1745 | 1745 |
|
1746 | 1746 |
printf_xml(" bits=\"%d\" cipher=\"%s\" id=\"%s\"", cipherbits, ciphername, hexCipherId);
|
1747 | 1747 |
if (strstr(ciphername, "NULL")) {
|
1748 | |
printf("%s%-29s%s", COL_RED_BG, ciphername, RESET);
|
|
1748 |
if (options->ianaNames) {
|
|
1749 |
printf("%s%-45s%s", COL_RED_BG, ciphername, RESET);
|
|
1750 |
}
|
|
1751 |
else {
|
|
1752 |
printf("%s%-29s%s", COL_RED_BG, ciphername, RESET);
|
|
1753 |
}
|
1749 | 1754 |
strength = "null";
|
1750 | 1755 |
} else if (strstr(ciphername, "ADH") || strstr(ciphername, "AECDH") || strstr(ciphername, "_anon_")) {
|
1751 | |
printf("%s%-29s%s", COL_PURPLE, ciphername, RESET);
|
|
1756 |
if (options->ianaNames) {
|
|
1757 |
printf("%s%-45s%s", COL_PURPLE, ciphername, RESET);
|
|
1758 |
}
|
|
1759 |
else {
|
|
1760 |
printf("%s%-29s%s", COL_PURPLE, ciphername, RESET);
|
|
1761 |
}
|
1752 | 1762 |
strength = "anonymous";
|
1753 | 1763 |
} else if (strstr(ciphername, "EXP")) {
|
1754 | |
printf("%s%-29s%s", COL_RED, ciphername, RESET);
|
|
1764 |
if (options->ianaNames) {
|
|
1765 |
printf("%s%-45s%s", COL_RED, ciphername, RESET);
|
|
1766 |
}
|
|
1767 |
else {
|
|
1768 |
printf("%s%-29s%s", COL_RED, ciphername, RESET);
|
|
1769 |
}
|
1755 | 1770 |
strength = "weak";
|
1756 | 1771 |
} else if (strstr(ciphername, "RC4") || strstr(ciphername, "DES")) {
|
1757 | |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1772 |
if (options->ianaNames) {
|
|
1773 |
printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
|
|
1774 |
}
|
|
1775 |
else {
|
|
1776 |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1777 |
}
|
1758 | 1778 |
strength = "medium";
|
1759 | 1779 |
} else if (strstr(ciphername, "_SM4_")) { /* Developed by Chinese government */
|
1760 | |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1780 |
if (options->ianaNames) {
|
|
1781 |
printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
|
|
1782 |
}
|
|
1783 |
else {
|
|
1784 |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1785 |
}
|
1761 | 1786 |
strength = "medium";
|
1762 | 1787 |
} else if (strstr(ciphername, "_GOSTR341112_")) { /* Developed by Russian government */
|
1763 | |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1788 |
if (options->ianaNames) {
|
|
1789 |
printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
|
|
1790 |
}
|
|
1791 |
else {
|
|
1792 |
printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
|
|
1793 |
}
|
1764 | 1794 |
strength = "medium";
|
1765 | 1795 |
} else if ((strstr(ciphername, "CHACHA20") || (strstr(ciphername, "GCM"))) && strstr(ciphername, "DHE")) {
|
1766 | |
printf("%s%-29s%s", COL_GREEN, ciphername, RESET);
|
|
1796 |
if (options->ianaNames) {
|
|
1797 |
printf("%s%-45s%s", COL_GREEN, ciphername, RESET);
|
|
1798 |
}
|
|
1799 |
else {
|
|
1800 |
printf("%s%-29s%s", COL_GREEN, ciphername, RESET);
|
|
1801 |
}
|
1767 | 1802 |
strength = "strong";
|
1768 | 1803 |
} else {
|
1769 | |
printf("%-29s", ciphername);
|
|
1804 |
if (options->ianaNames) {
|
|
1805 |
printf("%-45s", ciphername);
|
|
1806 |
}
|
|
1807 |
else {
|
|
1808 |
printf("%-29s", ciphername);
|
|
1809 |
}
|
1770 | 1810 |
strength = "acceptable";
|
1771 | 1811 |
}
|
1772 | 1812 |
printf_xml(" strength=\"%s\"", strength);
|
|
1847 | 1887 |
cipherid = SSL_CIPHER_get_id(sslCipherPointer);
|
1848 | 1888 |
cipherid = cipherid & 0x00ffffff; // remove first byte which is the version (0x03 for TLSv1/SSLv3)
|
1849 | 1889 |
|
1850 | |
ciphername = SSL_CIPHER_get_name(sslCipherPointer);
|
|
1890 |
if (options->ianaNames)
|
|
1891 |
{
|
|
1892 |
ciphername = SSL_CIPHER_standard_name(sslCipherPointer);
|
|
1893 |
}
|
|
1894 |
else
|
|
1895 |
{
|
|
1896 |
ciphername = SSL_CIPHER_get_name(sslCipherPointer);
|
|
1897 |
}
|
|
1898 |
|
1851 | 1899 |
|
1852 | 1900 |
// Timing
|
1853 | 1901 |
if (options->showTimes) {
|
|
3921 | 3969 |
else if (strcmp("--show-sigs", argv[argLoop]) == 0)
|
3922 | 3970 |
options->signature_algorithms = true;
|
3923 | 3971 |
|
|
3972 |
// Show IANA/RFC cipher names in output
|
|
3973 |
else if (strcmp("--iana-names", argv[argLoop]) == 0)
|
|
3974 |
options->ianaNames = true;
|
|
3975 |
|
3924 | 3976 |
// StartTLS... FTP
|
3925 | 3977 |
else if (strcmp("--starttls-ftp", argv[argLoop]) == 0)
|
3926 | 3978 |
options->starttls_ftp = true;
|
|
4202 | 4254 |
printf(" %s--tlsall%s Only check TLS ciphers (all versions)\n", COL_GREEN, RESET);
|
4203 | 4255 |
printf(" %s--show-ciphers%s Show supported client ciphers\n", COL_GREEN, RESET);
|
4204 | 4256 |
printf(" %s--show-cipher-ids%s Show cipher ids\n", COL_GREEN, RESET);
|
|
4257 |
printf(" %s--iana-names%s Use IANA/RFC cipher names rather than OpenSSL ones\n", COL_GREEN, RESET);
|
4205 | 4258 |
printf(" %s--show-times%s Show handhake times in milliseconds\n", COL_GREEN, RESET);
|
4206 | 4259 |
printf("\n");
|
4207 | 4260 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
5849 | 5902 |
if (sig_id == BOGUS_SIG_ALG_ID) {
|
5850 | 5903 |
printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_RED, RESET);
|
5851 | 5904 |
printf_xml(" <connection-signature-algorithm sslversion=\"%s\" name=\"ANY\" id=\"0xfdff\" />\n", getPrintableTLSName(tls_version));
|
5852 | |
goto done;
|
|
5905 |
break;
|
5853 | 5906 |
} else {
|
5854 | 5907 |
printf("%s %s%s%s\n", getPrintableTLSName(tls_version), color, sig_name, RESET);
|
5855 | 5908 |
printf_xml(" <connection-signature-algorithm sslversion=\"%s\" name=\"%s\" id=\"0x%04x\" />\n", getPrintableTLSName(tls_version), sig_name, sig_id);
|