From dc8f7d9b9eb4102ab4d082e3b3d91686f6291cb1 Mon Sep 17 00:00:00 2001
From: Emmanuel Bouthenot <kolter@openics.org>
Date: Thu, 23 Dec 2021 22:53:36 +0100
Subject: [PATCH 01/33] Switch doc build process to pandoc using a Makefile

---
 doc/Makefile       |  14 +
 doc/template.html  |  47 ++++
 doc/testssl.1      | 600 ---------------------------------------
 doc/testssl.1.html | 685 ---------------------------------------------
 doc/testssl.1.md   |  49 ++--
 5 files changed, 92 insertions(+), 1303 deletions(-)
 create mode 100644 doc/Makefile
 create mode 100644 doc/template.html
 delete mode 100644 doc/testssl.1
 delete mode 100644 doc/testssl.1.html

diff --git a/doc/Makefile b/doc/Makefile
new file mode 100644
index 0000000..35f3f04
--- /dev/null
+++ b/doc/Makefile
@@ -0,0 +1,14 @@
+PANDOC = pandoc
+MANSECTION = 1
+NAME=testssl
+
+all: $(NAME).$(MANSECTION) $(NAME).$(MANSECTION).html
+
+clean:
+	rm -f $(NAME).$(MANSECTION) $(NAME).$(MANSECTION).html
+
+$(NAME).$(MANSECTION): $(NAME).$(MANSECTION).md
+	$(PANDOC) --standalone $(PANDOCFLAGS) --to man $(NAME).$(MANSECTION).md -o $@
+
+$(NAME).$(MANSECTION).html: template.html $(NAME).$(MANSECTION).md
+	$(PANDOC) --standalone $(PANDOCFLAGS) --to html5 --template template.html $(NAME).$(MANSECTION).md -o $@
diff --git a/doc/template.html b/doc/template.html
new file mode 100644
index 0000000..befacd5
--- /dev/null
+++ b/doc/template.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <title>$title$</title>
+        <style type='text/css' media='all'>
+            body {
+                margin: 0;
+                padding: 0 5ex;
+                font-size: 14px;
+                font-family: monospace;
+                text-align: justify;
+            }
+            h2, h3, h4, h5, h6 {
+                color: #030201;
+            }
+            h2 {
+                font-size: 16px;
+            }
+            h3 {
+                font-size: 15px;
+                margin-left: 4ex;
+            }
+            p, pre, ul, ol, dl {
+                margin-left: 8ex;
+            }
+            code {
+                font-weight: bold;
+                color:#131211;
+            }
+            li p {
+                margin-left: 0;
+            }
+            pre > code {
+                display: block;
+                padding: 0;
+                white-space: pre-line;
+            }
+            ul > li > ul, ul > li > ol {
+                margin-left: 0;
+            }
+        </style>
+    </head>
+    <body>
+        $body$
+    </body>
+</html>
diff --git a/doc/testssl.1 b/doc/testssl.1
deleted file mode 100644
index 34f8d3a..0000000
--- a/doc/testssl.1
+++ /dev/null
@@ -1,600 +0,0 @@
-.\" generated with Ronn-NG/v0.9.1
-.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
-.TH "TESTSSL" "1" "December 2021" ""
-.SH "NAME"
-\fBtestssl\fR
-.SH "NAME"
-testssl\.sh \-\- check encryption of SSL/TLS servers
-.SH "SYNOPSIS"
-\fBtestssl\.sh [OPTIONS] <URI>\fR, \fBtestssl\.sh [OPTIONS] \-\-file <FILE>\fR
-.P
-or
-.P
-\fBtestssl\.sh [BANNER OPTIONS]\fR
-.SH "DESCRIPTION"
-testssl\.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as cryptographic flaws and much more\.
-.P
-The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad\. The (screen) output has several sections in which classes of checks are being performed\. To ease readability on the screen it aligns and indents the output properly\.
-.P
-Only you see the result\. You also can use it internally on your LAN\. Except DNS lookups or unless you instruct testssl\.sh to check for revocation of certificates it doesn't use any other hosts or even third parties for any test\.
-.SH "REQUIREMENTS"
-Testssl\.sh is out of the box portable: it runs under any Unix\-like stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux, Cygwin and MSYS2\. \fBbash\fR is a prerequisite, also version 3 is still supported\. Standard utilities like awk, sed, tr and head are also needed\. This can be of a BSD, System 5 or GNU flavor whereas grep from System V is not yet supported\.
-.P
-Any OpenSSL or LibreSSL version is needed as a helper\. Unlike previous versions of testssl\.sh almost every check is done via (TCP) sockets\. In addition statically linked OpenSSL binaries for major operating systems are supplied in \fB\./bin/\fR\.
-.SH "GENERAL"
-\fBtestssl\.sh URI\fR as the default invocation does the so\-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen\. It does every check listed below except \fB\-E\fR which are (order of appearance):
-.P
-0) displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup\. Last but not least a service check is being done\.
-.P
-1) SSL/TLS protocol check
-.P
-2) standard cipher categories
-.P
-3) server's cipher preferences (server order?)
-.P
-4) forward secrecy: ciphers and elliptical curves
-.P
-5) server defaults (certificate info, TLS extensions, session information)
-.P
-6) HTTP header (if HTTP detected or being forced via \fB\-\-assume\-http\fR)
-.P
-7) vulnerabilities
-.P
-8) testing each of 370 preconfigured ciphers
-.P
-8) client simulation
-.P
-9) rating
-.SH "OPTIONS AND PARAMETERS"
-Options are either short or long options\. Any long or short option requiring a value can be called with or without an equal sign\. E\.g\. \fBtestssl\.sh \-t=smtp \-\-wide \-\-openssl=/usr/bin/openssl <URI>\fR (short options with equal sign) is equivalent to \fBtestssl\.sh \-\-starttls smtp \-\-wide \-\-openssl /usr/bin/openssl <URI>\fR (long option without equal sign)\. Some command line options can also be preset via ENV variables\. \fBWIDE=true OPENSSL=/usr/bin/openssl testssl\.sh \-\-starttls=smtp <URI>\fR would be the equivalent to the aforementioned examples\. Preference has the command line over any environment variables\.
