From 050a141a71f72c27bbc4c92b20a146d82e5f327e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 20 Jun 2026 14:59:08 +0000 Subject: [PATCH] Auto-generate docs from testssl.1.md [skip ci] --- doc/testssl.1 | 7 ++++++- doc/testssl.1.html | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 821a58b..f0a0a58 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -417,7 +417,8 @@ can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK. .PP \f[CR]\-\-phone\-out\f[R] Checking for revoked certificates via CRL and -OCSP is not done per default. +OCSP, as well as the HSTS preload list status via hstspreload.org, is +not done per default. This switch instructs testssl.sh to query external \(en in a sense of the current run \(en URIs. By using this switch you acknowledge that the check might have privacy @@ -603,6 +604,10 @@ by detection or by enforcing via \f[CR]\-\-assume\-http\f[R]. It tests several HTTP headers like .IP \(bu 2 HTTP Strict Transport Security (HSTS) +.RS 2 +.IP \(bu 2 +HSTS preload list status (when \f[CR]\-\-phone\-out\f[R] supplied) +.RE .IP \(bu 2 HTTP Public Key Pinning (HPKP) .IP \(bu 2 diff --git a/doc/testssl.1.html b/doc/testssl.1.html index 7cfcb82..347a120 100644 --- a/doc/testssl.1.html +++ b/doc/testssl.1.html @@ -396,7 +396,8 @@ evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK.

--phone-out Checking for revoked certificates - via CRL and OCSP is not done per default. This switch instructs + via CRL and OCSP, as well as the HSTS preload list status via + hstspreload.org, is not done per default. This switch instructs testssl.sh to query external – in a sense of the current run – URIs. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) @@ -548,7 +549,11 @@ --assume-http. It tests several HTTP headers like