Skip to content
Permalink
Browse files

Binary string washer (0x00 bytes) (probably) after completed ClientHello

    This commit proactively tries to address cases where the server side
    adds Null Bytes after or during ClientHello in cases where it should be text only.

    Now VAR2=$(< $VAR1) is being replaced by VAR2=$(cat -v $VAR1) which is normally
    not best practice and also considered a useless use of "cat", see
    https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter.

    Especially with bash 3.2 (Mac OS X) AND when on the server side binary chars it
    was reported to not work ok, see #1292.

    Performance measurements showed no to barely measureable penalty (at max 1s displayed difference
    in 9 tries).
  • Loading branch information...
drwetter committed Aug 19, 2019
1 parent 92654b2 commit 5874a722d8cbebae0d71f3377918f8f76322b934
Showing with 10 additions and 3 deletions.
  1. +10 −3 testssl.sh
@@ -1262,7 +1262,14 @@ strip_trailing_space() {
# retrieve cipher from ServerHello (via openssl)
get_cipher() {
local cipher=""
local server_hello="$(< "$1")"
local server_hello="$(cat -v "$1")"
# This and two other following instances are not best practice and normally a useless use of "cat", see
# https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter
# However there seem to be cases where the preferred $(< "$1") logic has a problem.
# Esepcially with bash 3.2 (Mac OS X) and when on the server side binary chars
# are returned, see https://stackoverflow.com/questions/7427262/how-to-read-a-file-into-a-variable-in-shell#22607352
# and https://github.com/drwetter/testssl.sh/issues/1292
# Performance measurements showed no to barely measureable penalty (1s displayed in 9 tries).

if [[ "$server_hello" =~ Cipher\ *:\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]]; then
cipher="${BASH_REMATCH##* }"
@@ -1275,7 +1282,7 @@ get_cipher() {
# retrieve protocol from ServerHello (via openssl)
get_protocol() {
local protocol=""
local server_hello="$(< "$1")"
local server_hello="$(cat -v "$1")"

if [[ "$server_hello" =~ Protocol\ *:\ (SSLv[23]|TLSv1(\.[0-3])?) ]]; then
protocol="${BASH_REMATCH##* }"
@@ -6938,7 +6945,7 @@ tls_time() {
# returns 0 if connect was successful, 1 if not
#
sclient_connect_successful() {
local server_hello="$(<"$2")"
local server_hello="$(cat -v "$2")"
local re='Master-Key: ([^\
]*)'

0 comments on commit 5874a72

Please sign in to comment.
You can’t perform that action at this time.