 else (ConsoleFormat.YELLOW if cipherProps.bits >= 100 else ConsoleFormat.RED)
                     print("    {0} ({1}, {2}, {3})".format(cipher.ljust(STATE_WIDTH), cipherProps.strength.colorName(), ConsoleFormat.color(str(cipherProps.bits)+" bits", bitColor), fsText))
Detect the TLS ciphers supported by a server