Attachment #401080 for bug #546332




#define BUFFERSIZE 1024

#define ssl_all 0
#define ssl_v2 1
#define ssl_v3 2
#define tls_v1 3


					}
					if (options->xmlOutput != 0)
						fprintf(options->xmlOutput, " sslversion=\"");
					if (sslCipherPointer->sslMethod == SSLv3_client_method())
					{
						if (options->xmlOutput != 0)
							fprintf(options->xmlOutput, "SSLv2\" bits=\"");
						if (options->pout == true)
							printf("SSLv2 || ");
						else
							printf("SSLv2  ");
					}
					else if (sslCipherPointer->sslMethod == SSLv3_client_method())
					{
						if (options->xmlOutput != 0)
							fprintf(options->xmlOutput, "SSLv3\" bits=\"");

						cipherStatus = SSL_connect(ssl);
						if (cipherStatus == 1)
						{
							if (sslMethod == SSLv3_client_method())
							{
								if (options->xmlOutput != 0)
									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv2\" bits=\"");
								if (options->pout == true)
									printf("|| SSLv2 || ");
								else
									printf("    SSLv2  ");
							}
							else if (sslMethod == SSLv3_client_method())
							{
								if (options->xmlOutput != 0)
									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv3\" bits=\"");

		switch (options->sslVersion)
		{
			case ssl_all:
				status = defaultCipher(options, SSLv3_client_method());
				if (status != false)
					status = defaultCipher(options, SSLv3_client_method());
				if (status != false)
					status = defaultCipher(options, TLSv1_client_method());
				break;
			case ssl_v2:
				status = defaultCipher(options, SSLv2_client_method());
				break;
			case ssl_v3:
				status = defaultCipher(options, SSLv3_client_method());
				break;

			options.starttls = true;
		}

		// SSL v2 only...
		else if (strcmp("--ssl2", argv[argLoop]) == 0)
			options.sslVersion = ssl_v2;

		// SSL v3 only...
		else if (strcmp("--ssl3", argv[argLoop]) == 0)
			options.sslVersion = ssl_v3;

			printf("                       ports (i.e. host:port).\n");
			printf("  %s--no-failed%s          List only accepted ciphers  (default\n", COL_GREEN, RESET);
			printf("                       is to listing all ciphers).\n");
			printf("  %s--ssl2%s               Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
			printf("  %s--ssl3%s               Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
			printf("  %s--tls1%s               Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
			printf("  %s--pk=<file>%s          A file containing the private key or\n", COL_GREEN, RESET);

			switch (options.sslVersion)
			{
				case ssl_all:
					populateCipherList(&options, SSLv2_client_method());
					populateCipherList(&options, SSLv3_client_method());
					populateCipherList(&options, TLSv1_client_method());
					break;
				case ssl_v2:
					populateCipherList(&options, SSLv2_client_method());
					break;
				case ssl_v3:
					populateCipherList(&options, SSLv3_client_method());
					break;

