]>
Commit | Line | Data |
---|---|---|
79a37326 MS |
1 | /* |
2 | * "$Id$" | |
3 | * | |
4 | * TLS check program for CUPS. | |
5 | * | |
6 | * Copyright 2007-2015 by Apple Inc. | |
7 | * Copyright 1997-2006 by Easy Software Products. | |
8 | * | |
9 | * These coded instructions, statements, and computer programs are the | |
10 | * property of Apple Inc. and are protected by Federal copyright | |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
14 | * | |
15 | * This file is subject to the Apple OS-Developed Software exception. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * Include necessary headers... | |
20 | */ | |
21 | ||
22 | #include "cups-private.h" | |
23 | ||
24 | ||
25 | /* | |
26 | * 'main()' - Main entry. | |
27 | */ | |
28 | ||
29 | int /* O - Exit status */ | |
30 | main(int argc, /* I - Number of command-line arguments */ | |
31 | char *argv[]) /* I - Command-line arguments */ | |
32 | { | |
33 | http_t *http; /* HTTP connection */ | |
34 | const char *server = argv[1]; /* Hostname from command-line */ | |
35 | int port = 631; /* Port number */ | |
36 | const char *cipherName = "UNKNOWN";/* Cipher suite name */ | |
72b9a313 | 37 | int tlsVersion = 0; /* TLS version number */ |
79a37326 MS |
38 | |
39 | ||
40 | if (argc < 2 || argc > 3) | |
41 | { | |
42 | puts("Usage: ./tlscheck server [port]"); | |
43 | puts(""); | |
44 | puts("The default port is 631."); | |
45 | return (1); | |
46 | } | |
47 | ||
48 | if (argc == 3) | |
fb9d90d6 MS |
49 | { |
50 | if (argv[2][0] == '=') | |
51 | port = atoi(argv[2] + 1); | |
52 | else | |
53 | port = atoi(argv[2]); | |
54 | } | |
79a37326 MS |
55 | |
56 | http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL); | |
57 | if (!http) | |
58 | { | |
59 | printf("%s: ERROR (%s)\n", server, cupsLastErrorString()); | |
60 | return (1); | |
61 | } | |
62 | ||
63 | #ifdef __APPLE__ | |
72b9a313 | 64 | SSLProtocol protocol; |
79a37326 MS |
65 | SSLCipherSuite cipher; |
66 | char unknownCipherName[256]; | |
67 | int paramsNeeded = 0; | |
68 | const void *params; | |
69 | size_t paramsLen; | |
70 | OSStatus err; | |
71 | ||
72b9a313 MS |
72 | if ((err = SSLGetNegotiatedProtocolVersion(http->tls, &protocol)) != noErr) |
73 | { | |
74 | printf("%s: ERROR (No protocol version - %d)\n", server, (int)err); | |
75 | httpClose(http); | |
76 | return (1); | |
77 | } | |
78 | ||
79 | switch (protocol) | |
80 | { | |
81 | default : | |
82 | tlsVersion = 0; | |
83 | break; | |
84 | case kSSLProtocol3 : | |
85 | tlsVersion = 30; | |
86 | break; | |
87 | case kTLSProtocol1 : | |
88 | tlsVersion = 10; | |
89 | break; | |
90 | case kTLSProtocol11 : | |
91 | tlsVersion = 11; | |
92 | break; | |
93 | case kTLSProtocol12 : | |
94 | tlsVersion = 12; | |
95 | break; | |
96 | } | |
97 | ||
79a37326 MS |
98 | if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr) |
99 | { | |
100 | printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err); | |
101 | httpClose(http); | |
102 | return (1); | |
103 | } | |
104 | ||
105 | switch (cipher) | |
106 | { | |
107 | case TLS_NULL_WITH_NULL_NULL: | |
108 | cipherName = "TLS_NULL_WITH_NULL_NULL"; | |
109 | break; | |
110 | case TLS_RSA_WITH_NULL_MD5: | |
111 | cipherName = "TLS_RSA_WITH_NULL_MD5"; | |
112 | break; | |
113 | case TLS_RSA_WITH_NULL_SHA: | |
114 | cipherName = "TLS_RSA_WITH_NULL_SHA"; | |
115 | break; | |
116 | case TLS_RSA_WITH_RC4_128_MD5: | |
117 | cipherName = "TLS_RSA_WITH_RC4_128_MD5"; | |
118 | break; | |
119 | case TLS_RSA_WITH_RC4_128_SHA: | |
120 | cipherName = "TLS_RSA_WITH_RC4_128_SHA"; | |
121 | break; | |
122 | case TLS_RSA_WITH_3DES_EDE_CBC_SHA: | |
123 | cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"; | |
124 | break; | |
125 | case TLS_RSA_WITH_NULL_SHA256: | |
126 | cipherName = "TLS_RSA_WITH_NULL_SHA256"; | |
127 | break; | |
128 | case TLS_RSA_WITH_AES_128_CBC_SHA256: | |
129 | cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256"; | |
130 | break; | |
131 | case TLS_RSA_WITH_AES_256_CBC_SHA256: | |
132 | cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256"; | |
133 | break; | |
134 | case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: | |
135 | cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"; | |
136 | paramsNeeded = 1; | |
137 | break; | |
138 | case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: | |
139 | cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"; | |
140 | paramsNeeded = 1; | |
141 | break; | |
142 | case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: | |
143 | cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"; | |
144 | paramsNeeded = 1; | |
145 | break; | |
146 | case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: | |
147 | cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; | |
148 | paramsNeeded = 1; | |
149 | break; | |
