| # Checks to make sure SSLv3 is not allowed by a server. |
| shift # past argument or value |
| opensslv=$(openssl version | cut -d' ' -f2) |
| if [[ $opensslv > "1.0" ]]; then |
| echo "[pass] OpenSSL 1.1 or later - no need to check ssl3" |
| # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null" |
| nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null) |
| if [[ $negodenied -ne 0 ]]; then |
| echo "[pass] SSLv3 negotiation disabled" |
| echo "[fail] SSLv3 negotiation enabled! stdout:" |