From 8651ed2db680e8debd01dae42a94d760f3a7b755 Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Tue, 2 Feb 2021 13:24:24 +0100
Subject: Add new tls-check util
---
.local/bin/tls-check | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 98 insertions(+)
create mode 100755 .local/bin/tls-check
diff --git a/.local/bin/tls-check b/.local/bin/tls-check
new file mode 100755
index 0000000..a38a8f1
--- /dev/null
+++ b/.local/bin/tls-check
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+
+readonly red=$(tput setaf 1)
+readonly green=$(tput setaf 2)
+readonly normal=$(tput sgr0)
+
+main()
+{
+ # Handle opts
+ while getopts ":hp:" opt
+ do
+ case "$opt" in
+ h) usage && exit 0 ;;
+ p) port=$OPTARG ;;
+ *)
+ printf "Invalid option passed: %s\n" "$OPTARG" >&2
+ ;;
+ esac
+ done
+
+ shift $(( OPTIND - 1 ))
+
+ [ -z "$port" ] && port=443
+
+ # Show usage when no arguments are passed
+ if [ $# -lt 1 ]
+ then
+ usage && exit 0
+ fi
+
+ domain_length=0
+
+ # Calculate longest domain name
+ for domain in "$@"
+ do
+ if [ ${#domain} -gt $domain_length ]
+ then
+ domain_length=${#domain}
+ fi
+ done
+
+ # Print out TLS compatability matrix
+ for domain in "$@"
+ do
+ printf "%${domain_length}s:%d" "$domain" "$port"
+ printf " %s${normal}" "$(openssl_tls_1_0 "$domain" && printf "%s" "${green}1.0" || printf "%s" "${red}1.0")"
+ printf " %s${normal}" "$(openssl_tls_1_1 "$domain" && printf "%s" "${green}1.1" || printf "%s" "${red}1.1")"
+ printf " %s${normal}" "$(openssl_tls_1_2 "$domain" && printf "%s" "${green}1.2" || printf "%s" "${red}1.2")"
+ printf " %s${normal}" "$(openssl_tls_1_3 "$domain" && printf "%s" "${green}1.3" || printf "%s" "${red}1.3")"
+ printf "\n"
+ done
+}
+
+openssl_tls_1_0()
+{
+ printf "\n" | openssl s_client -tls1 -connect "$1:$port" > /dev/null 2>&1
+}
+
+openssl_tls_1_1()
+{
+ printf "\n" | openssl s_client -tls1_1 -connect "$1:$port" > /dev/null 2>&1
+}
+
+openssl_tls_1_2()
+{
+ printf "\n" | openssl s_client -tls1_2 -connect "$1:$port" > /dev/null 2>&1
+}
+
+openssl_tls_1_3()
+{
+ printf "\n" | openssl s_client -tls1_3 -connect "$1:$port" > /dev/null 2>&1
+}
+
+usage()
+{
+ cat <