summaryrefslogtreecommitdiff
path: root/openssl-connect
diff options
context:
space:
mode:
authorPeter Wu <lekensteyn@gmail.com>2013-09-15 23:16:08 +0200
committerPeter Wu <lekensteyn@gmail.com>2013-09-15 23:16:08 +0200
commitc2967ce76c95cc8fe11bb5d5af2e64b3212446c6 (patch)
treef59408f664ec37caa31b5dfa394c4ba9e31ae054 /openssl-connect
parentb299a016090248fd4220558d5fcd75516dcd5351 (diff)
downloadwireshark-notes-c2967ce76c95cc8fe11bb5d5af2e64b3212446c6.tar.gz
Add ECDH-RSA support for tools
Diffstat (limited to 'openssl-connect')
-rwxr-xr-xopenssl-connect28
1 files changed, 21 insertions, 7 deletions
diff --git a/openssl-connect b/openssl-connect
index 55e896e..ceb24b2 100755
--- a/openssl-connect
+++ b/openssl-connect
@@ -25,36 +25,50 @@ s_client_client_random() {
/ ClientHello|ServerHello$/{l=3;s=""}
END{
+ has_random = 0;
for (rnd in r) {
+ has_random = 1;
if (key)
print "CLIENT_RANDOM", rnd, key
else
print "# No master key for random", rnd
}
+ # should not be possible since the first thing we sent out is a
+ # ClientHello, but just to be sure...
+ if (!has_random) {
+ if (key)
+ print "# No random found for key", key
+ else
+ print "# No random nor key found"
+ }
}'
}
# When stdin is a TTY, try all ciphers
if [ -t 0 ]; then
- openssl ciphers -V | awk '{print $3, substr($6, 4)}'
+ openssl ciphers -V | awk '{print $3, substr($5, 4), substr($6, 4)}'
else
# otherwise if not TTY, pass-through
cat
fi |
-while read cipher auth; do
- case $auth in
- RSA)
+while read cipher keyex auth; do
+ case $keyex,$auth in
+ *,RSA)
port=$portbase ;;
- ECDH|ECDSA)
+ ECDH/ECDSA,ECDH|*,ECDSA)
port=$((portbase+1)) ;;
- DSS)
+ ECDH/RSA,ECDH)
port=$((portbase+2)) ;;
- PSK|*)
+ *,DSS)
+ port=$((portbase+3)) ;;
+ *,PSK|*)
echo "Skipping unsupported $auth" >&2
continue
;;
esac
+ echo "# Cipher Suite $cipher"
+
# It is expected that the other side closes the connection
printf "GET / HTTP/1.0\r\n\r\n" |
openssl s_client -connect "$host:$port" -ign_eof -cipher "$cipher" \