diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-09-15 23:16:08 +0200 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-09-15 23:16:08 +0200 |
commit | c2967ce76c95cc8fe11bb5d5af2e64b3212446c6 (patch) | |
tree | f59408f664ec37caa31b5dfa394c4ba9e31ae054 /openssl-connect | |
parent | b299a016090248fd4220558d5fcd75516dcd5351 (diff) | |
download | wireshark-notes-c2967ce76c95cc8fe11bb5d5af2e64b3212446c6.tar.gz |
Add ECDH-RSA support for tools
Diffstat (limited to 'openssl-connect')
-rwxr-xr-x | openssl-connect | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/openssl-connect b/openssl-connect index 55e896e..ceb24b2 100755 --- a/openssl-connect +++ b/openssl-connect @@ -25,36 +25,50 @@ s_client_client_random() { / ClientHello|ServerHello$/{l=3;s=""} END{ + has_random = 0; for (rnd in r) { + has_random = 1; if (key) print "CLIENT_RANDOM", rnd, key else print "# No master key for random", rnd } + # should not be possible since the first thing we sent out is a + # ClientHello, but just to be sure... + if (!has_random) { + if (key) + print "# No random found for key", key + else + print "# No random nor key found" + } }' } # When stdin is a TTY, try all ciphers if [ -t 0 ]; then - openssl ciphers -V | awk '{print $3, substr($6, 4)}' + openssl ciphers -V | awk '{print $3, substr($5, 4), substr($6, 4)}' else # otherwise if not TTY, pass-through cat fi | -while read cipher auth; do - case $auth in - RSA) +while read cipher keyex auth; do + case $keyex,$auth in + *,RSA) port=$portbase ;; - ECDH|ECDSA) + ECDH/ECDSA,ECDH|*,ECDSA) port=$((portbase+1)) ;; - DSS) + ECDH/RSA,ECDH) port=$((portbase+2)) ;; - PSK|*) + *,DSS) + port=$((portbase+3)) ;; + *,PSK|*) echo "Skipping unsupported $auth" >&2 continue ;; esac + echo "# Cipher Suite $cipher" + # It is expected that the other side closes the connection printf "GET / HTTP/1.0\r\n\r\n" | openssl s_client -connect "$host:$port" -ign_eof -cipher "$cipher" \ |