#!/bin/bash | |
# | |
# Checks to make sure SSLv3 is not allowed by a server. | |
# | |
THRIFTHOST=localhost | |
THRIFTPORT=9090 | |
while [[ $# -ge 1 ]]; do | |
arg="$1" | |
argIN=(${arg//=/ }) | |
case ${argIN[0]} in | |
-h|--host) | |
THRIFTHOST=${argIN[1]} | |
shift # past argument | |
;; | |
-p|--port) | |
THRIFTPORT=${argIN[1]} | |
shift # past argument | |
;; | |
*) | |
# unknown option ignored | |
;; | |
esac | |
shift # past argument or value | |
done | |
function nosslv3 | |
{ | |
local nego | |
local negodenied | |
# echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null" | |
nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null) | |
negodenied=$? | |
if [[ $negodenied -ne 0 ]]; then | |
echo "[pass] SSLv3 negotiation disabled" | |
echo $nego | |
return 0 | |
fi | |
echo "[fail] SSLv3 negotiation enabled! stdout:" | |
echo $nego | |
return 1 | |
} | |
nosslv3 | |
exit $? |