diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2021-02-02 13:24:24 +0100 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2021-08-14 11:59:45 +0200 |
| commit | 8651ed2db680e8debd01dae42a94d760f3a7b755 (patch) | |
| tree | ea0442a9b13d7a92b1e597ff1873a5322f210f39 /.local | |
| parent | a60b25a8d6f38aea52d76f06a583b304fdd429f3 (diff) | |
Add new tls-check util
Diffstat (limited to '.local')
| -rwxr-xr-x | .local/bin/tls-check | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/.local/bin/tls-check b/.local/bin/tls-check new file mode 100755 index 0000000..a38a8f1 --- /dev/null +++ b/.local/bin/tls-check @@ -0,0 +1,98 @@ +#!/bin/sh + +# This program is free software: you can redistribute it and/or modify it under +# the terms of the GNU Affero General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) any +# later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +# details. + +readonly red=$(tput setaf 1) +readonly green=$(tput setaf 2) +readonly normal=$(tput sgr0) + +main() +{ + # Handle opts + while getopts ":hp:" opt + do + case "$opt" in + h) usage && exit 0 ;; + p) port=$OPTARG ;; + *) + printf "Invalid option passed: %s\n" "$OPTARG" >&2 + ;; + esac + done + + shift $(( OPTIND - 1 )) + + [ -z "$port" ] && port=443 + + # Show usage when no arguments are passed + if [ $# -lt 1 ] + then + usage && exit 0 + fi + + domain_length=0 + + # Calculate longest domain name + for domain in "$@" + do + if [ ${#domain} -gt $domain_length ] + then + domain_length=${#domain} + fi + done + + # Print out TLS compatability matrix + for domain in "$@" + do + printf "%${domain_length}s:%d" "$domain" "$port" + printf " %s${normal}" "$(openssl_tls_1_0 "$domain" && printf "%s" "${green}1.0" || printf "%s" "${red}1.0")" + printf " %s${normal}" "$(openssl_tls_1_1 "$domain" && printf "%s" "${green}1.1" || printf "%s" "${red}1.1")" + printf " %s${normal}" "$(openssl_tls_1_2 "$domain" && printf "%s" "${green}1.2" || printf "%s" "${red}1.2")" + printf " %s${normal}" "$(openssl_tls_1_3 "$domain" && printf "%s" "${green}1.3" || printf "%s" "${red}1.3")" + printf "\n" + done +} + +openssl_tls_1_0() +{ + printf "\n" | openssl s_client -tls1 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_1() +{ + printf "\n" | openssl s_client -tls1_1 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_2() +{ + printf "\n" | openssl s_client -tls1_2 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_3() +{ + printf "\n" | openssl s_client -tls1_3 -connect "$1:$port" > /dev/null 2>&1 +} + +usage() +{ + cat <<EOF +Usage: + ${0##*/} -h + +Check a server for supported TLS versions. + +Options: + -h Show this help text and exit. + -p Set the port to test on. Defaults to 443. +EOF +} + +main "$@" |