Skip to content

Commit 7c47d8a

Browse files
drwetterdrwetter
authored
Merge pull request #3023 from dcooper16/identity_ossl_tls13_ciphers
Identify TLS 1.3 ciphers by OpenSSL name
2 parents 24eb5de + 74a60d2 commit 7c47d8a

1 file changed

Lines changed: 12 additions & 14 deletions

File tree

testssl.sh

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4120,7 +4120,7 @@ run_cipher_match(){
41204120
tls13_ciphers_to_test=""
41214121
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
41224122
if ! "${ciphers_found2[i]}"; then
4123-
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]] || [[ "${ciph2[i]}" == AEAD-* ]]; then
4123+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph2[i]}: ]]; then
41244124
tls13_ciphers_to_test+=":${ciph2[i]}"
41254125
else
41264126
ciphers_to_test+=":${ciph2[i]}"
@@ -4138,7 +4138,7 @@ run_cipher_match(){
41384138
[[ $i -eq $end_of_bundle ]] && break
41394139
i=${index[i]}
41404140
ciphers_found[i]=true
4141-
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]] || [[ "$cipher" == AEAD-* ]]; then
4141+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${cipher}: ]]; then
41424142
kx[i]="$(read_dhtype_from_file $TMPFILE)"
41434143
fi
41444144
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
@@ -4394,7 +4394,7 @@ run_allciphers() {
43944394
tls13_ciphers_to_test=""
43954395
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
43964396
if ! "${ciphers_found2[i]}"; then
4397-
if [[ "${ciph2[i]}" == TLS13* ]] || [[ "${ciph2[i]}" == TLS_* ]] || [[ "${ciph2[i]}" == AEAD-* ]]; then
4397+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph2[i]}: ]]; then
43984398
tls13_ciphers_to_test+=":${ciph2[i]}"
43994399
else
44004400
ciphers_to_test+=":${ciph2[i]}"
@@ -4412,7 +4412,7 @@ run_allciphers() {
44124412
[[ $i -eq $end_of_bundle ]] && break
44134413
i=${index[i]}
44144414
ciphers_found[i]=true
4415-
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]] || [[ "$cipher" == AEAD-* ]]; then
4415+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${cipher}: ]]; then
44164416
kx[i]="$(read_dhtype_from_file $TMPFILE)"
44174417
fi
44184418
if [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]]; then
@@ -4603,11 +4603,9 @@ ciphers_by_strength() {
46034603
fi
46044604
while read hexc n ciph[nr_ciphers] sslvers kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
46054605
if [[ "$proto" == -tls1_3 ]]; then
4606-
[[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || [[ "${ciph[nr_ciphers]}" == AEAD-* ]] || continue
4606+
[[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[nr_ciphers]}: ]] || continue
46074607
elif [[ "$proto" == -tls1_2 ]]; then
4608-
if [[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || [[ "${ciph[nr_ciphers]}" == AEAD-* ]]; then
4609-
continue
4610-
fi
4608+
[[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[nr_ciphers]}: ]] && continue
46114609
elif [[ "${ciph[nr_ciphers]}" == *-SHA256 ]] || [[ "${ciph[nr_ciphers]}" == *-SHA384 ]] || \
46124610
[[ "${ciph[nr_ciphers]}" == *-CCM ]] || [[ "${ciph[nr_ciphers]}" == *-CCM8 ]] || \
46134611
[[ "${ciph[nr_ciphers]}" =~ CHACHA20-POLY1305 ]]; then
@@ -11184,7 +11182,7 @@ run_fs() {
1118411182
tls13_ciphers_to_test=""
1118511183
for (( i=0; i < nr_supported_ciphers; i++ )); do
1118611184
if ! "${ciphers_found[i]}" && "${ossl_supported[i]}"; then
11187-
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
11185+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[i]}: ]]; then
1118811186
tls13_ciphers_to_test+=":${ciph[i]}"
1118911187
else
1119011188
ciphers_to_test+=":${ciph[i]}"
@@ -11211,7 +11209,7 @@ run_fs() {
1121111209
done
1121211210
[[ $i -eq $nr_supported_ciphers ]] && break
1121311211
ciphers_found[i]=true
11214-
if [[ "$fs_cipher" == TLS13* ]] || [[ "$fs_cipher" == TLS_* ]] || [[ "$fs_cipher" == AEAD-* ]]; then
11212+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${fs_cipher}: ]]; then
1121511213
fs_tls13_offered=true
1121611214
"$WIDE" && kx[i]="$(read_dhtype_from_file $TMPFILE)"
1121711215
elif [[ "$fs_cipher" == ECDHE-* ]]; then
@@ -11281,12 +11279,12 @@ run_fs() {
1128111279
fi
1128211280
fs_ciphers+="$fs_cipher "
1128311281

11284-
if [[ "${ciph[i]}" == ECDHE-* ]] || [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || \
11285-
[[ "${ciph[i]}" == AEAD-* ]] || { "$using_sockets" && [[ "${rfc_ciph[i]}" == TLS_ECDHE_* ]]; }; then
11282+
if [[ "${ciph[i]}" == ECDHE-* ]] || [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[i]}: ]] || [[ "${ciph[i]}" == TLS_* ]] || \
11283+
{ "$using_sockets" && [[ "${rfc_ciph[i]}" == TLS_ECDHE_* ]]; }; then
1128611284
ecdhe_offered=true
1128711285
ecdhe_cipher_list_hex+=", ${hexcode[i]}"
1128811286
if [[ "${ciph[i]}" != "-" ]]; then
11289-
if [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
11287+
if [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[i]}: ]] || [[ "${ciph[i]}" == TLS_* ]]; then
1129011288
tls13_cipher_list+=":$fs_cipher"
1129111289
else
1129211290
ecdhe_cipher_list+=":$fs_cipher"
@@ -11296,7 +11294,7 @@ run_fs() {
1129611294
if [[ "${ciph[i]}" == "DHE-"* ]] || { "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]]; }; then
1129711295
ffdhe_offered=true
1129811296
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
11299-
elif [[ "${ciph[i]}" == TLS13* ]] || [[ "${ciph[i]}" == TLS_* ]] || [[ "${ciph[i]}" == AEAD-* ]]; then
11297+
elif [[ ":$TLS13_OSSL_CIPHERS:" =~ :${ciph[i]}: ]] || [[ "${ciph[i]}" == TLS_* ]]; then
1130011298
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
1130111299
fi
1130211300
fi

0 commit comments

Comments
 (0)