diff options
author | Peter Wu <peter@lekensteyn.nl> | 2016-09-17 19:13:23 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-09-17 19:13:23 +0200 |
commit | 21651a6e4c8ac21b1989c5847c04e96fd6c8b333 (patch) | |
tree | 8c513301cddb961b6ab73c64e42e9d573b195c5f | |
parent | 50c8054d10ba7a56b1b11cea6f98d6496ac4ac71 (diff) | |
download | wireshark-notes-21651a6e4c8ac21b1989c5847c04e96fd6c8b333.tar.gz |
openssl-connect: fix support for more PSK ciphers
Match also stuff like DHE-PSK-AES128-CCM8. Improve error message if
cipher is not accepted by OpenSSL.
-rwxr-xr-x | openssl-connect | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/openssl-connect b/openssl-connect index f4def7f..9d865fc 100755 --- a/openssl-connect +++ b/openssl-connect @@ -61,6 +61,10 @@ s_client_client_random() { fflush(); } + # if the cipher is unknown, or the security level is too low (see + # SSL_get_security_level in OpenSSL 1.1.0), then this message is reported. + /no ciphers available/ { invalid_cipher = 1 } + END { for (rnd in queued) { print "# No master key for random", rnd @@ -70,6 +74,8 @@ s_client_client_random() { if (!has_random) { if (key) print "# No random found for key", key + else if (invalid_cipher) + print "# Cipher is invalid or its security level is too low" else print "# No random nor key found" } @@ -102,7 +108,7 @@ while read cipher; do port=$((portbase+2)) ;; *-DSS-*) port=$((portbase+3)) ;; - PSK-*) + PSK-*|*-PSK-*) opts+=(-psk "$PSK") port=$portbase ;; *-RSA-*|*) # assume RSA (includes name like RC4-SHA) |