150 | case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: | |
151 | cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"; | |
152 | paramsNeeded = 1; | |
153 | break; | |
154 | case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: | |
155 | cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"; | |
156 | paramsNeeded = 1; | |
157 | break; | |
158 | case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: | |
159 | cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"; | |
160 | paramsNeeded = 1; | |
161 | break; | |
162 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: | |
163 | cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; | |
164 | paramsNeeded = 1; | |
165 | break; | |
166 | case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: | |
167 | cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"; | |
168 | paramsNeeded = 1; | |
169 | break; | |
170 | case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: | |
171 | cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"; | |
172 | paramsNeeded = 1; | |
173 | break; | |
174 | case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: | |
175 | cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"; | |
176 | paramsNeeded = 1; | |
177 | break; | |
178 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: | |
179 | cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; | |
180 | paramsNeeded = 1; | |
181 | break; | |
182 | case TLS_DH_anon_WITH_RC4_128_MD5: | |
183 | cipherName = "TLS_DH_anon_WITH_RC4_128_MD5"; | |
184 | paramsNeeded = 1; | |
185 | break; | |
186 | case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: | |
187 | cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"; | |
188 | paramsNeeded = 1; | |
189 | break; | |
190 | case TLS_DH_anon_WITH_AES_128_CBC_SHA256: | |
191 | cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256"; | |
192 | paramsNeeded = 1; | |
193 | break; | |
194 | case TLS_DH_anon_WITH_AES_256_CBC_SHA256: | |
195 | cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256"; | |
196 | paramsNeeded = 1; | |
197 | break; | |
198 | case TLS_PSK_WITH_RC4_128_SHA: | |
199 | cipherName = "TLS_PSK_WITH_RC4_128_SHA"; | |
200 | break; | |
201 | case TLS_PSK_WITH_3DES_EDE_CBC_SHA: | |
202 | cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA"; | |
203 | break; | |
204 | case TLS_PSK_WITH_AES_128_CBC_SHA: | |
205 | cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA"; | |
206 | break; | |
207 | case TLS_PSK_WITH_AES_256_CBC_SHA: | |
208 | cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA"; | |
209 | break; | |
210 | case TLS_DHE_PSK_WITH_RC4_128_SHA: | |
211 | cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA"; | |
212 | paramsNeeded = 1; | |
213 | break; | |
214 | case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: | |
215 | cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"; | |
216 | paramsNeeded = 1; | |
217 | break; | |
218 | case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: | |
219 | cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"; | |
220 | paramsNeeded = 1; | |
221 | break; | |
222 | case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: | |
223 | cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"; | |
224 | paramsNeeded = 1; | |
225 | break; | |
226 | case TLS_RSA_PSK_WITH_RC4_128_SHA: | |
227 | cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA"; | |
228 | break; | |
229 | case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: | |
230 | cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"; | |
231 | break; | |
232 | case TLS_RSA_PSK_WITH_AES_128_CBC_SHA: | |
233 | cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"; | |
234 | break; | |
235 | case TLS_RSA_PSK_WITH_AES_256_CBC_SHA: | |
236 | cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"; | |
237 | break; | |
238 | case TLS_PSK_WITH_NULL_SHA: | |
239 | cipherName = "TLS_PSK_WITH_NULL_SHA"; | |
240 | break; | |
241 | case TLS_DHE_PSK_WITH_NULL_SHA: | |
242 | cipherName = "TLS_DHE_PSK_WITH_NULL_SHA"; | |
243 | paramsNeeded = 1; | |
244 | break; | |
245 | case TLS_RSA_PSK_WITH_NULL_SHA: | |
246 | cipherName = "TLS_RSA_PSK_WITH_NULL_SHA"; | |
247 | break; | |
248 | case TLS_RSA_WITH_AES_128_GCM_SHA256: | |
249 | cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256"; | |
250 | break; | |
251 | case TLS_RSA_WITH_AES_256_GCM_SHA384: | |
252 | cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384"; | |
253 | break; | |
254 | case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: | |
255 | cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; | |
256 | paramsNeeded = 1; | |
257 | break; | |
258 | case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: | |
259 | cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; | |
