接続先サーバで使用可能なcipherを知りたい--curl_20141108
curlの最新版、7.39.0が先日出たようだ。これで接続先サーバで使用可能なcipherを知りたい--curl_20141029 - Shammerismのスクリプトを試してみたが、問題なさそうだ。でも、、、なんか不安だ。本当に漏れはないだろうか。とりあえず、実行結果の例。
~:# ./check-remote-ciphers.sh 10.255.160.27 / ECDHE-ECDSA-AES256-GCM-SHA384 is not supported on this server. ECDHE-ECDSA-AES256-SHA384 is not supported on this server. ECDHE-ECDSA-AES256-SHA is not supported on this server. SRP-DSS-AES-256-CBC-SHA is not supported on this server. SRP-RSA-AES-256-CBC-SHA is not supported on this server. SRP-AES-256-CBC-SHA is not supported on this server. DHE-DSS-AES256-GCM-SHA384 is not supported on this server. DHE-RSA-AES256-GCM-SHA384 is not supported on this server. DHE-RSA-AES256-SHA256 is not supported on this server. DHE-DSS-AES256-SHA256 is not supported on this server. DHE-RSA-AES256-SHA is not supported on this server. DHE-DSS-AES256-SHA is not supported on this server. DHE-RSA-CAMELLIA256-SHA is not supported on this server. DHE-DSS-CAMELLIA256-SHA is not supported on this server. ECDH-RSA-AES256-GCM-SHA384 is not supported on this server. ECDH-ECDSA-AES256-GCM-SHA384 is not supported on this server. ECDH-RSA-AES256-SHA384 is not supported on this server. ECDH-ECDSA-AES256-SHA384 is not supported on this server. ECDH-RSA-AES256-SHA is not supported on this server. ECDH-ECDSA-AES256-SHA is not supported on this server. CAMELLIA256-SHA is not supported on this server. PSK-AES256-CBC-SHA is not supported on this server. ECDHE-RSA-DES-CBC3-SHA is not supported on this server. ECDHE-ECDSA-DES-CBC3-SHA is not supported on this server. SRP-DSS-3DES-EDE-CBC-SHA is not supported on this server. SRP-RSA-3DES-EDE-CBC-SHA is not supported on this server. SRP-3DES-EDE-CBC-SHA is not supported on this server. EDH-RSA-DES-CBC3-SHA is not supported on this server. EDH-DSS-DES-CBC3-SHA is not supported on this server. ECDH-RSA-DES-CBC3-SHA is not supported on this server. ECDH-ECDSA-DES-CBC3-SHA is not supported on this server. PSK-3DES-EDE-CBC-SHA is not supported on this server. ECDHE-ECDSA-AES128-GCM-SHA256 is not supported on this server. ECDHE-ECDSA-AES128-SHA256 is not supported on this server. ECDHE-ECDSA-AES128-SHA is not supported on this server. SRP-DSS-AES-128-CBC-SHA is not supported on this server. SRP-RSA-AES-128-CBC-SHA is not supported on this server. SRP-AES-128-CBC-SHA is not supported on this server. DHE-DSS-AES128-GCM-SHA256 is not supported on this server. DHE-RSA-AES128-GCM-SHA256 is not supported on this server. DHE-RSA-AES128-SHA256 is not supported on this server. DHE-DSS-AES128-SHA256 is not supported on this server. DHE-RSA-AES128-SHA is not supported on this server. DHE-DSS-AES128-SHA is not supported on this server. DHE-RSA-SEED-SHA is not supported on this server. DHE-DSS-SEED-SHA is not supported on this server. DHE-RSA-CAMELLIA128-SHA is not supported on this server. DHE-DSS-CAMELLIA128-SHA is not supported on this server. ECDH-RSA-AES128-GCM-SHA256 is not supported on this server. ECDH-ECDSA-AES128-GCM-SHA256 