Merge remote-tracking branch 'drwetter/2.9dev' into 2.9dev

This commit is contained in:
AlGreed 2016-11-23 09:51:27 +01:00
commit 490818e931
4 changed files with 743 additions and 217 deletions

View File

@ -27,10 +27,19 @@
- Detection + output of multiple certificates
- several cleanups of server certificate related stuff
- several fixes
- improved parsing of TLS ServerHello messages
- speed improvements when testing all ciphers
- completing parsing of TLS ServerHello messages
- testssl.sh -e: testing with a mixture of openssl + sockets
- finding more TLS extensions via sockets
- extensive CN <--> hostname check
- seperate check for curves
- RFC 7919, key shares extension
* Thomas Patzke:
- Support of supplying timeout value for openssl connect
* Oleksandr Nosenko
- non-flat JSON support
- in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level
- Christoph Badura
- NetBSD fixes

View File

@ -50,9 +50,12 @@ Update notification here or @ [twitter](https://twitter.com/drwetter).
#### Features implemented in [2.9dev](Readme.md#devel)
* Support of supplying timeout value for ``openssl connect`` -- useful for batch/mass scanning
* TLS 1.2 protocol check via socket
* Further TLS socket improvements (Handshake parsing, robustness)
* Further TLS socket improvements (handshake parsing, completeness, robustness)
* non-flat JSON support
* in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level (only above supplied level there will be output)
* testing 359 default ciphers (``testssl.sh -e``) with a mixture of sockets and openssl. Same speed as with openssl only but addtional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
* finding more TLS extensions via sockets
* TLS Supported Groups Registry (RFC 7919), key shares extension
#### Features planned in 2.9dev

View File

@ -327,8 +327,8 @@
0x00,0x26 - EXP-KRB5-DES-CBC-SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export
0x00,0x2A - EXP-KRB5-RC2-CBC-MD5 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export
0x00,0x29 - EXP-KRB5-DES-CBC-MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export
0x00,0x0B - - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(40) Mac=SHA1 export
0x00,0x0E - - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(40) Mac=SHA1 export
0x00,0x0B - EXP-DH-DSS-DES-CBC-SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(40) Mac=SHA1 export
0x00,0x0E - EXP-DH-RSA-DES-CBC-SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(40) Mac=SHA1 export
0x00,0x17 - EXP-ADH-RC4-MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
0x00,0x03 - EXP-RC4-MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
0x02,0x00,0x80 - EXP-RC4-MD5 SSL_CK_RC4_128_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

File diff suppressed because it is too large Load Diff