2

I have a list of IPs I need to check if they support TLS1.2, and I am using Openssl for that. However I can't seem to automate the process within the Bash script. It only executes on first IP and waits for my input. I read I have to either add < /dev/null or echo "x" but it does not help. I tried:

for i in `cat scope`; do openssl s_client -tls1_2 -connect $i:443 < /dev/null; done

or:

for i in `cat scope`; do echo "x" | openssl s_client -tls1_2 -connect $i:443 < /dev/null; done

EDIT: solved, port 443 was not open on 2nd IP, that's why it was waiting.

Improve this question
5
  • Can you try running that manually for one IP and paste the terminal input/output? Commented Sep 7, 2016 at 11:52
  • @anishsane if I run on 1 IP, without for loop it gives me me output and finishes normally and I get my prompt back: openssl s_client -tls1_2 -connect $(head -1 scope):443 < /dev/null. However if I run that using for loop it just stops after 1 IP is checked. Commented Sep 7, 2016 at 12:04
  • ok, is there any error on second line? maybe trailing spaces or any special character, etc? Also, does it run manually for 2nd line (openssl s_client -tls1_2 -connect $(sed -n 2p scope):443 < /dev/null)? Or perhaps the second IP does not respond and thus, the process just hangs? In that case (hang case), try adding something like timeout 10 before openssl. Commented Sep 7, 2016 at 12:08
  • could you post the content of scope? I couldn't reproduce the problem with a random example... Commented Sep 7, 2016 at 12:08
  • Ok, apparently port 443 was filtered on 2nd IP.. I completely forgot to check that and assumed it's open on all of them. Well sorry, was my fault. Thanks everyone. Commented Sep 7, 2016 at 12:21

1 Answer 1

Reset to default
1

I would advise to use nmap instead of s_client to check the TLS handshake (and it will catch the case when port are not open).

for i in `cat scope`; do 
  if nmap --script ssl-enum-ciphers -p 443 "$i" | grep "TLSv1.2" >/dev/null; then 
    echo "$i supports TLSv1.2"
  else
    echo "$i doesn't support TLSv1.2"
  fi
done
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Indeed, that's better :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.