用 column -t 排版...

LINE Engineering Blog 上看到「Best practices to secure your SSL/TLS Implementation」這篇,標題是英文但內文全部都是日文的文章,想說翻一下看看到底是怎麼一回事,然後看到這個有趣的指令...

首先先用 openssl ciphers -v AESGCM,可以看到排不整齊的 cipher 列表:

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD

而想用 tab 替換掉空白,讓輸出整齊一些,用 openssl ciphers -v AESGCM | sed -E 's/ +/\t/g' 看起來比原來好一些,但還是有點亂 (因為 tab 換 8 spaces 的關係):

ECDHE-ECDSA-AES256-GCM-SHA384   TLSv1.2 Kx=ECDH Au=ECDSA        Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384     TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384       TLSv1.2 Kx=DH   Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384       TLSv1.2 Kx=DH   Au=RSA  Enc=AESGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH   Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256   TLSv1.2 Kx=ECDH Au=ECDSA        Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256     TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256       TLSv1.2 Kx=DH   Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256       TLSv1.2 Kx=DH   Au=RSA  Enc=AESGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH   Au=None Enc=AESGCM(128) Mac=AEAD
RSA-PSK-AES256-GCM-SHA384       TLSv1.2 Kx=RSAPSK       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384       TLSv1.2 Kx=DHEPSK       Au=PSK  Enc=AESGCM(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK  Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256       TLSv1.2 Kx=RSAPSK       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256       TLSv1.2 Kx=DHEPSK       Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK  Au=PSK  Enc=AESGCM(128) Mac=AEAD

openssl ciphers -v AESGCM | column -t 看起來效果是最好的:

ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH    Au=ECDSA  Enc=AESGCM(256)  Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH    Au=RSA    Enc=AESGCM(256)  Mac=AEAD
DHE-DSS-AES256-GCM-SHA384      TLSv1.2  Kx=DH      Au=DSS    Enc=AESGCM(256)  Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2  Kx=DH      Au=RSA    Enc=AESGCM(256)  Mac=AEAD
ADH-AES256-GCM-SHA384          TLSv1.2  Kx=DH      Au=None   Enc=AESGCM(256)  Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH    Au=ECDSA  Enc=AESGCM(128)  Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH    Au=RSA    Enc=AESGCM(128)  Mac=AEAD
DHE-DSS-AES128-GCM-SHA256      TLSv1.2  Kx=DH      Au=DSS    Enc=AESGCM(128)  Mac=AEAD
DHE-RSA-AES128-GCM-SHA256      TLSv1.2  Kx=DH      Au=RSA    Enc=AESGCM(128)  Mac=AEAD
ADH-AES128-GCM-SHA256          TLSv1.2  Kx=DH      Au=None   Enc=AESGCM(128)  Mac=AEAD
RSA-PSK-AES256-GCM-SHA384      TLSv1.2  Kx=RSAPSK  Au=RSA    Enc=AESGCM(256)  Mac=AEAD
DHE-PSK-AES256-GCM-SHA384      TLSv1.2  Kx=DHEPSK  Au=PSK    Enc=AESGCM(256)  Mac=AEAD
AES256-GCM-SHA384              TLSv1.2  Kx=RSA     Au=RSA    Enc=AESGCM(256)  Mac=AEAD
PSK-AES256-GCM-SHA384          TLSv1.2  Kx=PSK     Au=PSK    Enc=AESGCM(256)  Mac=AEAD
RSA-PSK-AES128-GCM-SHA256      TLSv1.2  Kx=RSAPSK  Au=RSA    Enc=AESGCM(128)  Mac=AEAD
DHE-PSK-AES128-GCM-SHA256      TLSv1.2  Kx=DHEPSK  Au=PSK    Enc=AESGCM(128)  Mac=AEAD
AES128-GCM-SHA256              TLSv1.2  Kx=RSA     Au=RSA    Enc=AESGCM(128)  Mac=AEAD
PSK-AES128-GCM-SHA256          TLSv1.2  Kx=PSK     Au=PSK    Enc=AESGCM(128)  Mac=AEAD

Leave a Reply

Your email address will not be published. Required fields are marked *