Arun Arun - 3 months ago 10
Bash Question

Bash Exit Issue

The current script (

scan.sh
) is taking too much time to negotiate with any one of the listed cipher below and process is stuck at that point trying to negotiate.

$ openssl ciphers -V | grep "CBC3"

0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
0x00,0x13 - EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1


Run Command :

$./scan.sh X.X.X.X

How do i exit for the any of the delaying cipher and move to the next cipher for negotiation ? Any suggestions please , I'm not familiar in Bash.

#scan.sh

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1:443
DELAY=1
ciphers=$(openssl ciphers -V | grep "CBC3" | awk '{print $3}')

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
echo NO \($error\)
else
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
echo YES
else
echo UNKNOWN RESPONSE
echo $result
fi
fi
sleep $DELAY
done

Answer

First you could make ciphers an array like below for a neater look?

ciphers=( $(openssl ciphers -V | grep "CBC3" | awk '{print $3}') )

then do something like

result="$(timeout 10s openssl s_client -cipher "${cipher[@]" -connect "$SERVER" 2>&1)" 

Notes

  • timeout 10s waits 10s for the command to finish else kills it
  • Double quote the variables like "$SERVER" and make script variables lower case so that it won't conflict with system variables.