-.P
-\fB<URI>\fR or \fB\-\-file <FILE>\fR always needs to be the last parameter\.
-.SS "BANNER OPTIONS (standalone)"
-\fB\-\-help\fR (or no arg) displays command line help
-.P
-\fB\-b, \-\-banner\fR displays testssl\.sh banner, including license, usage conditions, version of testssl\.sh, detected openssl version, its path to it, # of ciphers of openssl, its build date and the architecture\.
-.P
-\fB\-v, \-\-version\fR same as before
-.P
-\fB\-V [pattern], \-\-local [pattern]\fR pretty print all local ciphers supported by openssl version\. If a pattern is supplied it performs a match (ignore case) on any of the strings supplied in the wide output, see below\. The pattern will be searched in the any of the columns: hexcode, cipher suite name (OpenSSL or IANA), key exchange, encryption, bits\. It does a word pattern match for non\-numbers, for number just a normal match applies\. Numbers here are defined as [0\-9,A\-F]\. This means (attention: catch) that the pattern CBC is matched as non\-word, but AES as word\. This option also accepts \fB\-\-openssl=<path_to_openssl>\fR\.
-.SS "INPUT PARAMETERS"
-\fBURI\fR can be a hostname, an IPv4 or IPv6 address (restriction see below) or an URL\. IPv6 addresses need to be in square brackets\. For any given parameter port 443 is assumed unless specified by appending a colon and a port number\. The only preceding protocol specifier allowed is \fBhttps\fR\. You need to be aware that checks for an IP address might not hit the vhost you want\. DNS resolution (A/AAAA record) is being performed unless you have an \fB/etc/hosts\fR entry for the hostname\.
-.P
-\fB\-\-file <fname>\fR or the equivalent \fB\-iL <fname>\fR are mass testing options\. Per default it implicitly turns on \fB\-\-warnings batch\fR\. In its first incarnation the mass testing option reads command lines from \fBfname\fR\. \fBfname\fR consists of command lines of testssl, one line per instance\. Comments after \fB#\fR are ignored, \fBEOF\fR signals the end of fname any subsequent lines will be ignored too\. You can also supply additional options which will be inherited to each child, e\.g\. When invoking \fBtestssl\.sh \-\-wide \-\-log \-\-file <fname>\fR \. Each single line in \fBfname\fR is parsed upon execution\. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer\. In parallel mode the mileage varies, likely a line won't be scanned\.
-.P
-Alternatively \fBfname\fR can be in \fBnmap\fR's grep(p)able output format (\fB\-oG\fR)\. Only open ports will be considered\. Multiple ports per line are allowed\. The ports can be different and will be tested by testssl\.sh according to common practice in the internet, i\.e\. if nmap shows in its output an open port 25, automatically \fB\-t smtp\fR will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront\. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl\.sh\.
-.P
-Nmap's output always returns IP addresses and only if there's a PTR DNS record available a hostname\. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl\.sh does this automatically for you\. If the A record of the hostname matches the IP address, the hostname is used and not the IP address\. Please keep in mind that checks against an IP address might not hit the vhost you maybe were aiming at and thus it may lead to different results\.
-.P
-A typical internal conversion to testssl\.sh file format from nmap's grep(p)able format could look like:
-.P
-\fB10\.10\.12\.16:443 10\.10\.12\.16:1443 \-t smtp host\.example\.com:25 host\.example\.com:443 host\.example\.com:631 \-t ftp 10\.10\.12\.11:21 10\.10\.12\.11:8443\fR Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won't be accepted\. Instead of the command line switch the environment variable FNAME will be honored too\.
-.P
-\fB\-\-mode <serial|parallel>\fR\. Mass testing to be done serial (default) or parallel (\fB\-\-parallel\fR is shortcut for the latter, \fB\-\-serial\fR is the opposite option)\. Per default mass testing is being run in serial mode, i\.e\. one line after the other is processed and invoked\. The variable \fBMASS_TESTING_MODE\fR can be defined to be either equal \fBserial\fR or \fBparallel\fR\.
-.P
-\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn't wait for a confirming keypress when a client\- or server\-side problem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
-.P
-\fB\-\-connect\-timeout <seconds>\fR This is useful for socket TCP connections to a node\. If the node does not complete a TCP handshake (e\.g\. because it is down or behind a firewall or there's an IDS or a tarpit) testssl\.sh may usually hang for around 2 minutes or even much more\. This parameter instructs testssl\.sh to wait at most \fBseconds\fR for the handshake to complete before giving up\. This option only works if your OS has a timeout binary installed\. CONNECT_TIMEOUT is the corresponding environment variable\.
-.P
-\fB\-\-openssl\-timeout <seconds>\fR This is especially useful for all connects using openssl and practically useful for mass testing\. It avoids the openssl connect to hang for ~2 minutes\. The expected parameter \fBseconds\fR instructs testssl\.sh to wait before the openssl connect will be terminated\. The option is only available if your OS has a timeout binary installed\. As there are different implementations of \fBtimeout\fR: It automatically calls the binary with the right parameters\. OPENSSL_TIMEOUT is the equivalent environment variable\.
-.P
-\fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\.
-.P
-\fB\-\-reqheader <header>\fR This can be used to add additional HTTP request headers in the correct format \fBHeadername: headercontent\fR\. This parameter can be called multiple times if required\. For example: \fB\-\-reqheader 'Proxy\-Authorization: Basic dGVzdHNzbDpydWxlcw==' \-\-reqheader 'ClientID: 0xDEADBEAF'\fR\. REQHEADER is the corresponding environment variable\.
