Testing Multiple Addresses and Ports for TLS Connectivity (Vulnerable TLS Protocols)

Earlier this week I was faced with the challenge of remediating TLS vulnerabilities and I needed a way to easily test and verify if I correctly made the protocol change.

Below is the script I wrote that helped me accomplish this. (I’ve substituted the IP list tested, feel free to put your own when utilizing)

addressList=(127.0.0.1 10.0.0.1 192.168.1.1)

#protocolList=(ssl3 tls1 tls1_1)
protocolList=(tls1_2)

for ADDRESS in “${addressList[@]}”
do
for PORT in “${portList[@]}”
do
FULL_ADDRESS=$ADDRESS:$PORT
#echo “Acquiring Hostname on $ADDRESS – $PORT”
DNS_NAME=”$(host $ADDRESS | sed ‘s/.*pointer //’ | sed -r ‘s/\.$//’)”

for PROTOCOL in “${protocolList[@]}”
do
#echo “Acquiring TLS Status on $ADDRESS – $PORT – $TLS”
wat=”$(echo Q | openssl s_client -connect $FULL_ADDRESS -$PROTOCOL 2> /dev/null | grep -qi ‘Secure Renegotiation IS supported’ && echo “TRUE”)”
if [ “$wat” == “TRUE” ]; then
echo “$DNS_NAME – $PORT – $PROTOCOL is enabled”
#else
#echo “$DNS_NAME – $PORT – $PROTOCOL is NOT enabled”
fi
done
done
done

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s