Some improvements added. bash >= 3.2 is required

This commit is contained in:
Dirk 2018-02-19 11:55:12 +01:00
parent 5add07a798
commit 415f98b655

View File

@ -11,9 +11,9 @@ cryptographic flaws.
#### Key features #### Key features
* Clear output: you can tell easily whether anything is good or bad * Clear output: you can tell easily whether anything is good or bad
* Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and * Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD,
MSYS2/Cygwin out of the box: no need to install or configure something, OpenBSD (needs bash) and MSYS2/Cygwin out of the box: no need to install
no gems, CPAN, pip or the like. or to configure something. No gems, CPAN, pip or the like/
* Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not * Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not
only webservers at port 443 only webservers at port 443
* Toolbox: Several command line options help you to run YOUR test and * Toolbox: Several command line options help you to run YOUR test and
@ -32,29 +32,34 @@ You can download testssl.sh by cloning this git repository:
git clone --depth 1 https://github.com/drwetter/testssl.sh.git git clone --depth 1 https://github.com/drwetter/testssl.sh.git
Or help yourself downloading the ZIP archive https://github.com/drwetter/testssl.sh/archive/2.9dev.zip. Then ``testssl.sh --help`` will give you some help upfront. More help: see doc directory. Older sample runs are at https://testssl.sh/. Or help yourself downloading the ZIP archive
https://github.com/drwetter/testssl.sh/archive/2.9dev.zip. ``testssl.sh --help``
will give you some help upfront. More help: see doc directory with
man pages. Older sample runs are at https://testssl.sh/.
#### Status #### Status
Here in the _2.9dev branch you find the development version_ of the software Here in the _2.9dev branch you find the development version_ of the software
-- with new features and maybe some bugs -- albeit we try our best before -- with new features and maybe some bugs -- albeit we try our best before
committing to test changes. For the previous stable version please see committing to test changes. Be aware that we also change the output or command
[testssl.sh](https://testssl.sh/ "Go to the site with the stable version") line.
or download 2.8 from here. This project also release an interim release
[2.9.5](https://github.com/drwetter/testssl.sh/tree/2.9.5) which is For the previous stable version please see [testssl.sh](https://testssl.sh/
is the successor of 2.8 and stable enough for day-to-day work. "Go to the site with the stable version") or
download the interim release 2.9.5 from here [2.9.5](https://github.com/drwetter/testssl.sh/tree/2.9.5) which is is the
successor of 2.8 and stable for day-to-day work.
#### Compatibility #### Compatibility
testssl.sh is working on every Linux/BSD distribution out of the box. In 2.9dev most testssl.sh is working on every Linux/BSD distribution out of the box. Since 2.9dev
of the limitations of disabled features from the openssl client are gone due to bash-socket-based most of the limitations of disabled features from the openssl client are gone
checks. As a result you can also use e.g. LibreSSL. due to bash-socket-based checks. As a result you can also use e.g. LibreSSL.
testssl.sh also works on other unixoid system out of the box, supposed they have testssl.sh also works on other unixoid system out of the box, supposed they have
`/bin/bash` and standard tools like sed and awk installed. System V needs to have GNU `/bin/bash` >= version 3.2 and standard tools like sed and awk installed.
grep installed. MacOS X and Windows (using MSYS2 or cygwin) work too. OpenSSL System V needs to have GNU grep installed. MacOS X and Windows (using MSYS2 or
version version >= 1.0.2 is recommended for better LOGJAM checks and to cygwin) work too. OpenSSL version version >= 1.0.2 is recommended for better
display bit strengths for key exchanges. LOGJAM checks and to display bit strengths for key exchanges.
Update notification here or @ [twitter](https://twitter.com/drwetter). Update notification here or @ [twitter](https://twitter.com/drwetter).
@ -86,12 +91,19 @@ Update notification here or @ [twitter](https://twitter.com/drwetter).
* TLS Robustness check (GREASE) * TLS Robustness check (GREASE)
* Postgres und MySQL STARTTLS support, MongoDB support * Postgres und MySQL STARTTLS support, MongoDB support
* Decodes BIG IP F5 Cookie * Decodes BIG IP F5 Cookie
* Better OpenBSD, better LibreSSL support * Fully OpenBSD and LibreSSL support
* Missing SAN warning * Missing SAN warning
* Man page * Man page
* Better error msg suppression (not fully installed OpenSSL) * Better error msg suppression (not fully installed OpenSSL)
* DNS over Proxy and other proxy improvements * DNS over Proxy and other proxy improvements
* TLS 1.3 support * Better JSON output: renamed IDs and findings shorter/better parsable
* JSON output now valid also for non-responsing servers
* Added support for private CAs
* Exit code now 0 for running without error
* ROBOT check
* Better extension support
* Better OpenSSL 1.1.1 support
* Supports latest and greatest version of TLS 1.3, shows drafts supported
#### Further features planned in 2.9dev #### Further features planned in 2.9dev