Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-06 03:52:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update client simulation for 3.0

Browse Source 
see #2169, #2168

Added:
* Safari for macOS
* Java 17 LTS
* OpenSSL 3.0.3
* Android 11 and 12
* Go client (1.17)
* Firefox 100, Chrome and Edge 101 using Win10
* Thunderbird 91.9
* AppleMail
* LibreSSL from MacOS

* disabled Java 12 and Safari on OS X 10.12
* disabled Android < 6.0

* documention update how to add a client simulation
* add curves-mapping.txt file
This commit is contained in:
Dirk Wetter
2022-05-31 17:08:40 +02:00
parent 2ca53116ca
commit 445d20c360
5 changed files with 957 additions and 384 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
etc/README.md
View File

@ -14,12 +14,12 @@ The certificate trust stores were retrieved from
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
--> "Category" --> "All Items"
Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.
If you want to check trust against e.g. a company internal CA you need to use ``./testssl.sh --add-ca companyCA1.pem,companyCA2.pem <further_cmds>`` or ``ADDITIONAL_CA_FILES=companyCA1.pem,companyCA2.pem ./testssl.sh <further_cmds>``.
If you want to check trust against e.g. a company internal CA you need to use ``./testssl.sh --add-ca companyCA1.pem,companyCA2.pem <further_cmds>`` or ``ADDTL_CA_FILES=companyCA1.pem,companyCA2.pem ./testssl.sh <further_cmds>``.
#### Further files
@ -28,6 +28,8 @@ If you want to check trust against e.g. a company internal CA you need to use ``
* ``cipher-mapping.txt`` contains information about all of the cipher suites defined for SSL/TLS
* ``curves-mapping.txt`` contains information about all of the elliptic curves defined by IANA
* ``ca_hashes.txt`` is used for HPKP test in order to have a fast comparison with known CAs. Use
``~/utils/create_ca_hashes.sh`` for an update