-.SS "SPECIAL INVOCATIONS"
-\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\.
-.P
-\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
-.P
-\fB\-\-mx <domain|host>\fR tests all MX records (STARTTLS on port 25) from high to low priority, one after the other\.
-.P
-\fB\-\-ip <ip>\fR tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in \fB<URI>\fR\. IPv6 addresses need to be supplied in square brackets\. \fB\-\-ip=one\fR means: just test the first A record DNS returns (useful for multiple IPs)\. If \fB\-6\fR and \fB\-\-ip=one\fR was supplied an AAAA record will be picked if available\. The \fB\-\-ip\fR option might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit \fB/etc/hosts\fR or \fB/c/Windows/System32/drivers/etc/hosts\fR\. \fB\-\-ip=proxy\fR tries a DNS resolution via proxy\.
-.P
-\fB\-\-proxy <host>:<port>\fR does ANY check via the specified proxy\. \fB\-\-proxy=auto\fR inherits the proxy setting from the environment\. The hostname supplied will be resolved to the first A record\. In addition if you want lookups via proxy you can specify \fBDNS_VIA_PROXY=true\fR\. OCSP revocation checking (\fB\-S \-\-phone\-out\fR) is not supported by OpenSSL via proxy\. As supplying a proxy is an indicator for port 80 and 443 outgoing being blocked in your network an OCSP revocation check won't be performed\. However if \fBIGN_OCSP_PROXY=true\fR has been supplied it will be tried directly\. Authentication to the proxy is not supported\. Proxying via IPv6 addresses is not possible, no HTTPS or SOCKS proxy is supported\.
-.P
-\fB\-6\fR does (also) IPv6 checks\. Please note that testssl\.sh doesn't perform checks on an IPv6 address automatically, because of two reasons: testssl\.sh does no connectivity checks for IPv6 and it cannot determine reliably whether the OpenSSL binary you're using has IPv6 s_client support\. \fB\-6\fR assumes both is the case\. If both conditions are met and you in general prefer to test for IPv6 branches as well you can add \fBHAS_IPv6\fR to your shell environment\. Besides the OpenSSL binary supplied IPv6 is known to work with vanilla OpenSSL >= 1\.1\.0 and older versions >=1\.0\.2 in RHEL/CentOS/FC and Gentoo\.
-.P
-\fB\-\-ssl\-native\fR Instead of using a mixture of bash sockets and a few openssl s_client connects, testssl\.sh uses the latter (almost) only\. This is faster at the moment but provides less accurate results, especially for the client simulation and for cipher support\. For all checks you will see a warning if testssl\.sh cannot tell if a particular check cannot be performed\. For some checks however you might end up getting false negatives without a warning\. This option is only recommended if you prefer speed over accuracy or you know that your target has sufficient overlap with the protocols and cipher provided by your openssl binary\.
-.P
-\fB\-\-openssl <path_to_openssl>\fR testssl\.sh tries very hard to find automagically the binary supplied (where the tree of testssl\.sh resides, from the directory where testssl\.sh has been started from, etc\.)\. If all that doesn't work it falls back to openssl supplied from the OS (\fB$PATH\fR)\. With this option you can point testssl\.sh to your binary of choice and override any internal magic to find the openssl binary\. (Environment preset via \fBOPENSSL=<path_to_openssl>\fR)\.
-.SS "TUNING OPTIONS"
-\fB\-\-bugs\fR does some workarounds for buggy servers like padding for old F5 devices\. The option is passed as \fB\-bug\fR to openssl when needed, see \fBs_client(1)\fR, environment preset via \fBBUGS="\-bugs"\fR (1x dash)\. For the socket part testssl\.sh has always workarounds in place to cope with broken server implementations\.
-.P
-\fB\-\-assuming\-http\fR testssl\.sh normally does upfront an application protocol detection\. In cases where HTTP cannot be automatically detected you may want to use this option\. It enforces testssl\.sh not to skip HTTP specific tests (HTTP header) and to run a browser based client simulation\. Please note that sometimes also the severity depends on the application protocol, e\.g\. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server\.
-.P
-\fB\-n, \-\-nodns <min|none>\fR tells testssl\.sh which DNS lookups should be performed\. \fBmin\fR uses only forward DNS resolution (A and AAAA record or MX record) and skips CAA lookups and PTR records from the IP address back to a DNS name\. \fBnone\fR performs no DNS lookups at all\. For the latter you either have to supply the IP address as a target, to use \fB\-\-ip\fR or have the IP address in \fB/etc/hosts\fR\. The use of the switch is only useful if you either can't or are not willing to perform DNS lookups\. The latter can apply e\.g\. to some pentests\. In general this option could e\.g\. help you to avoid timeouts by DNS lookups\. \fBNODNS\fR is the environment variable for this\.
-.P
-\fB\-\-sneaky\fR For HTTP header checks testssl\.sh uses normally the server friendly HTTP user agent \fBTLS tester from ${URL}\fR\. With this option your traces are less verbose and a Firefox user agent is being used\. Be aware that it doesn't hide your activities\. That is just not possible (environment preset via \fBSNEAKY=true\fR)\.
-.P
-\fB\-\-user\-agent <user agent>\fR tells testssl\.sh to use the supplied HTTP user agent instead of the standard user agent \fBTLS tester from ${URL}\fR\.
-.P
-\fB\-\-ids\-friendly\fR is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS\. This switch skips tests for the following vulnerabilities: Heartbleed, CCS Injection, Ticketbleed and ROBOT\. The environment variable OFFENSIVE set to false will achieve the same result\. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK\.
