]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/tlscheck.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add TLS version.
[thirdparty/cups.git] / cups / tlscheck.c
CommitLineData
79a37326
MS		 1/*
2 * "$Id$"
3 *
4 * TLS check program for CUPS.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 */
17
18/*
19 * Include necessary headers...
20 */
21
22#include "cups-private.h"
23
24
25/*
26 * 'main()' - Main entry.
27 */
28
29int /* O - Exit status */
30main(int argc, /* I - Number of command-line arguments */
31 char *argv[]) /* I - Command-line arguments */
32{
33 http_t *http; /* HTTP connection */
34 const char *server = argv[1]; /* Hostname from command-line */
35 int port = 631; /* Port number */
36 const char *cipherName = "UNKNOWN";/* Cipher suite name */
72b9a313 37 int tlsVersion = 0; /* TLS version number */
79a37326
MS		 38
39
40 if (argc < 2 || argc > 3)
41 {
42 puts("Usage: ./tlscheck server [port]");
43 puts("");
44 puts("The default port is 631.");
45 return (1);
46 }
47
48 if (argc == 3)
49 port = atoi(argv[2]);
50
51 http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
52 if (!http)
53 {
54 printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
55 return (1);
56 }
57
58#ifdef __APPLE__
72b9a313 59 SSLProtocol protocol;
79a37326
MS		 60 SSLCipherSuite cipher;
61 char unknownCipherName[256];
62 int paramsNeeded = 0;
63 const void *params;
64 size_t paramsLen;
65 OSStatus err;
66
72b9a313
MS		 67 if ((err = SSLGetNegotiatedProtocolVersion(http->tls, &protocol)) != noErr)
68 {
69 printf("%s: ERROR (No protocol version - %d)\n", server, (int)err);
70 httpClose(http);
71 return (1);
72 }
73
74 switch (protocol)
75 {
76 default :
77 tlsVersion = 0;
78 break;
79 case kSSLProtocol3 :
80 tlsVersion = 30;
81 break;
82 case kTLSProtocol1 :
83 tlsVersion = 10;
84 break;
85 case kTLSProtocol11 :
86 tlsVersion = 11;
87 break;
88 case kTLSProtocol12 :
89 tlsVersion = 12;
90 break;
91 }
92
79a37326
MS		 93 if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
94 {
95 printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
96 httpClose(http);
97 return (1);
98 }
99
100 switch (cipher)
101 {
102 case TLS_NULL_WITH_NULL_NULL:
103 cipherName = "TLS_NULL_WITH_NULL_NULL";
104 break;
105 case TLS_RSA_WITH_NULL_MD5:
106 cipherName = "TLS_RSA_WITH_NULL_MD5";
107 break;
108 case TLS_RSA_WITH_NULL_SHA:
109 cipherName = "TLS_RSA_WITH_NULL_SHA";
110 break;
111 case TLS_RSA_WITH_RC4_128_MD5:
112 cipherName = "TLS_RSA_WITH_RC4_128_MD5";
113 break;
114 case TLS_RSA_WITH_RC4_128_SHA:
115 cipherName = "TLS_RSA_WITH_RC4_128_SHA";
116 break;
117 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
118 cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
119 break;
120 case TLS_RSA_WITH_NULL_SHA256:
121 cipherName = "TLS_RSA_WITH_NULL_SHA256";
122 break;
123 case TLS_RSA_WITH_AES_128_CBC_SHA256:
124 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
125 break;
126 case TLS_RSA_WITH_AES_256_CBC_SHA256:
127 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
128 break;
129 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
130 cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
131 paramsNeeded = 1;
132 break;
133 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
134 cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
135 paramsNeeded = 1;
136 break;
137 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
138 cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
139 paramsNeeded = 1;
140 break;
141 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
142 cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
143 paramsNeeded = 1;
144 break;
145 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
146 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
147 paramsNeeded = 1;
148 break;
149 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
150 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
151 paramsNeeded = 1;
152 break;
153 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
154 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
155 paramsNeeded = 1;
156 break;
157 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
158 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
159 paramsNeeded = 1;
160 break;
161 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
162 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
163 paramsNeeded = 1;
164 break;
165 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
166 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
167 paramsNeeded = 1;
168 break;
169 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
170 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
171 paramsNeeded = 1;
172 break;
173 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
174 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
175 paramsNeeded = 1;
176 break;
177 case TLS_DH_anon_WITH_RC4_128_MD5:
178 cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
179 paramsNeeded = 1;
180 break;
181 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
182 cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
183 paramsNeeded = 1;
184 break;
185 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
186 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
187 paramsNeeded = 1;
188 break;
189 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
190 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
191 paramsNeeded = 1;
192 break;
193 case TLS_PSK_WITH_RC4_128_SHA:
194 cipherName = "TLS_PSK_WITH_RC4_128_SHA";
195 break;
196 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
197 cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
198 break;
199 case TLS_PSK_WITH_AES_128_CBC_SHA:
200 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
201 break;
202 case TLS_PSK_WITH_AES_256_CBC_SHA:
203 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
204 break;
205 case TLS_DHE_PSK_WITH_RC4_128_SHA:
206 cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
207 paramsNeeded = 1;
208 break;
209 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
210 cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
211 paramsNeeded = 1;
212 break;
213 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
214 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
215 paramsNeeded = 1;
216 break;
217 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
218 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
219 paramsNeeded = 1;
220 break;
221 case TLS_RSA_PSK_WITH_RC4_128_SHA:
222 cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
223 break;
224 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
225 cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
226 break;
227 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
228 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
229 break;
230 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
231 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
232 break;
233 case TLS_PSK_WITH_NULL_SHA:
234 cipherName = "TLS_PSK_WITH_NULL_SHA";
235 break;
236 case TLS_DHE_PSK_WITH_NULL_SHA:
237 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
238 paramsNeeded = 1;
239 break;
240 case TLS_RSA_PSK_WITH_NULL_SHA:
241 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
242 break;
243 case TLS_RSA_WITH_AES_128_GCM_SHA256:
244 cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
