Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-04-04 16:54:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

overlooked this typo before

Browse Source
This commit is contained in:
Dirk Wetter 2025-03-07 13:44:06 +01:00
parent a144ea9379
commit 33ffd6ac75
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
FAQs/index.md
View File

@ -16,4 +16,4 @@ This is a collection of frequently asked questions which should help to answer s
* I believe I spotted a false positive as testssl.sh complained about a finding \<XYZ\> but my OpenSSL command `openssl s_client -connect <host:port> <MoreParameters> </dev/null` showed no connection.
* First of all modern operating systems have disabled some insecure features. You can temporarily re-enable those by using `openssl s_client -connect <host:port> -cipher 'DEFAULT@SECLEVEL=0' <MoreParameters> </dev/null `. Or use the (by testssl.sh project) supplied OpenSSL-bad version like `OPENSSL_CONF='' ./bin/openssl.Linux.x86_64 s_client -connect <host:port> -cipher 'DEFAULT@SECLEVEL=0 <MoreParameters>' </dev/null`.
* There is other bad crypto though which you can't test this way, e.g. modern OS supply OpenSSL binaries which have [SSLv2 and SSLv3 disabled in the source code or at least when compiling](https://docs.openssl.org/3.3/man7/ossl-guide-tls-introduction/#what-is-tls) which you can't re-enable during runtime. OTOH the supplied OpenSSL-bad version from our project has this and more enabled but doesn't support TLS 1.3 or modern elliptic curves.
* To amend any lack of capabilties of any OpenSSL version testssl.sh is picking up we're using bash sockets ([random picked example](https://www.xmodulo.com/tcp-udp-socket-bash-shell.html)).
* To amend any lack of capabilities of any OpenSSL version testssl.sh is picking up we're using bash sockets ([random picked example](https://www.xmodulo.com/tcp-udp-socket-bash-shell.html)).