-.P
-\fB\-\-phone\-out\fR Checking for revoked certificates via CRL and OCSP is not done per default\. This switch instructs testssl\.sh to query external \-\- in a sense of the current run \-\- URIs\. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl\.sh doesn't handle\. PHONE_OUT is the environment variable for this which needs to be set to true if you want this\.
-.P
-\fB\-\-add\-ca <CAfile>\fR enables you to add your own CA(s) in PEM format for trust chain checks\. \fBCAfile\fR can be a directory containing files with a \.pem extension, a single file or multiple files as a comma separated list of root CAs\. Internally they will be added during runtime to all CA stores\. This is (only) useful for internal hosts whose certificates are issued by internal CAs\. Alternatively ADDTL_CA_FILES is the environment variable for this\.
-.SS "SINGLE CHECK OPTIONS"
-Any single check switch supplied as an argument prevents testssl\.sh from doing a default run\. It just takes this and if supplied other options and runs them \- in the order they would also appear in the default run\.
-.P
-\fB\-e, \-\-each\-cipher\fR checks each of the (currently configured) 370 ciphers via openssl + sockets remotely on the server and reports back the result in wide mode\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. Per default it lists the following parameters: \fBhexcode\fR, \fBOpenSSL cipher suite name\fR, \fBkey exchange\fR, \fBencryption bits\fR, \fBIANA/RFC cipher suite name\fR\. Please note the \fB\-\-mapping\fR parameter changes what cipher suite names you will see here and at which position\. Also please note that the \fBbit\fR length for the encryption is shown and not the \fBsecurity\fR length, albeit it'll be sorted by the latter\. For 3DES due to the Meet\-in\-the\-Middle problem the bit size of 168 bits is equivalent to the security size of 112 bits\.
-.P
-\fB\-E, \-\-cipher\-per\-proto\fR is similar to \fB\-e, \-\-each\-cipher\fR\. It checks each of the possible ciphers, here: per protocol\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. The output is sorted by security strength, it lists the encryption bits though\.
-.P
-\fB\-s, \-\-std, \-\-categories\fR tests certain lists of cipher suites / cipher categories by strength\. (\fB\-\-standard\fR is deprecated\.) Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:)
-.IP "\[ci]" 4
-\fBNULL encryption ciphers\fR: 'NULL:eNULL'
-.IP "\[ci]" 4
-\fBAnonymous NULL ciphers\fR: 'aNULL:ADH'
-.IP "\[ci]" 4
-\fBExport ciphers\fR (w/o the preceding ones): 'EXPORT:!ADH:!NULL'
-.IP "\[ci]" 4
-\fBLOW\fR (64 Bit + DES ciphers, without EXPORT ciphers): 'LOW:DES:RC2:RC4:!ADH:!EXP:!NULL:!eNULL'
-.IP "\[ci]" 4
-\fB3DES + IDEA Ciphers\fR: '3DES:IDEA:!aNULL:!ADH'
-.IP "\[ci]" 4
-\fBAverage grade Ciphers\fR: 'HIGH:MEDIUM:AES:CAMELLIA:ARIA:!IDEA:!CHACHA20:!3DES:!RC2:!RC4:!AESCCM8:!AESCCM:!AESGCM:!ARIAGCM:!aNULL'
-.IP "\[ci]" 4
-\fBStrong grade Ciphers\fR (AEAD): 'AESGCM:CHACHA20:CamelliaGCM:AESCCM8:AESCCM'
-.IP "" 0
-.P
-\fB\-f, \-\-fs, \-\-nsa, \-\-forward\-secrecy\fR Checks robust forward secrecy key exchange\. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here\. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks\. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1\.2 and TLS 1\.3)\.
-.P
-\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 through TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (from 18 on) and final are supported and being tested for\.
-.P
-\fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there's not, it displays instead which ciphers from the server were picked with each protocol\.
-.P
-\fB\-S, \-\-server_defaults\fR displays information from the server hello(s):
-.IP "\[ci]" 4
-Available TLS extensions,
-.IP "\[ci]" 4
-TLS ticket + session ID information/capabilities,
-.IP "\[ci]" 4
-session resumption capabilities,
-.IP "\[ci]" 4
-Time skew relative to localhost (most server implementations return random values)\.
-.IP "\[ci]" 4
-Several certificate information
-.IP "\[ci]" 4
-signature algorithm,
-.IP "\[ci]" 4
-key size,
-.IP "\[ci]" 4
-key usage and extended key usage,
-.IP "\[ci]" 4
-fingerprints and serial
-.IP "\[ci]" 4
-Common Name (CN), Subject Alternative Name (SAN), Issuer,
-.IP "\[ci]" 4
-Trust via hostname + chain of trust against supplied certificates
-.IP "\[ci]" 4
-EV certificate detection
-.IP "\[ci]" 4
-experimental "eTLS" detection
-.IP "\[ci]" 4
-validity: start + end time, how many days to go (warning for certificate lifetime >=5 years)
-.IP "\[ci]" 4
-revocation info (CRL, OCSP, OCSP stapling + must staple)\. When \fB\-\-phone\-out\fR supplied it checks against the certificate issuer whether the host certificate has been revoked (plain OCSP, CRL)\.
-.IP "\[ci]" 4
-displaying DNS Certification Authority Authorization resource record
-.IP "\[ci]" 4
-Certificate Transparency info (if provided by server)\.