is not supported on this server. ECDH-RSA-AES128-SHA256 is not supported on this server. ECDH-ECDSA-AES128-SHA256 is not supported on this server. ECDH-RSA-AES128-SHA is not supported on this server. ECDH-ECDSA-AES128-SHA is not supported on this server. SEED-SHA is not supported on this server. CAMELLIA128-SHA is not supported on this server. PSK-AES128-CBC-SHA is not supported on this server. ECDHE-RSA-RC4-SHA is not supported on this server. ECDHE-ECDSA-RC4-SHA is not supported on this server. ECDH-RSA-RC4-SHA is not supported on this server. ECDH-ECDSA-RC4-SHA is not supported on this server. RC4-SHA is not supported on this server. RC4-MD5 is not supported on this server. PSK-RC4-SHA is not supported on this server. EDH-RSA-DES-CBC-SHA is not supported on this server. EDH-DSS-DES-CBC-SHA is not supported on this server. DES-CBC-SHA is not supported on this server. ~:# ~:# ~:# ~:# cat supported-ciphers.txt ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DES-CBC3-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA ~:# ~:# ~:# ~:# ~:# openssl ciphers -v | wc 80 480 6053 ~:#
うーむ、、、cipherをいくつチェックしたかわかるようにした方がいいかもしれない。以下が最新版。
#!/bin/bash OK_COUNT=1; NG_COUNT=1; SUPPORTED_CIPHERS="supported-ciphers.txt"; if [ $# -ne 2 ];then echo "Usage $0 DestServer URI" exit 1; fi if [ -e $SUPPORTED_CIPHERS ];then rm $SUPPORTED_CIPHERS; fi ciphers=`openssl ciphers -v | awk '{print $1}'` > /dev/null; for i in $ciphers do curl -L --silent --insecure --ciphers $i https://$1$2 > res.html; RRR=`wc -l res.html | awk '{print $1}'`; if [ "$RRR" = "0" ];then echo "$NG_COUNT:$i is not supported on this server."; NG_COUNT=`expr $NG_COUNT + 1`; else echo "$OK_COUNT:$i" >> $SUPPORTED_CIPHERS; OK_COUNT=`expr $OK_COUNT + 1`; fi done
実行結果は以下。
~:# ./check-remote-ciphers.sh 10.255.160.27 / 1:ECDHE-ECDSA-AES256-GCM-SHA384 is not supported on this server. 2:ECDHE-ECDSA-AES256-SHA384 is not supported on this server. 3:ECDHE-ECDSA-AES256-SHA is not supported on this server. 4:SRP-DSS-AES-256-CBC-SHA is not supported on this server. 5:SRP-RSA-AES-256-CBC-SHA is not supported on this server. 6:SRP-AES-256-CBC-SHA is not supported on this server. 7:DHE-DSS-AES256-GCM-SHA384 is not supported on this server. 8:DHE-RSA-AES256-GCM-SHA384 is not supported on this server. 9:DHE-RSA-AES256-SHA256 is not supported on this server. 10:DHE-DSS-AES256-SHA256 is not supported on this server. 11:DHE-RSA-AES256-SHA is not supported on this server. 12:DHE-DSS-AES256-SHA is not supported on this server. 13:DHE-RSA-CAMELLIA256-SHA is not supported on this server. 14:DHE-DSS-CAMELLIA256-SHA is not supported on this server. 15:ECDH-RSA-AES256-GCM-SHA384 is not supported on this server. 16:ECDH-ECDSA-AES256-GCM-SHA384 is not supported on this server. 17:ECDH-RSA-AES256-SHA384 is not supported on this server. 18:ECDH-ECDSA-AES256-SHA384 is not supported on this server. 19:ECDH-RSA-AES256-SHA is not supported on this server. 20:ECDH-ECDSA-AES256-SHA is not supported on this server. 