2015-07-02 13:15:34 +00:00
|
|
|
# $OpenBSD: try-ciphers.sh,v 1.24 2015/03/03 22:35:19 markus Exp $
|
2002-06-27 22:31:32 +00:00
|
|
|
# Placed in the Public Domain.
|
|
|
|
|
|
|
|
|
|
tid="try ciphers"
|
|
|
|
|
|
2015-01-05 16:09:55 +00:00
|
|
|
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
|
|
|
|
|
|
2014-01-30 10:56:49 +00:00
|
|
|
for c in `${SSH} -Q cipher`; do
|
2013-03-22 11:19:48 +00:00
|
|
|
n=0
|
2014-01-30 10:56:49 +00:00
|
|
|
for m in `${SSH} -Q mac`; do
|
2002-06-27 22:31:32 +00:00
|
|
|
trace "proto 2 cipher $c mac $m"
|
|
|
|
|
verbose "test $tid: proto 2 cipher $c mac $m"
|
2015-01-05 16:09:55 +00:00
|
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
|
|
|
echo "Ciphers=$c" >> $OBJ/sshd_proxy
|
|
|
|
|
echo "MACs=$m" >> $OBJ/sshd_proxy
|
2002-06-27 22:31:32 +00:00
|
|
|
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
fail "ssh -2 failed with mac $m cipher $c"
|
|
|
|
|
fi
|
2014-01-30 10:56:49 +00:00
|
|
|
# No point trying all MACs for AEAD ciphers since they
|
|
|
|
|
# are ignored.
|
|
|
|
|
if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
|
|
|
|
|
break
|
|
|
|
|
fi
|
2013-03-22 11:19:48 +00:00
|
|
|
n=`expr $n + 1`
|
2002-06-27 22:31:32 +00:00
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
|
2015-07-02 13:15:34 +00:00
|
|
|
if ssh_version 1; then
|
|
|
|
|
ciphers="3des blowfish"
|
|
|
|
|
else
|
|
|
|
|
ciphers=""
|
|
|
|
|
fi
|
2002-06-27 22:31:32 +00:00
|
|
|
for c in $ciphers; do
|
|
|
|
|
trace "proto 1 cipher $c"
|
|
|
|
|
verbose "test $tid: proto 1 cipher $c"
|
|
|
|
|
${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
fail "ssh -1 failed with cipher $c"
|
|
|
|
|
fi
|
|
|
|
|
done
|
2004-04-20 09:35:04 +00:00
|
|
|
|
