Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better output on first start #136

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Better output on first start #136

wants to merge 3 commits into from

Conversation

Jiab77
Copy link
Contributor

@Jiab77 Jiab77 commented Jan 23, 2017

Hi, I know we've already discussed about this earlier but when I tested again, I've found that the text was not properly displayed (I mean not as I wanted it to be) and I think this PR is better than the previous one.

@Jiab77 Jiab77 changed the title Better output on first load Better output on first start Jan 23, 2017
@tomato42
Copy link
Member

What do you mean by "not properly displayed"?

it works just fine on Fedora 24:

$ ./cscan.sh google.com

./cscan.sh: tlslite-ng not found, downloading...
Cloning into '.tlslite-ng'...
remote: Counting objects: 147, done.
remote: Compressing objects: 100% (140/140), done.
remote: Total 147 (delta 7), reused 56 (delta 2), pack-reused 0
Receiving objects: 100% (147/147), 303.68 KiB | 227.00 KiB/s, done.
Resolving deltas: 100% (7/7), done.
Checking connectivity... done.

./cscan.sh: python-ecdsa not found, downloading...
Cloning into '.python-ecdsa'...
remote: Counting objects: 31, done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 31 (delta 1), reused 10 (delta 1), pack-reused 0
Unpacking objects: 100% (31/31), done.
Checking connectivity... done.
Host google.com:443 scan complete

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

Second, please rebase your pull request to remove the merge commit.

@Jiab77
Copy link
Contributor Author

Jiab77 commented Jan 23, 2017

oh ok, I've not the same behavior on my side, mine is :

./cipherscan google.com
......................Clonage dans '.tlslite-ng'...
remote: Counting objects: 147, done.
remote: Compressing objects: 100% (140/140), done.
remote: Total 147 (delta 7), reused 56 (delta 2), pack-reused 0
Réception d'objets: 100% (147/147), 303.68 KiB | 0 bytes/s, fait.
Résolution des deltas: 100% (7/7), fait.
Vérification de la connectivité... fait.
Clonage dans '.python-ecdsa'...
remote: Counting objects: 31, done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 31 (delta 1), reused 10 (delta 1), pack-reused 0
Dépaquetage des objets: 100% (31/31), fait.
Vérification de la connectivité... fait.
.
Target: google.com:443

prio  ciphersuite                      protocols              pfs                 curves
1     ECDHE-RSA-CHACHA20-POLY1305-OLD  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES128-GCM-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
3     ECDHE-RSA-AES128-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
4     AES128-GCM-SHA256                TLSv1.2                None                None
5     AES128-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
6     DES-CBC3-SHA                     TLSv1,TLSv1.1,TLSv1.2  None                None
7     ECDHE-RSA-AES256-GCM-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
8     ECDHE-RSA-AES256-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
9     AES256-GCM-SHA384                TLSv1.2                None                None
10    AES256-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
11    ECDHE-RSA-AES128-SHA256          TLSv1.2                ECDH,P-256,256bits  prime256v1
12    ECDHE-RSA-AES256-SHA384          TLSv1.2                ECDH,P-256,256bits  prime256v1
13    AES128-SHA256                    TLSv1.2                None                None
14    AES256-SHA256                    TLSv1.2                None                None

Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 100800
NPN protocols: h2,http/1.1
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

./cscan.sh: tlslite-ng not found, downloading...

./cscan.sh: python-ecdsa not found, downloading...

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

but using cscan.sh only as you did:

$ ./cscan.sh google.com

./cscan.sh: tlslite-ng not found, downloading...
Clonage dans '.tlslite-ng'...
remote: Counting objects: 147, done.
remote: Compressing objects: 100% (140/140), done.
remote: Total 147 (delta 7), reused 56 (delta 2), pack-reused 0
Réception d'objets: 100% (147/147), 303.68 KiB | 0 bytes/s, fait.
Résolution des deltas: 100% (7/7), fait.
Vérification de la connectivité... fait.

./cscan.sh: python-ecdsa not found, downloading...
Clonage dans '.python-ecdsa'...
remote: Counting objects: 31, done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 31 (delta 1), reused 10 (delta 1), pack-reused 0
Dépaquetage des objets: 100% (31/31), fait.
Vérification de la connectivité... fait.
Host google.com:443 scan complete

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

Works correctly.

With my PR, the output of cipherscan would be:

$ ./cipherscan google.com
.......................
Target: google.com:443

prio  ciphersuite                      protocols              pfs                 curves
1     ECDHE-RSA-CHACHA20-POLY1305-OLD  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES128-GCM-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
3     ECDHE-RSA-AES128-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
4     AES128-GCM-SHA256                TLSv1.2                None                None
5     AES128-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
6     DES-CBC3-SHA                     TLSv1,TLSv1.1,TLSv1.2  None                None
7     ECDHE-RSA-AES256-GCM-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
8     ECDHE-RSA-AES256-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
9     AES256-GCM-SHA384                TLSv1.2                None                None
10    AES256-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
11    ECDHE-RSA-AES128-SHA256          TLSv1.2                ECDH,P-256,256bits  prime256v1
12    ECDHE-RSA-AES256-SHA384          TLSv1.2                ECDH,P-256,256bits  prime256v1
13    AES128-SHA256                    TLSv1.2                None                None
14    AES256-SHA256                    TLSv1.2                None                None

Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 100800
NPN protocols: h2,http/1.1
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

./cscan.sh: tlslite-ng not found, downloaded.
./cscan.sh: python-ecdsa not found, downloaded.

