mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-30 05:50:53 +03:00
blockcheck: return tls-max for openssl
This commit is contained in:
parent
45c120b40c
commit
6ba23f2624
@ -253,6 +253,16 @@ curl_supports_tls13()
|
|||||||
[ $? != 4 ]
|
[ $? != 4 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
curl_supports_tlsmax()
|
||||||
|
{
|
||||||
|
# supported only in OpenSSL and LibreSSL
|
||||||
|
curl --version | grep -Fq -e OpenSSL -e LibreSSL -e GnuTLS || return 1
|
||||||
|
# supported since curl 7.54
|
||||||
|
curl --tls-max 1.2 -Is -o /dev/null http://$LOCALHOST_IPT:65535 2>/dev/null
|
||||||
|
# return code 2 = init failed. likely bad command line options
|
||||||
|
[ $? != 2 ]
|
||||||
|
}
|
||||||
|
|
||||||
hdrfile_http_code()
|
hdrfile_http_code()
|
||||||
{
|
{
|
||||||
# $1 - hdr file
|
# $1 - hdr file
|
||||||
@ -294,7 +304,7 @@ curl_test_https_tls12()
|
|||||||
# $2 - domain name
|
# $2 - domain name
|
||||||
|
|
||||||
# do not use tls 1.3 to make sure server certificate is not encrypted
|
# do not use tls 1.3 to make sure server certificate is not encrypted
|
||||||
curl -${1}ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 "https://$2" -o /dev/null 2>&1
|
curl -${1}ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 $TLSMAX12 "https://$2" -o /dev/null 2>&1
|
||||||
}
|
}
|
||||||
curl_test_https_tls13()
|
curl_test_https_tls13()
|
||||||
{
|
{
|
||||||
@ -302,7 +312,7 @@ curl_test_https_tls13()
|
|||||||
# $2 - domain name
|
# $2 - domain name
|
||||||
|
|
||||||
# force TLS1.3 mode
|
# force TLS1.3 mode
|
||||||
curl -${1}ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 "https://$2" -o /dev/null 2>&1
|
curl -${1}ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 $TLSMAX13 "https://$2" -o /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
pktws_ipt_prepare()
|
pktws_ipt_prepare()
|
||||||
@ -715,6 +725,14 @@ configure_ip_version()
|
|||||||
}
|
}
|
||||||
configure_curl_opt()
|
configure_curl_opt()
|
||||||
{
|
{
|
||||||
|
# wolfssl : --tlsv1.x mandates exact ssl version, tls-max not supported
|
||||||
|
# openssl : --tlsv1.x means "version equal or greater", tls-max supported
|
||||||
|
TLSMAX12=
|
||||||
|
TLSMAX13=
|
||||||
|
curl_supports_tlsmax && {
|
||||||
|
TLSMAX12="--tls-max 1.2"
|
||||||
|
TLSMAX13="--tls-max 1.3"
|
||||||
|
}
|
||||||
TLS13=
|
TLS13=
|
||||||
curl_supports_tls13 && TLS13=1
|
curl_supports_tls13 && TLS13=1
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user