-.IP "" 0
-
-.IP "" 0
-.P
-For the trust chain check 5 certificate stores are provided\. If the test against one of the trust stores failed, the one is being identified and the reason for the failure is displayed \- in addition the ones which succeeded are displayed too\. You can configure your own CA via ADDTL_CA_FILES, see section \fBFILES\fR below\. If the server provides no matching record in Subject Alternative Name (SAN) but in Common Name (CN), it will be indicated as this is deprecated\. Also for multiple server certificates are being checked for as well as for the certificate reply to a non\-SNI (Server Name Indication) client hello to the IP address\. Regarding the TLS clock skew: it displays the time difference to the client\. Only a few TLS stacks nowadays still support this and return the local clock \fBgmt_unix_time\fR, e\.g\. IIS, openssl < 1\.0\.1f\. In addition to the HTTP date you could e\.g\. derive that there are different hosts where your TLS and your HTTP request ended \-\- if the time deltas differ significantly\.
-.P
-\fB\-x <pattern>, \-\-single\-cipher <pattern>\fR tests matched \fBpattern\fR of ciphers against a server\. Patterns are similar to \fB\-V pattern , \-\-local pattern\fR, see above about matching\.
-.P
-\fB\-h, \-\-header, \-\-headers\fR if the service is HTTP (either by detection or by enforcing via \fB\-\-assume\-http\fR\. It tests several HTTP headers like
-.IP "\[ci]" 4
-HTTP Strict Transport Security (HSTS)
-.IP "\[ci]" 4
-HTTP Public Key Pinning (HPKP)
-.IP "\[ci]" 4
-Server banner
-.IP "\[ci]" 4
-HTTP date+time
-.IP "\[ci]" 4
-Server banner like Linux or other Unix vendor headers
-.IP "\[ci]" 4
-Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc)
-.IP "\[ci]" 4
-Reverse proxy headers
-.IP "\[ci]" 4
-Web server modules
-.IP "\[ci]" 4
-IPv4 address in header
-.IP "\[ci]" 4
-Cookie (including Secure/HTTPOnly flags)
-.IP "\[ci]" 4
-Decodes BIG IP F5 non\-encrypted cookies
-.IP "\[ci]" 4
-Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\|\.\|\.\|\. , CSP headers)\. Nonsense is not yet detected here\.
-.IP "" 0
-.P
-\fB\-c, \-\-client\-simulation\fR This simulates a handshake with a number of standard clients so that you can figure out which client cannot or can connect to your site\. For the latter case the protocol, cipher and curve is displayed, also if there's Forward Secrecy\. testssl\.sh uses a handselected set of clients which are retrieved by the SSLlabs API\. The output is aligned in columns when combined with the \fB\-\-wide\fR option\. If you want the full nine yards of clients displayed use the environment variable ALL_CLIENTS\.
-.P
-\fB\-g, \-\-grease\fR checks several server implementation bugs like tolerance to size limitations and GREASE, see RFC 8701\. This check doesn't run per default\.
-.SS "VULNERABILITIES"
-\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
-.P
-\fB\-H, \-\-heartbleed\fR Checks for Heartbleed, a memory leakage in openssl\. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout\. The seconds to wait for a reply can be adjusted with \fBHEARTBLEED_MAX_WAITSOCK\fR\. 8 is the default\.
-.P
-\fB\-I, \-\-ccs, \-\-ccs\-injection\fR Checks for CCS Injection which is an openssl vulnerability\. Sometimes also here the check needs to wait for a reply\. The predefined timeout of 5 seconds can be changed with the environment variable \fBCCS_MAX_WAITSOCK\fR\.
-.P
-\fB\-T, \-\-ticketbleed\fR Checks for Ticketbleed memory leakage in BigIP loadbalancers\.
-.P
-\fB\-\-BB, \-\-robot\fR Checks for vulnerability to ROBOT / (\fIReturn Of Bleichenbacher's Oracle Threat\fR) attack\.
-.P
-\fB\-\-SI, \-\-starttls\-injection\fR Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only)\. \fBsocat\fR and OpenSSL >=1\.1\.0 is needed\.
-.P
-\fB\-R, \-\-renegotiation\fR Tests renegotiation vulnerabilities\. Currently there's a check for \fISecure Renegotiation\fR and for \fISecure Client\-Initiated Renegotiation\fR\. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP)\. A check for \fIInsecure Client\-Initiated Renegotiation\fR is not yet implemented\.
-.P
-\fB\-C, \-\-compression, \-\-crime\fR Checks for CRIME (\fICompression Ratio Info\-leak Made Easy\fR) vulnerability in TLS\. CRIME in SPDY is not yet being checked for\.
-.P
-\fB\-B, \-\-breach\fR Checks for BREACH (\fIBrowser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext\fR) vulnerability\. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``\-\-assume\-http`\. Please note that only the URL supplied (normally "/" ) is being tested\.
-.P
-\fB\-O, \-\-poodle\fR Tests for SSL POODLE (\fIPadding Oracle On Downgraded Legacy Encryption\fR) vulnerability\. It basically checks for the existence of CBC ciphers in SSLv3\.
-.P
-\fB\-Z, \-\-tls\-fallback\fR Checks TLS_FALLBACK_SCSV mitigation\. TLS_FALLBACK_SCSV is basically a ciphersuite appended to the Client Hello trying to prevent protocol downgrade attacks by a Man in the Middle\.
-.P
-\fB\-W, \-\-sweet32\fR Checks for vulnerability to SWEET32 by testing 64 bit block ciphers (3DES, RC2 and IDEA)\.
-.P
-\fB\-F, \-\-freak\fR Checks for FREAK vulnerability (\fIFactoring RSA Export Keys\fR) by testing for EXPORT RSA ciphers
-.P
-\fB\-D, \-\-drown\fR Checks for DROWN vulnerability (\fIDecrypting RSA with Obsolete and Weakened eNcryption\fR) by checking whether the SSL 2 protocol is available at the target\. Please note that if you use the same RSA certificate elsewhere you might be vulnerable too\. testssl\.sh doesn't check for this but provides a helpful link @ censys\.io which provides this service\.