260 | paramsNeeded = 1; | |
261 | break; | |
262 | case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: | |
263 | cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"; | |
264 | paramsNeeded = 1; | |
265 | break; | |
266 | case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: | |
267 | cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"; | |
268 | paramsNeeded = 1; | |
269 | break; | |
270 | case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: | |
271 | cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"; | |
272 | paramsNeeded = 1; | |
273 | break; | |
274 | case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: | |
275 | cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"; | |
276 | paramsNeeded = 1; | |
277 | break; | |
278 | case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: | |
279 | cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"; | |
280 | paramsNeeded = 1; | |
281 | break; | |
282 | case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: | |
283 | cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"; | |
284 | paramsNeeded = 1; | |
285 | break; | |
286 | case TLS_DH_anon_WITH_AES_128_GCM_SHA256: | |
287 | cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256"; | |
288 | paramsNeeded = 1; | |
289 | break; | |
290 | case TLS_DH_anon_WITH_AES_256_GCM_SHA384: | |
291 | cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384"; | |
292 | paramsNeeded = 1; | |
293 | break; | |
294 | case TLS_PSK_WITH_AES_128_GCM_SHA256: | |
295 | cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256"; | |
296 | break; | |
297 | case TLS_PSK_WITH_AES_256_GCM_SHA384: | |
298 | cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384"; | |
299 | break; | |
300 | case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: | |
301 | cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; | |
302 | paramsNeeded = 1; | |
303 | break; | |
304 | case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: | |
305 | cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; | |
306 | paramsNeeded = 1; | |
307 | break; | |
308 | case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: | |
309 | cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"; | |
310 | break; | |
311 | case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: | |
312 | cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"; | |
313 | break; | |
314 | case TLS_PSK_WITH_AES_128_CBC_SHA256: | |
315 | cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256"; | |
316 | break; | |
317 | case TLS_PSK_WITH_AES_256_CBC_SHA384: | |
318 | cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384"; | |
319 | break; | |
320 | case TLS_PSK_WITH_NULL_SHA256: | |
321 | cipherName = "TLS_PSK_WITH_NULL_SHA256"; | |
322 | break; | |
323 | case TLS_PSK_WITH_NULL_SHA384: | |
324 | cipherName = "TLS_PSK_WITH_NULL_SHA384"; | |
325 | break; | |
326 | case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: | |
327 | cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; | |
328 | paramsNeeded = 1; | |
329 | break; | |
330 | case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: | |
331 | cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; | |
332 | paramsNeeded = 1; | |
333 | break; | |
334 | case TLS_DHE_PSK_WITH_NULL_SHA256: | |
335 | cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256"; | |
336 | paramsNeeded = 1; | |
337 | break; | |
338 | case TLS_DHE_PSK_WITH_NULL_SHA384: | |
339 | cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384"; | |
340 | paramsNeeded = 1; | |
341 | break; | |
342 | case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: | |
343 | cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"; | |
344 | break; | |
345 | case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: | |
346 | cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"; | |
347 | break; | |
348 | case TLS_RSA_PSK_WITH_NULL_SHA256: | |
349 | cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256"; | |
350 | break; | |
351 | case TLS_RSA_PSK_WITH_NULL_SHA384: | |
352 | cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384"; | |
353 | break; | |
354 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: | |
355 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; | |
356 | paramsNeeded = 1; | |
357 | break; | |
358 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: | |
359 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; | |
360 | paramsNeeded = 1; | |
361 | break; | |
362 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: | |
363 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; | |
364 | paramsNeeded = 1; | |
365 | break; | |
366 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: | |
367 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; | |
368 | paramsNeeded = 1; | |
