| James E. King, III | 0619087 | 2017-02-20 08:52:11 -0500 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | # |
| 4 | # Checks to make sure SSLv3 is not allowed by a server. |
| 5 | # |
| 6 | |
| 7 | THRIFTHOST=localhost |
| 8 | THRIFTPORT=9090 |
| 9 | |
| 10 | while [[ $# -ge 1 ]]; do |
| 11 | arg="$1" |
| 12 | argIN=(${arg//=/ }) |
| 13 | |
| 14 | case ${argIN[0]} in |
| 15 | -h|--host) |
| 16 | THRIFTHOST=${argIN[1]} |
| 17 | shift # past argument |
| 18 | ;; |
| 19 | -p|--port) |
| 20 | THRIFTPORT=${argIN[1]} |
| 21 | shift # past argument |
| 22 | ;; |
| 23 | *) |
| 24 | # unknown option ignored |
| 25 | ;; |
| 26 | esac |
| 27 | |
| 28 | shift # past argument or value |
| 29 | done |
| 30 | |
| 31 | function nosslv3 |
| 32 | { |
| 33 | local nego |
| 34 | local negodenied |
| 35 | |
| 36 | # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null" |
| 37 | nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null) |
| 38 | negodenied=$? |
| 39 | |
| 40 | if [[ $negodenied -ne 0 ]]; then |
| 41 | echo "[pass] SSLv3 negotiation disabled" |
| 42 | echo $nego |
| 43 | return 0 |
| 44 | fi |
| 45 | |
| 46 | echo "[fail] SSLv3 negotiation enabled! stdout:" |
| 47 | echo $nego |
| 48 | return 1 |
| 49 | } |
| 50 | |
| 51 | nosslv3 |
| 52 | exit $? |