-.P
-\fB\-J, \-\-logjam\fR Checks for LOGJAM vulnerability by checking for DH EXPORT ciphers\. It also checks for "common primes" which are preconfigured DH keys\. DH keys =< 1024 Bit will be penalized\. Also FFDHE groups (TLS 1\.2) will be displayed here\.
-.P
-\fB\-A, \-\-beast\fR Checks BEAST vulnerabilities in SSL 3 and TLS 1\.0 by testing the usage of CBC ciphers\.
-.P
-\fB\-L, \-\-lucky13\fR Checks for LUCKY13 vulnerability\. It checks for the presence of CBC ciphers in TLS versions 1\.0 \- 1\.2\.
-.P
-\fB\-WS, \-\-winshock\fR Checks for Winshock vulnerability\. It tests for the absence of a lot of ciphers, some TLS extensions and ec curves which were introduced later in Windows\. In the end the server banner is being looked at\.
-.P
-\fB\-4, \-\-rc4, \-\-appelbaum\fR Checks which RC4 stream ciphers are being offered\.
-.SS "OUTPUT OPTIONS"
-\fB\-q, \-\-quiet\fR Normally testssl\.sh displays a banner on stdout with several version information, usage rights and a warning\. This option suppresses it\. Please note that by choosing this option you acknowledge usage terms and the warning normally appearing in the banner\.
-.P
-\fB\-\-wide\fR Except the "each cipher output" all tests displays the single cipher name (scheme see below)\. This option enables testssl\.sh to display also for the following sections the same output as for testing each ciphers: BEAST, FS, RC4\. The client simulation has also a wide mode\. The difference here is restricted to a column aligned output and a proper headline\. The environment variable \fBWIDE\fR can be used instead\.
-.P
-\fB\-\-mapping <openssl|iana|no\-openssl|no\-iana>\fR
-.IP "\[ci]" 4
-\fBopenssl\fR: use the OpenSSL cipher suite name as the primary name cipher suite name form (default),
-.IP "\[ci]" 4
-\fBiana\fR: use the IANA cipher suite name as the primary name cipher suite name form\.
-.IP "\[ci]" 4
-\fBno\-openssl\fR: don't display the OpenSSL cipher suite name, display IANA names only\.
-.IP "\[ci]" 4
-\fBno\-iana\fR: don't display the IANA cipher suite name, display OpenSSL names only\.
-.IP "" 0
-.P
-Please note that in testssl\.sh 3\.0 you can still use \fBrfc\fR instead of \fBiana\fR and \fBno\-rfc\fR instead of \fBno\-iana\fR but it'll disappear after 3\.0\.
-.P
-\fB\-\-show\-each\fR This is an option for all wide modes only: it displays all ciphers tested \-\- not only succeeded ones\. \fBSHOW_EACH_C\fR is your friend if you prefer to set this via the shell environment\.
-.P
-\fB\-\-color <0|1|2|3>\fR determines the use of colors on the screen and in the log file: \fB2\fR is the default and makes use of ANSI and termcap escape codes on your terminal\. \fB1\fR just uses non\-colored mark\-up like bold, italics, underline, reverse\. \fB0\fR means no mark\-up at all = no escape codes\. This is also what you want when you want a log file without any escape codes\. \fB3\fR will color ciphers and EC according to an internal (not yet perfect) rating\. Setting the environment variable \fBCOLOR\fR to the value achieves the same result\. Please not that OpenBSD and early FreeBSD do not support italics\.
-.P
-\fB\-\-colorblind\fR Swaps green and blue colors in the output, so that this percentage of folks (up to 8% of males, see https://en\.wikipedia\.org/wiki/Color_blindness) can distinguish those findings better\. \fBCOLORBLIND\fR is the according variable if you want to set this in the environment\.
-.P
-\fB\-\-debug <0\-6>\fR This gives you additional output on the screen (2\-6), only useful for debugging\. \fBDEBUG\fR is the according environment variable which you can use\. There are six levels (0 is the default, thus it has no effect):
-.IP "1." 4
-screen output normal but leaves useful debug output in \fB/tmp/testssl\.XXXXXX/\fR \. The info about the exact directory is included in the screen output in the end of the run\.
-.IP "2." 4
-lists more what's going on, status (high level) and connection errors, a few general debug output
-.IP "3." 4
-even slightly more info: hexdumps + other info
-.IP "4." 4
-display bytes sent via sockets
-.IP "5." 4
-display bytes received via sockets
-.IP "6." 4
-whole 9 yards
-.IP "" 0
-.P
-\fB\-\-disable\-rating\fR disables rating\. Rating automatically gets disabled, to not give a wrong or misleading grade, when not all required functions are executed (e\.g when checking for a single vulnerabilities)\.
-.SS "FILE OUTPUT OPTIONS"
-\fB\-\-log, \-\-logging\fR Logs stdout also to \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.log\fR in current working directory of the shell\. Depending on the color output option (see above) the output file will contain color and other markup escape codes, unless you specify \fB\-\-color 0\fR too\. \fBcat\fR and \-\- if properly configured \fBless\fR \-\- will show the output properly formatted on your terminal\. The output shows a banner with the almost the same information as on the screen\. In addition it shows the command line of the testssl\.sh instance\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. You can override the width with the environment variable TERM_WIDTH\.
-.P
-\fB\-\-logfile <logfile>\fR or \fB\-oL <logfile>\fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fBlogfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.log\fR\. If \fBlogfile\fR is a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. You can override the width with the environment variable TERM_WIDTH\.
-.P
-\fB\-\-json\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\-pretty\fR flat \-\- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The output doesn't contain a banner or a footer\.
-.P
-\fB\-\-jsonfile <jsonfile>\fR or \fB\-oj <jsonfile>\fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fBjsonfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\. If\fRjsonfile` is a file it will use that file name, an absolute path is also permitted here\.