369 | break; | |
370 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: | |
371 | cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; | |
372 | paramsNeeded = 1; | |
373 | break; | |
374 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: | |
375 | cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; | |
376 | paramsNeeded = 1; | |
377 | break; | |
378 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: | |
379 | cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; | |
380 | paramsNeeded = 1; | |
381 | break; | |
382 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: | |
383 | cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; | |
384 | paramsNeeded = 1; | |
385 | break; | |
386 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: | |
387 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; | |
388 | paramsNeeded = 1; | |
389 | break; | |
390 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: | |
391 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; | |
392 | paramsNeeded = 1; | |
393 | break; | |
394 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: | |
395 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; | |
396 | paramsNeeded = 1; | |
397 | break; | |
398 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: | |
399 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; | |
400 | paramsNeeded = 1; | |
401 | break; | |
402 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: | |
403 | cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; | |
404 | paramsNeeded = 1; | |
405 | break; | |
406 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: | |
407 | cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; | |
408 | paramsNeeded = 1; | |
409 | break; | |
410 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: | |
411 | cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; | |
412 | paramsNeeded = 1; | |
413 | break; | |
414 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: | |
415 | cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; | |
416 | paramsNeeded = 1; | |
417 | break; | |
88da3fd7 MS |
418 | case TLS_RSA_WITH_AES_128_CBC_SHA: |
419 | cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA"; | |
420 | break; | |
421 | case TLS_DH_DSS_WITH_AES_128_CBC_SHA: | |
422 | cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA"; | |
423 | paramsNeeded = 1; | |
424 | break; | |
425 | case TLS_DH_RSA_WITH_AES_128_CBC_SHA: | |
426 | cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA"; | |
427 | paramsNeeded = 1; | |
428 | break; | |
429 | case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: | |
430 | cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"; | |
431 | paramsNeeded = 1; | |
432 | break; | |
433 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: | |
434 | cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; | |
435 | paramsNeeded = 1; | |
436 | break; | |
437 | case TLS_DH_anon_WITH_AES_128_CBC_SHA: | |
438 | cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA"; | |
439 | paramsNeeded = 1; | |
440 | break; | |
441 | case TLS_RSA_WITH_AES_256_CBC_SHA: | |
442 | cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA"; | |
443 | break; | |
444 | case TLS_DH_DSS_WITH_AES_256_CBC_SHA: | |
445 | cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA"; | |
446 | paramsNeeded = 1; | |
447 | break; | |
448 | case TLS_DH_RSA_WITH_AES_256_CBC_SHA: | |
449 | cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA"; | |
450 | paramsNeeded = 1; | |
451 | break; | |
452 | case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: | |
453 | cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"; | |
454 | paramsNeeded = 1; | |
455 | break; | |
456 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: | |
457 | cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; | |
458 | paramsNeeded = 1; | |
459 | break; | |
460 | case TLS_DH_anon_WITH_AES_256_CBC_SHA: | |
461 | cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA"; | |
462 | paramsNeeded = 1; | |
463 | break; | |
464 | case TLS_ECDH_ECDSA_WITH_NULL_SHA: | |
465 | cipherName = "TLS_ECDH_ECDSA_WITH_NULL_SHA"; | |
466 | paramsNeeded = 1; | |
467 | break; | |
468 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: | |
469 | cipherName = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; | |
470 | paramsNeeded = 1; | |
471 | break; | |
472 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: | |
473 | cipherName = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; | |
474 | paramsNeeded = 1; | |
475 | break; | |
476 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: | |
477 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; | |
478 | paramsNeeded = 1; | |
479 | break; | |
480 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: | |
