report key size used in server's certificate

Extend the report to show also server certificate key size:
prio  ciphersuite              protocols                    pubkey_size  pfs_keysize
1     ECDHE-RSA-AES128-SHA256  TLSv1.2                      2048         ECDH,P-256,256bits
2     ECDHE-ECDSA-AES128-SHA   SSLv3,TLSv1,TLSv1.1,TLSv1.2  256          ECDH,P-256,256bits
3     AES128-SHA               SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048
4     RC4-MD5                  SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048
5     EXP-RC4-MD5              SSLv3,TLSv1,TLSv1.1,TLSv1.2  2048         RSA,512bits
This commit is contained in:
Hubert Kario 2014-04-05 19:09:05 +02:00
parent 32eba4e644
commit f9fdd62a59

View file

@ -72,6 +72,10 @@ test_cipher_on_target() {
current_cipher=$(grep "New, " <<<"$tmp"|awk '{print $5}')
current_pfs=$(grep 'Server Temp Key' <<<"$tmp"|awk '{print $4$5$6$7}')
current_protocol=$(egrep "^\s+Protocol\s+:" <<<"$tmp"|awk '{print $3}')
current_pubkey=$(grep 'Server public key is ' <<<"$tmp"|awk '{print $5}')
if [ -z $current_pubkey ]; then
current_pubkey=0
fi
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
# connection failed, try again with next TLS version
continue
@ -92,6 +96,7 @@ test_cipher_on_target() {
fi
cipher=$current_cipher
pfs=$current_pfs
pubkey=$current_pubkey
# grab the cipher and PFS key size
done
# if cipher is empty, that means none of the TLS version worked with
@ -103,13 +108,13 @@ test_cipher_on_target() {
# if cipher contains NONE, the cipher wasn't accepted
elif [ "$cipher" == '(NONE) ' ]; then
result="$cipher $protocols $pfs"
result="$cipher $protocols $pubkey $pfs"
verbose "handshake failed, server returned ciphersuite '$result'"
return 1
# the connection succeeded
else
result="$cipher $protocols $pfs"
result="$cipher $protocols $pubkey $pfs"
verbose "handshake succeeded, server returned ciphersuite '$result'"
return 0
fi
@ -173,9 +178,9 @@ display_results_in_terminal() {
done
if [ $DOBENCHMARK -eq 1 ]; then
header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
header="prio ciphersuite protocols pubkey_size pfs_keysize avg_handshake_microsec"
else
header="prio ciphersuite protocols pfs_keysize"
header="prio ciphersuite protocols pubkey_size pfs_keysize"
fi
ctr=0
for result in "${results[@]}"; do
@ -196,7 +201,8 @@ display_results_in_json() {
[ $ctr -gt 0 ] && echo -n ','
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
pfs=$(echo $cipher|awk '{print $3}')
echo -n "\"pubkey\":[\"$(echo $cipher|awk '{print $3}'|sed 's/,/","/g')\"],"
pfs=$(echo $cipher|awk '{print $4}')
[ "$pfs" == "" ] && pfs="None"
echo -n "\"pfs\":\"$pfs\"}"
ctr=$((ctr+1))