0, 'ssl3'=>0, 'tls1'=>1, 'tls1_1'=>1, 'tls1_2'=>1);
if (isset($_POST['action']) && $_POST['action'] == 'test')
{
$ip = $_POST['ip'];
if (!filter_var($ip, FILTER_VALIDATE_IP))
{
$ip = gethostbyname($_POST['ip']);
if ($ip == $_POST['ip'])
die("invalid host or IP");
}
$ip = $_POST['ip'];
$port = (int)$_POST['port'];
if ($port == 0 || !is_int($port))
die("invalid port: $port");
if (isset($_POST['show_output']) && $_POST['show_output'] == '1')
$show_output=true;
echo "
\n";
foreach ($protocols as $p => $should)
{
test_ssl($ip, $port, $p, $should);
}
echo "
\n";
}
?>
We consider the following to be the exepcted behavior:
$should)
{
if ($should)
echo "$p should work
\n";
else
echo "$p should not work
\n";
}
echo "However, tls1 and tls1_1 are not insecure.. so if they don't work that's fine, but may break older client's connections.
";
function test_ssl($host, $port, $cipher, $should)
{
global $show_output;
$return_code = 99;
$command = "/usr/bin/openssl s_client -port '$port' -host '$host' -$cipher 2>&1 < /dev/null";
echo "Test: $host:$port $cipher ... ";
exec($command, $str, $return_code);
$worked = 0;
if ($return_code == 0)
{
echo "worked";
$worked = 1;
}
else
{
echo "did not work ($return_code)";
$worked = 0;
}
if ($worked == $should)
{
echo "Good!";
}
else
{
echo "Bad!";
}
echo "
\n";
if ($show_output)
{
echo "";
echo "
\n";
echo "return code: $return_code
\n";
echo "
";
}
}
?>
Ports to test:
443: Apache
465: Exim
993: IMAP SSL
995: POP SSL
2222: DirectAdmin if you've got SSL enabled