Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-04 02:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

was 2x first

Browse Source
This commit is contained in:
Dirk Wetter
2025-07-02 17:36:33 +02:00
parent 6083938a47
commit 6de18d3a22
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/testssl.1
View File

@ -96,7 +96,7 @@ A typical internal conversion to testssl\.sh file format from nmap's grep(p)able
.P
\fB\-\-ssl\-native\fR Instead of using a mixture of bash sockets and a few openssl s_client connects, testssl\.sh uses the latter (almost) only\. This is faster but provides less accurate results, especially for the client simulation and for cipher support\. For all checks you will see a warning if testssl\.sh cannot tell if a particular check cannot be performed\. For some checks however you might end up getting false negatives without a warning\. Thus it is not recommended to use\. It should only be used if you prefer speed over accuracy or you know that your target has sufficient overlap with the protocols and cipher provided by your openssl binary\.
.P
\fB\-\-openssl <path_to_openssl>\fR testssl\.sh tries first very hard to find first the binary supplied (where the tree of testssl\.sh resides, from the directory where testssl\.sh has been started from, etc\.)\. If all that doesn't work it falls back to openssl supplied from the OS (\fB$PATH\fR)\. With this option you can point testssl\.sh to your binary of choice and override any internal magic to find the openssl binary\. (Environment preset via \fBOPENSSL=<path_to_openssl>\fR)\. Depending on your test parameters it could be faster to pick the OpenSSL version which has a bigger overlap in terms of ciphers and protocols with the target\. Also, when testing a modern server, OpenSSL 3\.X is faster than older OpenSSL versions, or on MacOS 18\. as opposed to the provided LibreSSL version\.
\fB\-\-openssl <path_to_openssl>\fR testssl\.sh tries first very hard to find the binary supplied (where the tree of testssl\.sh resides, from the directory where testssl\.sh has been started from, etc\.)\. If all that doesn't work it falls back to openssl supplied from the OS (\fB$PATH\fR)\. With this option you can point testssl\.sh to your binary of choice and override any internal magic to find the openssl binary\. (Environment preset via \fBOPENSSL=<path_to_openssl>\fR)\. Depending on your test parameters it could be faster to pick the OpenSSL version which has a bigger overlap in terms of ciphers and protocols with the target\. Also, when testing a modern server, OpenSSL 3\.X is faster than older OpenSSL versions, or on MacOS 18\. as opposed to the provided LibreSSL version\.
.SS "TUNING OPTIONS"
\fB\-\-bugs\fR does some workarounds for buggy servers like padding for old F5 devices\. The option is passed as \fB\-bug\fR to openssl when needed, see \fBs_client(1)\fR, environment preset via \fBBUGS="\-bugs"\fR (1x dash)\. For the socket part testssl\.sh has always workarounds in place to cope with broken server implementations\.
.P