-.P
-\fB\-\-json\-pretty\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json in the current working directory of the shell\. The resulting JSON file is opposed to\fR\-\-json` non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time\. Then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The footer lists the scan time in seconds\.
-.P
-\fB\-\-jsonfile\-pretty <jsonfile>\fR or \fB\-oJ <jsonfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
-.P
-\fB\-\-csv\fR Logs additionally to a CSV file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.csv\fR in the current working directory of the shell\. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity, the finding and for vulnerabilities a CVE and CWE number)\.
-.P
-\fB\-\-csvfile <csvfile>\fR or \fB\-oC <csvfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
-.P
-\fB\-\-html\fR Logs additionally to an HTML file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.html\fR in the current working directory of the shell\. It contains a 1:1 output of the console\. In former versions there was a non\-native option to use "aha" (Ansi HTML Adapter: github\.com/theZiz/aha) like \fBtestssl\.sh [options] <URI> | aha >output\.html\fR\. This is not necessary anymore\.
-.P
-\fB\-\-htmlfile <htmlfile>\fR or \fB\-oH <htmlfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
-.P
-\fB\-oA <filename>\fR / \fB\-\-outFile <filename>\fR Similar to nmap it does a file output to all available file formats: LOG, JSON pretty, CSV, HTML\. If the filename supplied is equal \fBauto\fR the filename is automatically generated using '${NODE}\-p${port}${YYYYMMDD\-HHMM}\.${EXT}' with the according extension\. If a directory is provided all output files will put into \fB<filename>/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.{log,json,csv,html}\fR\.
-.P
-\fB\-oa <filename>\fR / \fB\-\-outfile <filename>\fR Does the same as the previous option but uses flat JSON instead\.
-.P
-\fB\-\-hints\fR This option is not in use yet\. This option is meant to give hints how to fix a finding or at least a help to improve something\. GIVE_HINTS is the environment variable for this\.
-.P
-\fB\-\-severity <severity>\fR For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the \fBseverity\fR value specified\. Allowed are \fB<LOW|MEDIUM|HIGH|CRITICAL>\fR\. WARN is another level which translates to a client\-side scanning error or problem\. Thus you will always see them in a file if they occur\.
-.P
-\fB\-\-append\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will prompt you to manually remove the file and exit with an error\. \fB\-\-append\fR however will append to this file, without a header\. The environment variable APPEND does the same\. Be careful using this switch/variable\. A complementary option which overwrites an existing file doesn't exist per design\.
-.P
-\fB\-\-overwrite\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will not allow you to overwrite this file\. This option will do that \fBwithout any warning\fR\. The environment variable OVERWRITE does the same\. Be careful, you have been warned!
-.P
-\fB\-\-outprefix <fname_prefix>\fR Prepend output filename prefix \fIfname_prefix\fR before '${NODE}\-'\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB<fname_prefix>\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.<format>\fR when no file name of the respective output option was specified\. If you do not like the separator '\-' you can as well supply a \fB<fname_prefix>\fR ending in '\.', '_' or ','\. In this case or if you already supplied '\-' no additional '\-' will be appended to \fB<fname_prefix>\fR\.
-.P
-A few file output options can also be preset via environment variables\.
-.SS "COLOR RATINGS"
-Testssl\.sh makes use of (the eight) standard terminal colors\. The color scheme is as follows:
-.IP "\[ci]" 4
-light red: a critical finding
-.IP "\[ci]" 4
-red: a high finding
-.IP "\[ci]" 4
-brown: a medium finding
-.IP "\[ci]" 4
-yellow: a low finding
-.IP "\[ci]" 4
-green (blue if COLORBLIND is set): something which is either in general a good thing or a negative result of a check which otherwise results in a high finding
-.IP "\[ci]" 4
-light green (light blue if COLORBLIND is set) : something which is either in general a very good thing or a negative result of a check which otherwise results in a critical finding
-.IP "\[ci]" 4
-no color at places where also a finding can be expected: a finding on an info level
-.IP "\[ci]" 4
-cyan: currently only used for \fB\-\-show\-each\fR or an additional hint
-.IP "\[ci]" 4
-magenta: signals a warning condition, e\.g\. either a local lack of capabilities on the client side or another problem
-.IP "\[ci]" 4
-light magenta: a fatal error which either requires strict consent from the user to continue or a condition which leaves no other choice for testssl\.sh to quit
-.IP "" 0
-.P
-What is labeled as "light" above appears as such on the screen but is technically speaking "bold"\. Besides \fB\-\-color=3\fR will color ciphers according to an internal and rough rating\.
-.P
-Markup (without any color) is used in the following manner:
-.IP "\[ci]" 4
-bold: for the name of the test
-.IP "\[ci]" 4
-underline + bold: for the headline of each test section
-.IP "\[ci]" 4
-underline: for a sub\-headline
-.IP "\[ci]" 4
-italics: for strings just reflecting a value read from the server
-.IP "" 0
-.SS "TUNING via ENV variables and more options"
-Except the environment variables mentioned above which can replace command line options here a some which cannot be set otherwise\. Variables used for tuning are preset with reasonable values\. \fIThere should be no reason to change them\fR unless you use testssl\.sh under special conditions\.
-.IP "\[ci]" 4
-TERM_WIDTH is a variable which overrides the auto\-determined terminal width size\. Setting this variable normally only makes sense if you log the output to a file using the \fB\-\-log\fR, \fB\-\-logfile\fR or \fB\-oL\fR option\.
