From 8651ed2db680e8debd01dae42a94d760f3a7b755 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Tue, 2 Feb 2021 13:24:24 +0100 Subject: Add new tls-check util --- .local/bin/tls-check | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 .local/bin/tls-check diff --git a/.local/bin/tls-check b/.local/bin/tls-check new file mode 100755 index 0000000..a38a8f1 --- /dev/null +++ b/.local/bin/tls-check @@ -0,0 +1,98 @@ +#!/bin/sh + +# This program is free software: you can redistribute it and/or modify it under +# the terms of the GNU Affero General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) any +# later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +# details. + +readonly red=$(tput setaf 1) +readonly green=$(tput setaf 2) +readonly normal=$(tput sgr0) + +main() +{ + # Handle opts + while getopts ":hp:" opt + do + case "$opt" in + h) usage && exit 0 ;; + p) port=$OPTARG ;; + *) + printf "Invalid option passed: %s\n" "$OPTARG" >&2 + ;; + esac + done + + shift $(( OPTIND - 1 )) + + [ -z "$port" ] && port=443 + + # Show usage when no arguments are passed + if [ $# -lt 1 ] + then + usage && exit 0 + fi + + domain_length=0 + + # Calculate longest domain name + for domain in "$@" + do + if [ ${#domain} -gt $domain_length ] + then + domain_length=${#domain} + fi + done + + # Print out TLS compatability matrix + for domain in "$@" + do + printf "%${domain_length}s:%d" "$domain" "$port" + printf " %s${normal}" "$(openssl_tls_1_0 "$domain" && printf "%s" "${green}1.0" || printf "%s" "${red}1.0")" + printf " %s${normal}" "$(openssl_tls_1_1 "$domain" && printf "%s" "${green}1.1" || printf "%s" "${red}1.1")" + printf " %s${normal}" "$(openssl_tls_1_2 "$domain" && printf "%s" "${green}1.2" || printf "%s" "${red}1.2")" + printf " %s${normal}" "$(openssl_tls_1_3 "$domain" && printf "%s" "${green}1.3" || printf "%s" "${red}1.3")" + printf "\n" + done +} + +openssl_tls_1_0() +{ + printf "\n" | openssl s_client -tls1 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_1() +{ + printf "\n" | openssl s_client -tls1_1 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_2() +{ + printf "\n" | openssl s_client -tls1_2 -connect "$1:$port" > /dev/null 2>&1 +} + +openssl_tls_1_3() +{ + printf "\n" | openssl s_client -tls1_3 -connect "$1:$port" > /dev/null 2>&1 +} + +usage() +{ + cat <