projects / tls-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
it seems EXP and LOW ciphersuits are gone
[tls-check.git] / tls-check
diff --git a/tls-check b/tls-check
index fcbf94105f7f686bbe035e625d3790f839bff637..bb2fc63fb49df50c80ab38be9a73cf708295c421 100755 (executable)
--- a/tls-check
+++ b/tls-check
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import subprocess, sys, argparse, time, re
 from collections import OrderedDict, namedtuple
 from enum import Enum
 import subprocess, sys, argparse, time, re
 from collections import OrderedDict, namedtuple
 from enum import Enum
@@ -59,7 +59,7 @@ def test_cipher(host, port, protocol, cipher = None, wait_time=0, options=[]):
     try:
         if cipher is not None:
             options = ["-cipher", cipher]+options
     try:
         if cipher is not None:
             options = ["-cipher", cipher]+options
-        subprocess.check_call(["openssl", "s_client", "-"+protocol, "-connect", host+":"+str(port)]+options,
+        subprocess.check_call(["openssl", "s_client", "-"+protocol, "-connect", host+":"+str(port), "-servername", host]+options,
                               stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
     except subprocess.CalledProcessError:
         return False
                               stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
     except subprocess.CalledProcessError:
         return False
@@ -112,8 +112,6 @@ CipherProps = namedtuple('CipherProps', 'bits, strength, isPfs')
 
 class CipherPropsProvider:
     def __init__(self):
 
 class CipherPropsProvider:
     def __init__(self):
-        self.exp = set(list_ciphers("EXP"))
-        self.low = set(list_ciphers("LOW"))
         self.medium = set(list_ciphers("MEDIUM"))
         self.high = set(list_ciphers("HIGH"))
         self.props = {}
         self.medium = set(list_ciphers("MEDIUM"))
         self.high = set(list_ciphers("HIGH"))
         self.props = {}
@@ -143,16 +141,10 @@ class CipherPropsProvider:
         kx = kxMatch.group(1)
         isPfs = kx in ('DH', 'DH(512)', 'ECDH')
         # determine security level
         kx = kxMatch.group(1)
         isPfs = kx in ('DH', 'DH(512)', 'ECDH')
         # determine security level
-        isExp = cipher in self.exp
-        isLow = cipher in self.low
         isMedium = cipher in self.medium
         isHigh = cipher in self.high
         isMedium = cipher in self.medium
         isHigh = cipher in self.high
-        assert isExp+isLow+isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH"
-        if isExp:
-            strength = CipherStrength.exp
-        elif isLow:
-            strength = CipherStrength.low
-        elif isMedium:
+        assert isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH"
+        if isMedium:
             strength = CipherStrength.medium
         elif isHigh:
             strength = CipherStrength.high
             strength = CipherStrength.medium
         elif isHigh:
             strength = CipherStrength.high
Detect the TLS ciphers supported by a server