Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 01:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add documentation for STARTTLS injection's cmd line flag

Browse Source 
and also the modified one for ROBOT
This commit is contained in:
Dirk Wetter
2020-09-02 18:23:11 +02:00
parent 4a167f6ac5
commit 35b79f65ee
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/testssl.1.md
View File

@ -229,7 +229,9 @@ Also for multiple server certificates are being checked for as well as for the c
`-T, --ticketbleed` Checks for Ticketbleed memory leakage in BigIP loadbalancers.
`-BB, --robot` Checks for vulnerability to ROBOT / (*Return Of Bleichenbacher's Oracle Threat*) attack.
`--BB, --robot` Checks for vulnerability to ROBOT / (*Return Of Bleichenbacher's Oracle Threat*) attack.
`--SI, --starttls-injection` Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only). `socat` and OpenSSL >=1.1.0 is needed.
`-R, --renegotiation` Tests renegotiation vulnerabilities. Currently there's a check for *Secure Renegotiation* and for *Secure Client-Initiated Renegotiation*. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP). A check for *Insecure Client-Initiated Renegotiation* is not yet implemented.