@@ -14274,19 +14274,18 @@ parse_tls13_new_session_ticket() {
1427414274# 1,4,6,7: see return value of parse_sslv2_serverhello()
1427514275sslv2_sockets() {
1427614276 local ret
14277- local client_hello cipher_suites len_client_hello
14277+ local cipher_suites="$1"
14278+ local client_hello len_client_hello
1427814279 local len_ciph_suites_byte len_ciph_suites
1427914280 local server_hello sock_reply_file2
1428014281 local -i response_len server_hello_len
1428114282 local parse_complete=false
1428214283
14283- # this could be empty so swe use '=='
14284+ # this could be empty so we use '=='
1428414285 if [[ "$2" == true ]]; then
1428514286 parse_complete=true
1428614287 fi
14287- if [[ -n "$1" ]]; then
14288- cipher_suites="$1"
14289- else
14288+ if [[ -z "$cipher_suites" ]]; then
1429014289 cipher_suites="
1429114290 05,00,80, # 1st cipher 9 cipher specs, only classical V2 ciphers are used here, see FIXME below
1429214291 03,00,80, # 2nd there are v3 in v2!!! : https://tools.ietf.org/html/rfc6101#appendix-E
@@ -14330,22 +14329,24 @@ sslv2_sockets() {
1433014329
1433114330 sockread_serverhello 32768
1433214331 if "$parse_complete"; then
14333- server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
14334- server_hello_len=2+$(hex2dec "${server_hello:1:3}")
14335- response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
14336- for (( 1; response_len < server_hello_len; 1 )); do
14337- sock_reply_file2=${SOCK_REPLY_FILE}.2
14338- mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
14332+ if [[ -s "$SOCK_REPLY_FILE" ]]; then
14333+ server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
14334+ server_hello_len=2 + $(hex2dec "${server_hello:1:3}")
14335+ response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
14336+ for (( 1; response_len < server_hello_len; 1 )); do
14337+ sock_reply_file2=${SOCK_REPLY_FILE}.2
14338+ mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
1433914339
14340- debugme echo -n "requesting more server hello data... "
14341- socksend "" $USLEEP_SND
14342- sockread_serverhello 32768
14340+ debugme echo -n "requesting more server hello data... "
14341+ socksend "" $USLEEP_SND
14342+ sockread_serverhello 32768
1434314343
14344- [[ ! -s "$SOCK_REPLY_FILE" ]] && break
14345- cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
14346- mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
14347- response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
14348- done
14344+ [[ ! -s "$SOCK_REPLY_FILE" ]] && break
14345+ cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
14346+ mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
14347+ response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
14348+ done
14349+ fi
1434914350 fi
1435014351 debugme echo "reading server hello... "
1435114352 if [[ "$DEBUG" -ge 4 ]]; then
@@ -16823,7 +16824,6 @@ run_freak() {
1682316824 else
1682416825 nr_supported_ciphers=$(count_ciphers $(actually_supported_osslciphers $exportrsa_cipher_list))
1682516826 fi
16826- #echo "========= ${PIPESTATUS[*]}
1682716827
1682816828 case $nr_supported_ciphers in
1682916829 0) prln_local_problem "$OPENSSL doesn't have any EXPORT RSA ciphers configured"
@@ -16841,7 +16841,9 @@ run_freak() {
1684116841 tls_sockets "03" "$exportrsa_tls_cipher_list_hex, 00,ff"
1684216842 sclient_success=$?
1684316843 [[ $sclient_success -eq 2 ]] && sclient_success=0
16844- if [[ $sclient_success -ne 0 ]]; then
16844+
16845+ # TLS handshake failed with ciphers above. Now we check SSLv2 -- unless we know it's not available
16846+ if [[ $sclient_success -ne 0 ]] && [[ $(has_server_protocol ssl2) -ne 1 ]]; then
1684516847 sslv2_sockets "$exportrsa_ssl2_cipher_list_hex" "true"
1684616848 if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then
1684716849 exportrsa_ssl2_cipher_list_hex="$(strip_spaces "${exportrsa_ssl2_cipher_list_hex//,/}")"
0 commit comments