⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 ssltest.sh

📁 开源的ssl算法openssl,版本0.9.8H
💻 SH
字号:
🔍 
#! /bin/sh# Tests ECC cipher suites using ssltest. Requires one argument which could# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.# A second optional argument can be one of ssl2 ssl3 or tls1if [ "$1" = "" ]; then  (echo "Usage: $0 test [ protocol ]"   echo "   where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"   echo "   and protocol (optional) is one of ssl2, ssl3, tls1"   echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."  ) >&2  exit 1fiOPENSSL_DIR=../..CERTS_DIR=./CertsSSLTEST=$OPENSSL_DIR/test/ssltest# SSL protocol version to test (one of ssl2 ssl3 or tls1)"SSLVERSION=# These don't really require any certificatesAECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"# These require ECC certificates signed with ECDSA# The EC public key must be authorized for key agreement.ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"# These require ECC certificates.# The EC public key must be authorized for digital signature.ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"# These require ECC certificates signed with RSA.# The EC public key must be authorized for key agreement.ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"# These require RSA certificates.# The RSA public key must be authorized for digital signature.ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"# List of Elliptic curves over which we wish to test generation of# ephemeral ECDH keys when using AECDH or ECDHE ciphers# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"DEFAULT_CURVE="sect163r2"if [ "$2" = "" ]; then    if [ "$SSL_VERSION" = "" ]; then	SSL_VERSION=""    else	SSL_VERSION="-$SSL_VERSION"    fielse    SSL_VERSION="-$2"fi#==============================================================# Anonymous cipher suites do not require key or certificate files# but ssltest expects a cert file and complains if it can't# open the default one.SERVER_PEM=$OPENSSL_DIR/apps/server.pemif [ "$1" = "aecdh" ]; thenfor cipher in $AECDH_CIPHER_LISTdo    echo "Testing $cipher"    $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher done#--------------------------------------------------------------for curve in $ELLIPTIC_CURVE_LISTdo    echo "Testing AECDH-NULL-SHA (with $curve)"    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \	-named_curve $curve -cipher AECDH-NULL-SHAdonefor curve in $ELLIPTIC_CURVE_LISTdo    echo "Testing AECDH-RC4-SHA (with $curve)"    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \	-named_curve $curve -cipher AECDH-RC4-SHAdonefi#==============================================================# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require # the server to have an ECC certificate signed with ECDSA.CA_PEM=$CERTS_DIR/secp160r1TestCA.pemSERVER_PEM=$CERTS_DIR/secp160r2TestServer.pemCLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pemif [ "$1" = "ecdh-ecdsa" ]; thenfor cipher in $ECDH_ECDSA_CIPHER_LISTdo    echo "Testing $cipher (with server authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-cipher $cipher    echo "Testing $cipher (with server and client authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-c_cert $CLIENT_PEM -client_auth \	-cipher $cipherdonefi#==============================================================if [ "$1" = "ecdhe-ecdsa" ]; thenfor cipher in $ECDHE_ECDSA_CIPHER_LISTdo    echo "Testing $cipher (with server authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-cipher $cipher -named_curve $DEFAULT_CURVE    echo "Testing $cipher (with server and client authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-c_cert $CLIENT_PEM -client_auth \	-cipher $cipher -named_curve $DEFAULT_CURVEdone#--------------------------------------------------------------for curve in $ELLIPTIC_CURVE_LISTdo    echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-c_cert $CLIENT_PEM -client_auth \	-cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve donefi#==============================================================# ECDH-RSA cipher suites require the server to have an ECC# certificate signed with RSA.CA_PEM=$CERTS_DIR/rsa1024TestCA.pemSERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pemCLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pemif [ "$1" = "ecdh-rsa" ]; thenfor cipher in $ECDH_RSA_CIPHER_LISTdo    echo "Testing $cipher (with server authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-cipher $cipher    echo "Testing $cipher (with server and client authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-c_cert $CLIENT_PEM -client_auth \	-cipher $cipherdonefi#==============================================================# ECDHE-RSA cipher suites require the server to have an RSA cert.CA_PEM=$CERTS_DIR/rsa1024TestCA.pemSERVER_PEM=$CERTS_DIR/rsa1024TestServer.pemCLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pemif [ "$1" = "ecdhe-rsa" ]; thenfor cipher in $ECDHE_RSA_CIPHER_LISTdo    echo "Testing $cipher (with server authentication)"    echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-cipher $cipher -named_curve $DEFAULT_CURVE    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-cipher $cipher -named_curve $DEFAULT_CURVE    echo "Testing $cipher (with server and client authentication)"    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \	-cert $SERVER_PEM -server_auth \	-c_cert $CLIENT_PEM -client_auth \	-cipher $cipher -named_curve $DEFAULT_CURVEdonefi#==============================================================

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -