mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-31 22:09:44 +01:00
Merge branch 'master' of github.com:drwetter/testssl.sh
This commit is contained in:
commit
a0582d70e1
@ -1,6 +1,8 @@
|
|||||||
|
|
||||||
|
|
||||||
**Note: new, improved binaries (1.0.2i, compiled from a snapshot from Peter Mosman's fork: https://github.com/drwetter/openssl) will come soon. Have a look @ https://testssl.sh/**
|
**Note: Further new improved binaries (1.0.2i, compiled from a snapshot from Peter Mosman's fork: https://github.com/drwetter/openssl) will be uploaded soon.**
|
||||||
|
|
||||||
|
**Probably we discontinue the rarely used ones at github as it is not very approrpriate. Main site for binaries see https://testssl.sh/**
|
||||||
|
|
||||||
|
|
||||||
Binaries
|
Binaries
|
||||||
@ -21,16 +23,13 @@ everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
|
|||||||
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
|
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
|
||||||
features needed for testing. OTOH they also come with extended support
|
features needed for testing. OTOH they also come with extended support
|
||||||
for new / advanced cipher suites and/or features which are not in the
|
for new / advanced cipher suites and/or features which are not in the
|
||||||
official branch like CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
|
official branch like (old version of the) CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
|
||||||
|
|
||||||
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
|
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
|
||||||
from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch,
|
from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch,
|
||||||
Peter!
|
Peter!
|
||||||
|
|
||||||
Compiled Linux binaries so far come from Dirk, other contributors see ../CREDITS.md .
|
Compiled Linux and FreeBSD binaries so far come from Dirk, other contributors see ../CREDITS.md .
|
||||||
|
|
||||||
**__New binaries inluding IPv6 support are @ https://testssl.sh__**. The ones here will be
|
|
||||||
updated soon.
|
|
||||||
|
|
||||||
|
|
||||||
Compiling and Usage Instructions
|
Compiling and Usage Instructions
|
||||||
@ -93,8 +92,7 @@ If you want to compile OpenSSL yourself, here are the instructions:
|
|||||||
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
|
||||||
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE
|
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE
|
||||||
|
|
||||||
(IPv6 would need additionally ``-DOPENSSL_USE_IPV6`` and the patch from ``fedora-dirk-ipv6.diff``
|
IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff``. This doesn't give you the option of an IPv6 enabled proxy yet. It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as later on you can tell them apart by``openssl version -a``.
|
||||||
-- this doesn't give you the option of an IPv6 enabled proxy -- yet.)
|
|
||||||
|
|
||||||
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
||||||
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
|
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
|
||||||
@ -111,10 +109,10 @@ If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit
|
|||||||
5.) make report (check whether it runs ok!)
|
5.) make report (check whether it runs ok!)
|
||||||
|
|
||||||
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
|
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
|
||||||
* 191(+4 GOST) ciphers -- including kerberos
|
* 193(+4 GOST) ciphers including kerberos
|
||||||
* 177(+4 GOST) ciphers without kerberos
|
* 177(+4 GOST) ciphers without kerberos
|
||||||
|
|
||||||
as opposed to 111/109 from Ubuntu or Opensuse.
|
as opposed to ~110 from Ubuntu or Opensuse.
|
||||||
|
|
||||||
**Never use these binaries for anything other than testing**
|
**Never use these binaries for anything other than testing**
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user