mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
updated
This commit is contained in:
parent
7e729d26cd
commit
556d637069
@ -1,13 +1,27 @@
|
|||||||
|
|
||||||
|
|
||||||
**Note: Further new improved binaries (1.0.2i, compiled from a snapshot from Peter Mosman's fork: https://github.com/drwetter/openssl) will be uploaded soon.**
|
|
||||||
|
|
||||||
**Probably we discontinue the rarely used ones at github as it is not very approrpriate. Main site for binaries see https://testssl.sh/**
|
|
||||||
|
|
||||||
|
|
||||||
Binaries
|
Binaries
|
||||||
========
|
========
|
||||||
|
|
||||||
|
All the precompiled binaries provided here have extended support for
|
||||||
|
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
|
||||||
|
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
|
||||||
|
features needed for testing. OTOH they also come with extended support
|
||||||
|
for new / advanced cipher suites and/or features which are not in the
|
||||||
|
official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
|
||||||
|
They also have IPv6 support, see below.
|
||||||
|
|
||||||
|
The (stripped) binaries this directory are all compiled from my openssl
|
||||||
|
snapshot (https://github.com/drwetter/openssl) from Peter Mosman's openssl
|
||||||
|
fork (https://github.com/PeterMosmans/openssl). Thx a bunch, Peter!
|
||||||
|
|
||||||
|
Compiled Linux and FreeBSD binaries so far come from Dirk, other
|
||||||
|
contributors see ../CREDITS.md .
|
||||||
|
|
||||||
|
**We discontinued the not commonly used binaries** (ARM7l, Darwin.i386) **at github as it
|
||||||
|
is not very approrpriate to use github especially for those. Main site for
|
||||||
|
binaries see https://testssl.sh/openssl-1.0.2i-chacha.pm.ipv6.contributed/ and
|
||||||
|
https://testssl.sh/openssl-1.0.2i-chacha.pm.ipv6.Linux+FreeBSD.tar.gz**
|
||||||
|
|
||||||
The binaries here have the naming scheme ``openssl.$(uname).$(uname -m)``
|
The binaries here have the naming scheme ``openssl.$(uname).$(uname -m)``
|
||||||
and will be picked up from testssl.sh if you run testssl.sh directly
|
and will be picked up from testssl.sh if you run testssl.sh directly
|
||||||
off the git directory. Otherwise you need ``testssl.sh`` to point to it
|
off the git directory. Otherwise you need ``testssl.sh`` to point to it
|
||||||
@ -18,19 +32,6 @@ The Linux binaries with the trailing ``-krb5`` come with Kerberos 5 support,
|
|||||||
they won't be picked up automatically as you need to make sure first they
|
they won't be picked up automatically as you need to make sure first they
|
||||||
run (see libraries below).
|
run (see libraries below).
|
||||||
|
|
||||||
All the precompiled binaries provided here have extended support for
|
|
||||||
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
|
|
||||||
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
|
|
||||||
features needed for testing. OTOH they also come with extended support
|
|
||||||
for new / advanced cipher suites and/or features which are not in the
|
|
||||||
official branch like (old version of the) CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
|
|
||||||
|
|
||||||
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
|
|
||||||
from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch,
|
|
||||||
Peter!
|
|
||||||
|
|
||||||
Compiled Linux and FreeBSD binaries so far come from Dirk, other contributors see ../CREDITS.md .
|
|
||||||
|
|
||||||
|
|
||||||
Compiling and Usage Instructions
|
Compiling and Usage Instructions
|
||||||
================================
|
================================
|
||||||
@ -62,6 +63,12 @@ If you want to compile OpenSSL yourself, here are the instructions:
|
|||||||
git clone https://github.com/PeterMosmans/openssl
|
git clone https://github.com/PeterMosmans/openssl
|
||||||
cd openssl
|
cd openssl
|
||||||
|
|
||||||
|
or use my repo:
|
||||||
|
|
||||||
|
git clone https://github.com/drwetter/openssl
|
||||||
|
cd openssl
|
||||||
|
|
||||||
|
|
||||||
2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh)
|
2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh)
|
||||||
|
|
||||||
**for 64Bit including Kerberos ciphers:**
|
**for 64Bit including Kerberos ciphers:**
|
||||||
@ -92,7 +99,10 @@ If you want to compile OpenSSL yourself, here are the instructions:
|
|||||||
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
||||||
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE
|
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE
|
||||||
|
|
||||||
IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff``. This doesn't give you the option of an IPv6 enabled proxy yet. It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as later on you can tell them apart by``openssl version -a``.
|
IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff`` (included already
|
||||||
|
in my branch). This doesn't give you the option of an IPv6 enabled proxy yet.
|
||||||
|
It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as
|
||||||
|
later on you can tell them apart by``openssl version -a``.
|
||||||
|
|
||||||
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
||||||
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
|
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
|
||||||
@ -110,7 +120,7 @@ If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit
|
|||||||
|
|
||||||
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
|
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
|
||||||
* 193(+4 GOST) ciphers including kerberos
|
* 193(+4 GOST) ciphers including kerberos
|
||||||
* 177(+4 GOST) ciphers without kerberos
|
* 179(+4 GOST) ciphers without kerberos
|
||||||
|
|
||||||
as opposed to ~110 from Ubuntu or Opensuse.
|
as opposed to ~110 from Ubuntu or Opensuse.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user