481 | cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; | |
482 | paramsNeeded = 1; | |
483 | break; | |
484 | case TLS_ECDHE_ECDSA_WITH_NULL_SHA: | |
485 | cipherName = "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; | |
486 | paramsNeeded = 1; | |
487 | break; | |
488 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: | |
489 | cipherName = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; | |
490 | paramsNeeded = 1; | |
491 | break; | |
492 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: | |
493 | cipherName = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; | |
494 | paramsNeeded = 1; | |
495 | break; | |
496 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: | |
497 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; | |
498 | paramsNeeded = 1; | |
499 | break; | |
500 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: | |
501 | cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; | |
502 | paramsNeeded = 1; | |
503 | break; | |
504 | case TLS_ECDH_RSA_WITH_NULL_SHA: | |
505 | cipherName = "TLS_ECDH_RSA_WITH_NULL_SHA"; | |
506 | paramsNeeded = 1; | |
507 | break; | |
508 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: | |
509 | cipherName = "TLS_ECDH_RSA_WITH_RC4_128_SHA"; | |
510 | paramsNeeded = 1; | |
511 | break; | |
512 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: | |
513 | cipherName = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; | |
514 | paramsNeeded = 1; | |
515 | break; | |
516 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: | |
517 | cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; | |
518 | paramsNeeded = 1; | |
519 | break; | |
520 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: | |
521 | cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; | |
522 | paramsNeeded = 1; | |
523 | break; | |
524 | case TLS_ECDHE_RSA_WITH_NULL_SHA: | |
525 | cipherName = "TLS_ECDHE_RSA_WITH_NULL_SHA"; | |
526 | paramsNeeded = 1; | |
527 | break; | |
528 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: | |
529 | cipherName = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; | |
530 | paramsNeeded = 1; | |
531 | break; | |
532 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: | |
533 | cipherName = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; | |
534 | paramsNeeded = 1; | |
535 | break; | |
536 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: | |
537 | cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; | |
538 | paramsNeeded = 1; | |
539 | break; | |
540 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: | |
541 | cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; | |
542 | paramsNeeded = 1; | |
543 | break; | |
544 | case TLS_ECDH_anon_WITH_NULL_SHA: | |
545 | cipherName = "TLS_ECDH_anon_WITH_NULL_SHA"; | |
546 | paramsNeeded = 1; | |
547 | break; | |
548 | case TLS_ECDH_anon_WITH_RC4_128_SHA: | |
549 | cipherName = "TLS_ECDH_anon_WITH_RC4_128_SHA"; | |
550 | paramsNeeded = 1; | |
551 | break; | |
552 | case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: | |
553 | cipherName = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"; | |
554 | paramsNeeded = 1; | |
555 | break; | |
556 | case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: | |
557 | cipherName = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"; | |
558 | paramsNeeded = 1; | |
559 | break; | |
560 | case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: | |
561 | cipherName = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; | |
562 | paramsNeeded = 1; | |
563 | break; | |
79a37326 MS |
564 | default : |
565 | snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher); | |
566 | cipherName = unknownCipherName; | |
567 | break; | |
568 | } | |
569 | ||
570 | if (cipher == TLS_RSA_WITH_RC4_128_MD5 || | |
571 | cipher == TLS_RSA_WITH_RC4_128_SHA) | |
572 | { | |
573 | printf("%s: ERROR (Insecure RC4 negotiated)\n", server); | |
574 | httpClose(http); | |
575 | return (1); | |
576 | } | |
577 | ||
578 | if ((err = SSLGetDiffieHellmanParams(http->tls, ¶ms, ¶msLen)) != noErr && paramsNeeded) | |
579 | { | |
580 | printf("%s: ERROR (Unable to get Diffie Hellman parameters - %d)\n", server, (int)err); | |
581 | httpClose(http); | |
582 | return (1); | |
583 | } | |
584 | ||
585 | if (paramsLen < 128 && paramsLen != 0) | |
586 | { | |
587 | printf("%s: ERROR (Diffie Hellman parameters only %d bytes/%d bits)\n", server, (int)paramsLen, (int)paramsLen * 8); | |
588 | httpClose(http); | |
589 | return (1); | |
590 | } | |
591 | #endif /* __APPLE__ */ | |
592 | ||
72b9a313 | 593 | printf("%s: OK (%d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName); |
79a37326 MS |
594 | |
595 | httpClose(http); | |
596 | ||
597 | return (0); | |
598 | } | |
599 | ||
600 | ||
601 | /* | |
602 | * End of "$Id$". | |
603 | */ |