X-Git-Url: https://git.ralfj.de/tls-check.git/blobdiff_plain/a5f47d777eb5cbcac788ea752ea3dafb36a147a3..46c9bdf71e31cbec72335684aabd67574da58ec2:/tls-check diff --git a/tls-check b/tls-check index 84ca009..bb2fc63 100755 --- a/tls-check +++ b/tls-check @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 import subprocess, sys, argparse, time, re from collections import OrderedDict, namedtuple from enum import Enum @@ -59,7 +59,7 @@ def test_cipher(host, port, protocol, cipher = None, wait_time=0, options=[]): try: if cipher is not None: options = ["-cipher", cipher]+options - subprocess.check_call(["openssl", "s_client", "-"+protocol, "-connect", host+":"+str(port)]+options, + subprocess.check_call(["openssl", "s_client", "-"+protocol, "-connect", host+":"+str(port), "-servername", host]+options, stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) except subprocess.CalledProcessError: return False @@ -112,13 +112,15 @@ CipherProps = namedtuple('CipherProps', 'bits, strength, isPfs') class CipherPropsProvider: def __init__(self): - self.exp = set(list_ciphers("EXP")) - self.low = set(list_ciphers("LOW")) self.medium = set(list_ciphers("MEDIUM")) self.high = set(list_ciphers("HIGH")) self.props = {} def getProps(self, protocol, cipher): + # strip the sub-version-number from the protocol + pos = protocol.find('_') + if pos >= 0: + protocol = protocol[:pos] # as OpenSSL about this cipher cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", "-"+protocol, cipher]).decode('UTF-8').strip() assert '\n' not in cipherInfo, "Cipher "+cipher+" produced unexpected output:\n"+cipherInfo @@ -139,16 +141,10 @@ class CipherPropsProvider: kx = kxMatch.group(1) isPfs = kx in ('DH', 'DH(512)', 'ECDH') # determine security level - isExp = cipher in self.exp - isLow = cipher in self.low isMedium = cipher in self.medium isHigh = cipher in self.high - assert isExp+isLow+isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH" - if isExp: - strength = CipherStrength.exp - elif isLow: - strength = CipherStrength.low - elif isMedium: + assert isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH" + if isMedium: strength = CipherStrength.medium elif isHigh: strength = CipherStrength.high