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

and for cscan.sh

$ ./cscan.sh google.com

./cscan.sh: tlslite-ng not found, downloaded.
./cscan.sh: python-ecdsa not found, downloaded.
Host google.com:443 scan complete

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

I'll just add an empty line before Host google.com:443 scan complete and that should be good I think

I'm running Linux Mate 18 Sarah (Based on Ubuntu 16.04).

@Jiab77
Added empty line
94316df 
Just to mark a proper separation before the execution of the main process
@Jiab77
Copy link
Contributor Author

Jiab77 commented Jan 23, 2017
edited
Loading

I'm reading about the rebase, please, give me some time to understand how to do what you've requested.

I've tested this on my repository git rebase -i HEAD~2 but I'm not really sure that will do what you want.
Should I do git push -f ?

Feel free to take the code on your side and delete this pull request. I'm not sure I can do what you've requested, I'm still trying to learn it and do it correctly...

Thank you very much for your help

@Jiab77
Copy link
Contributor Author

Jiab77 commented Jan 24, 2017
edited
Loading

Will delete this pull request and create a proper new one, not able to do it, so please do it so. I've deleted everything on my side. Thanks anyway for your time.

@tomato42
Copy link
Member

we could just redirect the echo output to stderr, then it won't be cached and will show up together with git output, add >&2to them

regarding rebase:

  1. you first need to pull the changes from this repository to your local repository - "git add remote", "git pull changes" are search terms that should help you with that
  2. after you have a branch on your local repository that matches exactly the state of master branch in this repo, you can rebase your branch on top of that matching branch
  3. to update this pull request you will have to do a force push

In general, I would suggest not to develop on master branch, and to keep your master branch in sync with upstream branch (that is, this repository's master branch) and do development in so-called feature branches

@Jiab77
Copy link
Contributor Author

Jiab77 commented Jan 24, 2017
edited
Loading

Thanks @tomato42 for your help. Will do that tonight, I must work on another project today.
Did not had the time to get back sooner 😢

I've created a new branch named testing in my repository https://github.com/Jiab77/cipherscan now I'm searching for merging this code to yours...

@Jiab77
Copy link
Contributor Author

Jiab77 commented Feb 6, 2017
edited
Loading

Well... very lately, I'm back. I've forked again this repository and will do git add remote as suggested. I'm sorry for this mess.

I've tested your suggestion to use >&2 at the end of echo lines and that works perfectly as expected:

First run

./cipherscan https://myproject
.........................................................
./cscan.sh: tlslite-ng not found, downloading...
Clonage dans '.tlslite-ng'...
remote: Counting objects: 147, done.
remote: Compressing objects: 100% (140/140), done.
remote: Total 147 (delta 7), reused 55 (delta 2), pack-reused 0
Réception d'objets: 100% (147/147), 304.10 KiB | 0 bytes/s, fait.
Résolution des deltas: 100% (7/7), fait.
Vérification de la connectivité... fait.

./cscan.sh: python-ecdsa not found, downloading...
Clonage dans '.python-ecdsa'...
remote: Counting objects: 31, done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 31 (delta 1), reused 10 (delta 1), pack-reused 0
Dépaquetage des objets: 100% (31/31), fait.
Vérification de la connectivité... fait.
.............
Target: myproject:443

prio  ciphersuite                  protocols  pfs                 curves
1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
3     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
4     ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1

Certificate: trusted, 4096 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: None
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : PRESENT
 TLS 1.1             : PRESENT
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

I've just hidden my website url because the project is still not finished.

Second run

./cipherscan https://google.com
.......................
Target: google.com:443

prio  ciphersuite                      protocols              pfs                 curves
1     ECDHE-RSA-CHACHA20-POLY1305-OLD  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES128-GCM-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
3     ECDHE-RSA-AES128-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
4     AES128-GCM-SHA256                TLSv1.2                None                None
5     AES128-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
6     DES-CBC3-SHA                     TLSv1,TLSv1.1,TLSv1.2  None                None
7     ECDHE-RSA-AES256-GCM-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
8     ECDHE-RSA-AES256-SHA             TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
9     AES256-GCM-SHA384                TLSv1.2                None                None
10    AES256-SHA                       TLSv1,TLSv1.1,TLSv1.2  None                None
11    ECDHE-RSA-AES128-SHA256          TLSv1.2                ECDH,P-256,256bits  prime256v1
12    ECDHE-RSA-AES256-SHA384          TLSv1.2                ECDH,P-256,256bits  prime256v1
13    AES128-SHA256                    TLSv1.2                None                None
14    AES256-SHA256                    TLSv1.2                None                None

Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 100800
NPN protocols: h2,http/1.1
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : absent
 TLS 1.1             : absent
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

@jvehent
Copy link
Contributor

jvehent commented Feb 7, 2017

I just got bitten by this today, since cscan outputs extra characters on first run even in JSON mode. I'm very much in favor of removing the extra verbosity, particularly when the user asked for JSON only.

@tomato42
Copy link
Member

tomato42 commented Feb 8, 2017

for the script to not output stuff in json mode, the shell script would have to parse the command line options

@Jiab77
Copy link
Contributor Author

Jiab77 commented Feb 20, 2017

Ok, so should I close this pull request then create a one based on the proper changes I've made with the help of @tomato42 ?

@tomato42
Copy link
Member

no, it's fine to edit the commits and then update the pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Jiab77 @tomato42 @jvehent