@@ -4416,6 +4416,7 @@ run_allciphers() {
44164416# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
44174417# for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they
44184418# are good or bad) and list them in order to encryption strength.
4419+ #
44194420ciphers_by_strength() {
44204421 local proto="$1" proto_hex="$2" proto_text="$3"
44214422 local using_sockets="$4" wide="$5" serverpref_known="$6"
@@ -4841,7 +4842,7 @@ run_cipher_per_proto() {
48414842 while read proto proto_hex proto_text; do
48424843 pr_underline "$(printf -- "%b" "$proto_text")"
48434844 ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets" "true" "false"
4844- done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1 \n -tls1_1 02 TLS 1 .1\n -tls1_2 03 TLS 1 .2\n -tls1_3 04 TLS 1 .3")"
4845+ done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLSv1 \n -tls1_1 02 TLSv1 .1\n -tls1_2 03 TLSv1 .2\n -tls1_3 04 TLSv1 .3")"
48454846 return 0
48464847#FIXME: no error condition
48474848}
@@ -4860,6 +4861,7 @@ run_cipher_per_proto() {
48604861# then either:
48614862# 1) replace it with one corresponding to $SNI; or
48624863# 2) remove it, if $SNI is empty
4864+ #
48634865modify_clienthello() {
48644866 local tls_handshake_ascii="$1"
48654867 local new_key_share="$2" cookie="$3"
@@ -7188,15 +7190,15 @@ run_server_preference() {
71887190 if "$TLS13_ONLY" && ! "$has_tls13_cipher_order"; then
71897191 terminal_msg="no (TLS 1.3 only)"
71907192 limitedsense=" (limited sense as client will pick)"
7191- fileout_msg="not a cipher order for TLS 1.3 configured"
7193+ fileout_msg="not a server cipher order for TLS 1.3 configured"
71927194 elif ! "$TLS13_ONLY" && [[ -z "$cipher2" ]]; then
71937195 pr_warning "unable to determine"
71947196 elif ! "$has_cipher_order" && ! "$has_tls13_cipher_order"; then
71957197 # server used the different ends (ciphers) from the client hello
71967198 terminal_msg="no (NOT ok)"
71977199 [[ "$fileout_rating" == INFO ]] && terminal_msg="no"
71987200 limitedsense=" (limited sense as client will pick)"
7199- fileout_msg="NOT a cipher order configured"
7201+ fileout_msg="NOT a server cipher order configured"
72007202 elif "$has_cipher_order" && ! "$has_tls13_cipher_order" && [[ "$default_proto" == TLSv1.3 ]]; then
72017203 if [[ $NO_CIPHER_ORDER_LEVEL -eq 5 ]]; then
72027204 pr_svrty_good "yes (OK)"; out " -- only for < TLS 1.3"
@@ -7271,6 +7273,7 @@ run_server_preference() {
72717273}
72727274
72737275# arg1: true if the list that is returned does not need to be ordered by preference.
7276+ #
72747277check_tls12_pref() {
72757278 local unordered_list_ok="$1"
72767279 local chacha20_ciphers="" non_chacha20_ciphers=""
@@ -7366,6 +7369,7 @@ check_tls12_pref() {
73667369}
73677370
73687371# At the moment only called from run_server_preference()
7372+ #
73697373cipher_pref_check() {
73707374 local proto="$1" proto_hex="$2" proto_text="$3"
73717375 local using_sockets="$4"
0 commit comments