#!/usr/bin/perl
# Comments: {{{1
# andyw vistorm 2006
# This file is under the GNU General licence V2

# Init {{{1
my ($host, $port) = @ARGV[0,1];
die "Usage: $0 host port\n" unless length($host) && length($port);

# a nasty way of "future-proofing" list of ssl versions
my @ssl_v = map { m/(\w+)/; $_=$1 } `openssl s_client -h 2>&1|grep "just use"`;
my @ciphers = split/:/,substr(qx(openssl ciphers),0,-1);

# Main loop {{{1
for my $c (@ciphers) {
	run_ossl("-cipher $c", $c, \@passed, \@failed);
}

for my $l (grep !/dtls1/, @ssl_v) {
	run_ossl("-$l", $l, \@ssl_passed, \@ssl_failed);
}

# Summary {{{1

print "\n" . '-' x 78 . "\n";
print "SSL ciphers Supported: "  . join(', ', @passed     ) . "\n\n";
print "SSL ciphers DENIED: "     . join(', ', @failed     ) . "\n\n";
print "SSL versions Supported: " . join(', ', @ssl_passed ) . "\n";
print "SSL versions DENIED: "    . join(', ', @ssl_failed ) . "\n";

# run_ossl function {{{1
sub run_ossl {
	my ($cmd,$l, $pref, $fref) = @_;
	my $res = 0;

	print "Testing $l ";

	open(A,"echo a | openssl s_client -connect $host:$port $cmd " .
			"2>/dev/null |") ||
		die "\n*** Connection to $host:$port failed, or something.";
	while(<A>) { $res = 1 if (/SSL handshake has read/) }
	close(A);

	die "\n*** Something went wrong. Connection failed? (openssl ret = " .
		($? >> 8) .")\n" if $? != 0;

	if ($res) { print "yes\n"; push @$pref, $l }
	else { print "no\n"; push @$fref, $l }
}

# vim: ts=4 fdm=marker