Return to bug 546332

Lines 54-60 Link Here

(-)sslscan.c.orig (-36 / +3 lines)
54	#define BUFFERSIZE 1024	54	#define BUFFERSIZE 1024
55		55
56	#define ssl_all 0	56	#define ssl_all 0
57	#define ssl_v2 1
58	#define ssl_v3 2	57	#define ssl_v3 2
59	#define tls_v1 3	58	#define tls_v1 3
60		59
Lines 563-578 Link Here
563	}	562	}
564	if (options->xmlOutput != 0)	563	if (options->xmlOutput != 0)
565	fprintf(options->xmlOutput, " sslversion=\"");	564	fprintf(options->xmlOutput, " sslversion=\"");
566	if (sslCipherPointer->sslMethod == SSLv2_client_method())	565	if (sslCipherPointer->sslMethod == SSLv3_client_method())
567	{
568	if (options->xmlOutput != 0)
569	fprintf(options->xmlOutput, "SSLv2\" bits=\"");
570	if (options->pout == true)
571	printf("SSLv2 \|\| ");
572	else
573	printf("SSLv2 ");
574	}
575	else if (sslCipherPointer->sslMethod == SSLv3_client_method())
576	{	566	{
577	if (options->xmlOutput != 0)	567	if (options->xmlOutput != 0)
578	fprintf(options->xmlOutput, "SSLv3\" bits=\"");	568	fprintf(options->xmlOutput, "SSLv3\" bits=\"");
Lines 688-703 Link Here
688	cipherStatus = SSL_connect(ssl);	678	cipherStatus = SSL_connect(ssl);
689	if (cipherStatus == 1)	679	if (cipherStatus == 1)
690	{	680	{
691	if (sslMethod == SSLv2_client_method())	681	if (sslMethod == SSLv3_client_method())
692	{
693	if (options->xmlOutput != 0)
694	fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
695	if (options->pout == true)
696	printf("\|\| SSLv2 \|\| ");
697	else
698	printf(" SSLv2 ");
699	}
700	else if (sslMethod == SSLv3_client_method())
701	{	682	{
702	if (options->xmlOutput != 0)	683	if (options->xmlOutput != 0)
703	fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");	684	fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
Lines 1192-1206 Link Here
1192	switch (options->sslVersion)	1173	switch (options->sslVersion)
1193	{	1174	{
1194	case ssl_all:	1175	case ssl_all:
1195	status = defaultCipher(options, SSLv2_client_method());	1176	status = defaultCipher(options, SSLv3_client_method());
1196	if (status != false)
1197	status = defaultCipher(options, SSLv3_client_method());
1198	if (status != false)	1177	if (status != false)
1199	status = defaultCipher(options, TLSv1_client_method());	1178	status = defaultCipher(options, TLSv1_client_method());
1200	break;	1179	break;
1201	case ssl_v2:
1202	status = defaultCipher(options, SSLv2_client_method());
1203	break;
1204	case ssl_v3:	1180	case ssl_v3:
1205	status = defaultCipher(options, SSLv3_client_method());	1181	status = defaultCipher(options, SSLv3_client_method());
1206	break;	1182	break;
Lines 1298-1307 Link Here
1298	options.starttls = true;	1274	options.starttls = true;
1299	}	1275	}
1300		1276
1301	// SSL v2 only...
1302	else if (strcmp("--ssl2", argv[argLoop]) == 0)
1303	options.sslVersion = ssl_v2;
1304
1305	// SSL v3 only...	1277	// SSL v3 only...
1306	else if (strcmp("--ssl3", argv[argLoop]) == 0)	1278	else if (strcmp("--ssl3", argv[argLoop]) == 0)
1307	options.sslVersion = ssl_v3;	1279	options.sslVersion = ssl_v3;
Lines 1379-1385 Link Here
1379	printf(" ports (i.e. host:port).\n");	1351	printf(" ports (i.e. host:port).\n");
1380	printf(" %s--no-failed%s List only accepted ciphers (default\n", COL_GREEN, RESET);	1352	printf(" %s--no-failed%s List only accepted ciphers (default\n", COL_GREEN, RESET);
1381	printf(" is to listing all ciphers).\n");	1353	printf(" is to listing all ciphers).\n");
1382	printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
1383	printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);	1354	printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
1384	printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);	1355	printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
1385	printf(" %s--pk=<file>%s A file containing the private key or\n", COL_GREEN, RESET);	1356	printf(" %s--pk=<file>%s A file containing the private key or\n", COL_GREEN, RESET);
Lines 1415-1427 Link Here
1415	switch (options.sslVersion)	1386	switch (options.sslVersion)
1416	{	1387	{
1417	case ssl_all:	1388	case ssl_all:
1418	populateCipherList(&options, SSLv2_client_method());
1419	populateCipherList(&options, SSLv3_client_method());	1389	populateCipherList(&options, SSLv3_client_method());
1420	populateCipherList(&options, TLSv1_client_method());	1390	populateCipherList(&options, TLSv1_client_method());
1421	break;	1391	break;
1422	case ssl_v2:
1423	populateCipherList(&options, SSLv2_client_method());
1424	break;
1425	case ssl_v3:	1392	case ssl_v3:
1426	populateCipherList(&options, SSLv3_client_method());	1393	populateCipherList(&options, SSLv3_client_method());
1427	break;	1394	break;