Fix minor inconsistency in description of cipher categories

A longer while back the section ~ "Testing standard ciphers" was
renamed to "Testing cipher categories". However the internal help
didn't reflect that.

This fixes that, including an addtion to the documentation.

Note: the help still lists "-s --std, --standard" as a cmd line
switch.
This commit is contained in:
Dirk 2021-09-08 08:46:47 +02:00
parent 8f20d11830
commit 739f45015f
4 changed files with 4 additions and 4 deletions

View File

@ -196,7 +196,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing
\fB\-E, \-\-cipher\-per\-proto\fR is similar to \fB\-e, \-\-each\-cipher\fR\. It checks each of the possible ciphers, here: per protocol\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. The output is sorted by security strength, it lists the encryption bits though\. \fB\-E, \-\-cipher\-per\-proto\fR is similar to \fB\-e, \-\-each\-cipher\fR\. It checks each of the possible ciphers, here: per protocol\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. The output is sorted by security strength, it lists the encryption bits though\.
. .
.P .P
\fB\-s, \-\-std, \-\-standard\fR tests certain lists of cipher suites by strength\. Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:) \fB\-s, \-\-std, \-\-standard\fR tests certain lists of cipher suites / cipher categories by strength\. Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:)
. .
.IP "\(bu" 4 .IP "\(bu" 4
\fBNULL encryption ciphers\fR: \'NULL:eNULL\' \fBNULL encryption ciphers\fR: \'NULL:eNULL\'

View File

@ -236,7 +236,7 @@ containing files with a .pem extension, a single file or multiple files as a com
<p><code>-E, --cipher-per-proto</code> is similar to <code>-e, --each-cipher</code>. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add <code>--show-each</code>. The output is sorted by security strength, it lists the encryption bits though.</p> <p><code>-E, --cipher-per-proto</code> is similar to <code>-e, --each-cipher</code>. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add <code>--show-each</code>. The output is sorted by security strength, it lists the encryption bits though.</p>
<p><code>-s, --std, --standard</code> tests certain lists of cipher suites by strength. Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p> <p><code>-s, --std, --standard</code> tests certain lists of cipher suites / cipher catagories by strength. Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p>
<ul> <ul>
<li><code>NULL encryption ciphers</code>: 'NULL:eNULL'</li> <li><code>NULL encryption ciphers</code>: 'NULL:eNULL'</li>

View File

@ -161,7 +161,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
`-E, --cipher-per-proto` is similar to `-e, --each-cipher`. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add `--show-each`. The output is sorted by security strength, it lists the encryption bits though. `-E, --cipher-per-proto` is similar to `-e, --each-cipher`. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add `--show-each`. The output is sorted by security strength, it lists the encryption bits though.
`-s, --std, --standard` tests certain lists of cipher suites by strength. Those lists are (`openssl ciphers $LIST`, $LIST from below:) `-s, --std, --standard` tests certain lists of cipher suites / cipher catagories by strength. Those lists are (`openssl ciphers $LIST`, $LIST from below:)
* `NULL encryption ciphers`: 'NULL:eNULL' * `NULL encryption ciphers`: 'NULL:eNULL'
* `Anonymous NULL ciphers`: 'aNULL:ADH' * `Anonymous NULL ciphers`: 'aNULL:ADH'

View File

@ -19467,7 +19467,7 @@ help() {
single check as <options> ("$PROG_NAME URI" does everything except -E and -g): single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
-e, --each-cipher checks each local cipher remotely -e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol -E, --cipher-per-proto checks those per protocol
-s, --std, --standard tests certain lists of cipher suites by strength -s, --std, --standard tests standard cipher categories by strength
-f, --fs, --nsa checks forward secrecy settings -f, --fs, --nsa checks forward secrecy settings
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2) -p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
-g, --grease tests several server implementation bugs like GREASE and size limitations -g, --grease tests several server implementation bugs like GREASE and size limitations