Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Readme.md

Browse Source
This commit is contained in:
Dirk Wetter 2016-07-26 20:31:20 +02:00 committed by GitHub
parent 830bc0fb4f
commit 2e1e45fca0
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bin/Readme.md
View File

@ -23,16 +23,13 @@ everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
features needed for testing. OTOH they also come with extended support features needed for testing. OTOH they also come with extended support
for new / advanced cipher suites and/or features which are not in the for new / advanced cipher suites and/or features which are not in the
official branch like CHACHA20+POLY1305 and CAMELIA 256 bit ciphers. official branch like (old version of the) CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch, from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch,
Peter! Peter!
Compiled Linux binaries so far come from Dirk, other contributors see ../CREDITS.md . Compiled Linux and FreeBSD binaries so far come from Dirk, other contributors see ../CREDITS.md .
**__New binaries inluding IPv6 support are @ https://testssl.sh__**. The ones here will be
updated soon.
Compiling and Usage Instructions Compiling and Usage Instructions
@ -95,8 +92,7 @@ If you want to compile OpenSSL yourself, here are the instructions:
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE -static experimental-jpake -DOPENSSL_USE_BUILD_DATE
(IPv6 would need additionally ``-DOPENSSL_USE_IPV6`` and the patch from ``fedora-dirk-ipv6.diff`` IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff``. This doesn't give you the option of an IPv6 enabled proxy yet. It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as later on you can tell them apart by``openssl version -a``.
-- this doesn't give you the option of an IPv6 enabled proxy -- yet.)
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
@ -113,10 +109,10 @@ If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit
5.) make report (check whether it runs ok!) 5.) make report (check whether it runs ok!)
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me 6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
* 191(+4 GOST) ciphers -- including kerberos * 193(+4 GOST) ciphers including kerberos
* 177(+4 GOST) ciphers without kerberos * 177(+4 GOST) ciphers without kerberos
as opposed to 111/109 from Ubuntu or Opensuse. as opposed to ~110 from Ubuntu or Opensuse.
**Never use these binaries for anything other than testing** **Never use these binaries for anything other than testing**