valitydev/thrift
14
0
Fork 0
mirror of https://github.com/valitydev/thrift.git synced 2024-11-07 02:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b5471f63cb
thrift/test/features/nosslv3.sh

53 lines
932 B
Bash
Raw Normal View History

THRIFT-4084: Add a SSL/TLS negotiation check to crossfeature to verify SSLv3 is not active and that at least one of TLSv1.0 through 1.2 are accepted. Client: csharp, d, go, nodejs, perl This closes #1197
2017-02-20 13:52:11 +00:00
#!/bin/bash
#
# Checks to make sure SSLv3 is not allowed by a server.
#
THRIFTHOST=localhost
THRIFTPORT=9090
while [[ $# -ge 1 ]]; do
arg="$1"
argIN=(${arg//=/ })
case ${argIN[0]} in
-h|--host)
THRIFTHOST=${argIN[1]}
shift # past argument
;;
-p|--port)
THRIFTPORT=${argIN[1]}
shift # past argument
;;
*)
# unknown option ignored
;;
esac
shift # past argument or value
done
function nosslv3
{
local nego
local negodenied
# echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null"
nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null)
negodenied=$?
if [[ $negodenied -ne 0 ]]; then
echo "[pass] SSLv3 negotiation disabled"
echo $nego
return 0
fi
echo "[fail] SSLv3 negotiation enabled! stdout:"
echo $nego
return 1
}
nosslv3
exit $?
Reference in New Issue Copy Permalink