21:CAMELLIA256-SHA is not supported on this server. 22:PSK-AES256-CBC-SHA is not supported on this server. 23:ECDHE-RSA-DES-CBC3-SHA is not supported on this server. 24:ECDHE-ECDSA-DES-CBC3-SHA is not supported on this server. 25:SRP-DSS-3DES-EDE-CBC-SHA is not supported on this server. 26:SRP-RSA-3DES-EDE-CBC-SHA is not supported on this server. 27:SRP-3DES-EDE-CBC-SHA is not supported on this server. 28:EDH-RSA-DES-CBC3-SHA is not supported on this server. 29:EDH-DSS-DES-CBC3-SHA is not supported on this server. 30:ECDH-RSA-DES-CBC3-SHA is not supported on this server. 31:ECDH-ECDSA-DES-CBC3-SHA is not supported on this server. 32:PSK-3DES-EDE-CBC-SHA is not supported on this server. 33:ECDHE-ECDSA-AES128-GCM-SHA256 is not supported on this server. 34:ECDHE-ECDSA-AES128-SHA256 is not supported on this server. 35:ECDHE-ECDSA-AES128-SHA is not supported on this server. 36:SRP-DSS-AES-128-CBC-SHA is not supported on this server. 37:SRP-RSA-AES-128-CBC-SHA is not supported on this server. 38:SRP-AES-128-CBC-SHA is not supported on this server. 39:DHE-DSS-AES128-GCM-SHA256 is not supported on this server. 40:DHE-RSA-AES128-GCM-SHA256 is not supported on this server. 41:DHE-RSA-AES128-SHA256 is not supported on this server. 42:DHE-DSS-AES128-SHA256 is not supported on this server. 43:DHE-RSA-AES128-SHA is not supported on this server. 44:DHE-DSS-AES128-SHA is not supported on this server. 45:DHE-RSA-SEED-SHA is not supported on this server. 46:DHE-DSS-SEED-SHA is not supported on this server. 47:DHE-RSA-CAMELLIA128-SHA is not supported on this server. 48:DHE-DSS-CAMELLIA128-SHA is not supported on this server. 49:ECDH-RSA-AES128-GCM-SHA256 is not supported on this server. 50:ECDH-ECDSA-AES128-GCM-SHA256 is not supported on this server. 51:ECDH-RSA-AES128-SHA256 is not supported on this server. 52:ECDH-ECDSA-AES128-SHA256 is not supported on this server. 53:ECDH-RSA-AES128-SHA is not supported on this server. 54:ECDH-ECDSA-AES128-SHA is not supported on this server. 55:SEED-SHA is not supported on this server. 56:CAMELLIA128-SHA is not supported on this server. 57:PSK-AES128-CBC-SHA is not supported on this server. 58:ECDHE-RSA-RC4-SHA is not supported on this server. 59:ECDHE-ECDSA-RC4-SHA is not supported on this server. 60:ECDH-RSA-RC4-SHA is not supported on this server. 61:ECDH-ECDSA-RC4-SHA is not supported on this server. 62:RC4-SHA is not supported on this server. 63:RC4-MD5 is not supported on this server. 64:PSK-RC4-SHA is not supported on this server. 65:EDH-RSA-DES-CBC-SHA is not supported on this server. 66:EDH-DSS-DES-CBC-SHA is not supported on this server. 67:DES-CBC-SHA is not supported on this server. ~:# ~:# ~:# ~:# cat supported-ciphers.txt 1:ECDHE-RSA-AES256-GCM-SHA384 2:ECDHE-RSA-AES256-SHA384 3:ECDHE-RSA-AES256-SHA 4:AES256-GCM-SHA384 5:AES256-SHA256 6:AES256-SHA 7:DES-CBC3-SHA 8:ECDHE-RSA-AES128-GCM-SHA256 9:ECDHE-RSA-AES128-SHA256 10:ECDHE-RSA-AES128-SHA 11:AES128-GCM-SHA256 12:AES128-SHA256 13:AES128-SHA ~:#