projects
/
tls-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
46c9bdf
)
make script work again
master
author
Ralf Jung
<post@ralfj.de>
Tue, 23 Aug 2022 17:56:37 +0000
(13:56 -0400)
committer
Ralf Jung
<post@ralfj.de>
Tue, 23 Aug 2022 17:56:37 +0000
(13:56 -0400)
tls-check
patch
|
blob
|
history
diff --git
a/tls-check
b/tls-check
index bb2fc63fb49df50c80ab38be9a73cf708295c421..0445084ffafe5194be7418681250682a0a1d7853 100755
(executable)
--- a/
tls-check
+++ b/
tls-check
@@
-93,26
+93,18
@@
def test_host(host, port, wait_time=0, options=[]):
# cipher classification
class CipherStrength(Enum):
unknown = -1
# cipher classification
class CipherStrength(Enum):
unknown = -1
- exp = 0
- low = 1
- medium = 2
high = 3
def colorName(self):
high = 3
def colorName(self):
- if self == CipherStrength.unknown:
- return self.name
- elif self.value == CipherStrength.high.value:
+ if self.value == CipherStrength.high.value:
return ConsoleFormat.color(self.name, ConsoleFormat.GREEN)
return ConsoleFormat.color(self.name, ConsoleFormat.GREEN)
- elif self.value == CipherStrength.medium.value:
- return ConsoleFormat.color(self.name, ConsoleFormat.YELLOW)
else:
else:
- return ConsoleFormat.color(self.name, ConsoleFormat.
RED
)
+ return ConsoleFormat.color(self.name, ConsoleFormat.
YELLOW
)
CipherProps = namedtuple('CipherProps', 'bits, strength, isPfs')
class CipherPropsProvider:
def __init__(self):
CipherProps = namedtuple('CipherProps', 'bits, strength, isPfs')
class CipherPropsProvider:
def __init__(self):
- self.medium = set(list_ciphers("MEDIUM"))
self.high = set(list_ciphers("HIGH"))
self.props = {}
self.high = set(list_ciphers("HIGH"))
self.props = {}
@@
-123,8
+115,14
@@
class CipherPropsProvider:
protocol = protocol[:pos]
# as OpenSSL about this cipher
cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", "-"+protocol, cipher]).decode('UTF-8').strip()
protocol = protocol[:pos]
# as OpenSSL about this cipher
cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", "-"+protocol, cipher]).decode('UTF-8').strip()
- assert '\n' not in cipherInfo, "Cipher "+cipher+" produced unexpected output:\n"+cipherInfo
- cipherInfoFields = cipherInfo.split()
+ cipherInfoFields = None
+ for line in cipherInfo.split('\n'):
+ line = line.split()
+ if line[0] == cipher:
+ cipherInfoFields = line
+ break
+ if cipherInfoFields is None:
+ raise Exception("Cannot determine cipher properties of {0} (protocol: {1})".format(cipher, protocol))
# get # of bits
encMatch = re.match(r'^Enc=([0-9A-Za-z]+)\(([0-9]+)\)$', cipherInfoFields[4])
if encMatch is None:
# get # of bits
encMatch = re.match(r'^Enc=([0-9A-Za-z]+)\(([0-9]+)\)$', cipherInfoFields[4])
if encMatch is None:
@@
-141,12
+139,7
@@
class CipherPropsProvider:
kx = kxMatch.group(1)
isPfs = kx in ('DH', 'DH(512)', 'ECDH')
# determine security level
kx = kxMatch.group(1)
isPfs = kx in ('DH', 'DH(512)', 'ECDH')
# determine security level
- isMedium = cipher in self.medium
- isHigh = cipher in self.high
- assert isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH"
- if isMedium:
- strength = CipherStrength.medium
- elif isHigh:
+ if cipher in self.high:
strength = CipherStrength.high
else:
strength = CipherStrength.unknown
strength = CipherStrength.high
else:
strength = CipherStrength.unknown