245 break;
246 case TLS_RSA_WITH_AES_256_GCM_SHA384:
247 cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
248 break;
249 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
250 cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
251 paramsNeeded = 1;
252 break;
253 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
254 cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
255 paramsNeeded = 1;
256 break;
257 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
258 cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
259 paramsNeeded = 1;
260 break;
261 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
262 cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
263 paramsNeeded = 1;
264 break;
265 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
266 cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
267 paramsNeeded = 1;
268 break;
269 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
270 cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
271 paramsNeeded = 1;
272 break;
273 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
274 cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
275 paramsNeeded = 1;
276 break;
277 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
278 cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
279 paramsNeeded = 1;
280 break;
281 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
282 cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
283 paramsNeeded = 1;
284 break;
285 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
286 cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
287 paramsNeeded = 1;
288 break;
289 case TLS_PSK_WITH_AES_128_GCM_SHA256:
290 cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
291 break;
292 case TLS_PSK_WITH_AES_256_GCM_SHA384:
293 cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
294 break;
295 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
296 cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
297 paramsNeeded = 1;
298 break;
299 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
300 cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
301 paramsNeeded = 1;
302 break;
303 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
304 cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
305 break;
306 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
307 cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
308 break;
309 case TLS_PSK_WITH_AES_128_CBC_SHA256:
310 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
311 break;
312 case TLS_PSK_WITH_AES_256_CBC_SHA384:
313 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
314 break;
315 case TLS_PSK_WITH_NULL_SHA256:
316 cipherName = "TLS_PSK_WITH_NULL_SHA256";
317 break;
318 case TLS_PSK_WITH_NULL_SHA384:
319 cipherName = "TLS_PSK_WITH_NULL_SHA384";
320 break;
321 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
322 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
323 paramsNeeded = 1;
324 break;
325 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
326 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
327 paramsNeeded = 1;
328 break;
329 case TLS_DHE_PSK_WITH_NULL_SHA256:
330 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
331 paramsNeeded = 1;
332 break;
333 case TLS_DHE_PSK_WITH_NULL_SHA384:
334 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
335 paramsNeeded = 1;
336 break;
337 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
338 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
339 break;
340 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
341 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
342 break;
343 case TLS_RSA_PSK_WITH_NULL_SHA256:
344 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
345 break;
346 case TLS_RSA_PSK_WITH_NULL_SHA384:
347 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
348 break;
349 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
350 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
351 paramsNeeded = 1;
352 break;
353 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
354 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
355 paramsNeeded = 1;
356 break;
357 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
358 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
359 paramsNeeded = 1;
360 break;
361 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
362 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
363 paramsNeeded = 1;
364 break;
365 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
366 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
367 paramsNeeded = 1;
368 break;
369 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
370 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
371 paramsNeeded = 1;
372 break;
373 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
374 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
375 paramsNeeded = 1;
376 break;
377 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
378 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
379 paramsNeeded = 1;
380 break;
381 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
382 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
383 paramsNeeded = 1;
384 break;
385 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
386 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
387 paramsNeeded = 1;
388 break;
389 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
390 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
391 paramsNeeded = 1;
392 break;
393 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
394 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
395 paramsNeeded = 1;
396 break;
397 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
398 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
399 paramsNeeded = 1;
400 break;
401 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
402 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
403 paramsNeeded = 1;
404 break;
405 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
406 cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
407 paramsNeeded = 1;
408 break;
409 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
410 cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
411 paramsNeeded = 1;
412 break;
413 default :
414 snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
415 cipherName = unknownCipherName;
416 break;
417 }
418
419 if (cipher == TLS_RSA_WITH_RC4_128_MD5 ||
420 cipher == TLS_RSA_WITH_RC4_128_SHA)
421 {
422 printf("%s: ERROR (Insecure RC4 negotiated)\n", server);
423 httpClose(http);
424 return (1);
425 }
426
427 if ((err = SSLGetDiffieHellmanParams(http->tls, &params, &paramsLen)) != noErr && paramsNeeded)
428 {
429 printf("%s: ERROR (Unable to get Diffie Hellman parameters - %d)\n", server, (int)err);
430 httpClose(http);
431 return (1);
432 }
433
434 if (paramsLen < 128 && paramsLen != 0)
435 {
436 printf("%s: ERROR (Diffie Hellman parameters only %d bytes/%d bits)\n", server, (int)paramsLen, (int)paramsLen * 8);
437 httpClose(http);
438 return (1);
439 }
440#endif /* __APPLE__ */
441
72b9a313 442 printf("%s: OK (%d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
79a37326
MS		 443
444 httpClose(http);
445
446 return (0);
447}
448
449
450/*
451 * End of "$Id$".
452 */
Unnamed repository; edit this file 'description' to name the repository.