make sure we never connect to the server faster than the wait_time says
[tls-check.git] / tls-check
index 5de58e4..f757bdb 100755 (executable)
--- a/tls-check
+++ b/tls-check
@@ -53,7 +53,9 @@ def list_ciphers(spec="ALL:COMPLEMENTOFALL"):
     ciphers = subprocess.check_output(["openssl", "ciphers", spec]).decode('UTF-8').strip()
     return ciphers.split(':')
 
-def test_cipher(host, port, protocol, cipher = None, options=[]):
+def test_cipher(host, port, protocol, cipher = None, wait_time=0, options=[]):
+    # throttle
+    time.sleep(wait_time/1000)
     try:
         if cipher is not None:
             options = ["-cipher", cipher]+options
@@ -65,15 +67,13 @@ def test_cipher(host, port, protocol, cipher = None, options=[]):
         return True
 
 def test_protocol(host, port, protocol, ciphers, base_frac, wait_time=0, options=[]):
-    if test_cipher(host, port, protocol, options=options):
+    if test_cipher(host, port, protocol, wait_time=wait_time, options=options):
         # the protocol is supported
         results = OrderedDict()
         for i in range(len(ciphers)):
             cipher = ciphers[i]
             print_progress(protocol+" "+cipher, base_frac+[(i, len(ciphers))])
-            results[cipher] = test_cipher(host, port, protocol, cipher, options)
-            # throttle
-            time.sleep(wait_time/1000)
+            results[cipher] = test_cipher(host, port, protocol, cipher=cipher, wait_time=wait_time, options=options)
         return results
     else:
         # it is not supported