-.IP "\[ci]" 4
-DEBUG_ALLINONE / SETX: when setting one of those to true testssl\.sh falls back to the standard bash behavior, i\.e\. calling \fBbash \-x testssl\.sh\fR it displays the bash debugging output not in an external file \fB/tmp/testssl\-<XX>\.log\fR
-.IP "\[ci]" 4
-DEBUGTIME: Profiling option\. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in \fB/tmp/testssl\-<XX>\.time\fR\. They need to be concatenated by \fBpaste /tmp/testssl\-<XX>\.{time,log}\fR [comment]: # * FAST_SOCKET [comment]: # * SHOW_SIGALGO [comment]: # * FAST
-.IP "\[ci]" 4
-EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier\. In released versions this has no effect\.
-.IP "\[ci]" 4
-ALL_CLIENTS=true runs a client simulation with \fIall\fR (currently 126) clients when testing HTTP\.
-.IP "\[ci]" 4
-UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses
-.IP "\[ci]" 4
-NO_ENGINE: if you have problems with garbled output containing the word 'engine' you might want to set this to true\. It forces testssl\.sh not try to configure openssl's engine or a non existing one from libressl
-.IP "\[ci]" 4
-HEADER_MAXSLEEP: To wait how long before killing the process to retrieve a service banner / HTTP header
-.IP "\[ci]" 4
-MAX_WAITSOCK: It instructs testssl\.sh to wait until the specified time before declaring a socket connection dead\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
-.IP "\[ci]" 4
-CCS_MAX_WAITSOCK Is the similar to above but applies only to the CCS handshakes, for both of the two the two CCS payload\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
-.IP "\[ci]" 4
-HEARTBLEED_MAX_WAITSOCK Is the similar to MAX_WAITSOCK but applies only to the ServerHello after sending the Heartbleed payload\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
-.IP "\[ci]" 4
-MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false\.
-.IP "\[ci]" 4
-STARTTLS_SLEEP is per default set to 10 (seconds)\. That's the value testssl\.sh waits for a string in the STARTTLS handshake before giving up\.
-.IP "\[ci]" 4
-MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode\. The default value of 20 may be made larger on systems with faster processors\.
-.IP "\[ci]" 4
-MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete\. The default is 1200\. [comment]: # USLEEP_SND [comment]: # USLEEP_REC
-.IP "\[ci]" 4
-HSTS_MIN is preset to 179 (days)\. If you want warnings sooner or later for HTTP Strict Transport Security you can change this\.
-.IP "\[ci]" 4
-HPKP_MIN is preset to 30 (days)\. If you want warnings sooner or later for HTTP Public Key Pinning you can change this
-.IP "\[ci]" 4
-DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days)\. For Let's Encrypt this value will be divided internally by 2\.
-.IP "\[ci]" 4
-DAYS2WARN2 is the second threshold when you'll be warning of a certificate expiration of a host, preset to 30 (days)\. For Let's Encrypt this value will be divided internally by 2\.
-.IP "\[ci]" 4
-TESTSSL_INSTALL_DIR is the derived installation directory of testssl\.sh\. Relatively to that the \fBbin\fR and mandatory \fBetc\fR directory will be looked for\.
-.IP "\[ci]" 4
-CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl\.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl\.sh will use\. Please note that it overrides completely the builtin path of testssl\.sh which means that you will only test against the bundles you point to\. Also you might want to use \fB~/utils/create_ca_hashes\.sh\fR to create the hashes for HPKP\.
-.IP "\[ci]" 4
-MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fIFatal error: repeated openssl s_client connect problem, doesn't make sense to continue\fR\.
-.IP "\[ci]" 4
-MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fIFatal error: repeated TCP connect problems, giving up\fR\.
-.IP "\[ci]" 4
-MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\. Also here you can increase the threshold when you spot messages like \fIFatal error: repeated HTTP header connect problems, doesn't make sense to continue\fR\.
-.IP "" 0
-.SS "RATING"
-This program has a near\-complete implementation of SSL Labs's 'SSL Server Rating Guide \fIhttps://github\.com/ssllabs/research/wiki/SSL\-Server\-Rating\-Guide\fR'\.
-.P
-This is \fInot\fR a 100% reimplementation of the SSL Lab's SSL Server Test \fIhttps://www\.ssllabs\.com/ssltest/analyze\.html\fR, but an implementation of the above rating specification, slight discrepancies may occur\. Please note that for now we stick to the SSL Labs rating as good as possible\. We are not responsible for their rating\. Before filing issues please inspect their Rating Guide\.
-.P
-Disclaimer: Having a good grade is \fBNOT\fR necessarily equal to having good security! Don't start a competition for the best grade, at least not without monitoring the client handshakes and not without adding a portion of good sense to it\. Please note STARTTLS always results in a grade cap to T\. Anything else would lead to a false sense of security \- at least until we test for DANE or MTA\-STS\.
-.P
-As of writing, these checks are missing: * GOLDENDOODLE \- should be graded \fBF\fR if vulnerable * Insecure renegotiation \- should be graded \fBF\fR if vulnerable * Padding oracle in AES\-NI CBC MAC check (CVE\-2016\-2107) \- should be graded \fBF\fR if vulnerable * Sleeping POODLE \- should be graded \fBF\fR if vulnerable * Zero Length Padding Oracle (CVE\-2019\-1559) \- should be graded \fBF\fR if vulnerable * Zombie POODLE \- should be graded \fBF\fR if vulnerable * All remaining old Symantec PKI certificates are distrusted \- should be graded \fBT\fR * Symantec certificates issued before June 2016 are distrusted \- should be graded \fBT\fR * Anonymous key exchange \- should give \fB0\fR points in \fBset_key_str_score()\fR * Exportable key exchange \- should give \fB40\fR points in \fBset_key_str_score()\fR * Weak key (Debian OpenSSL Flaw) \- should give \fB0\fR points in \fBset_key_str_score()\fR
-.P
-To implement a new grading cap, simply call the \fBset_grade_cap()\fR function, with the grade and a reason: \fBbash set_grade_cap "D" "Vulnerable to documentation"\fR To implement a new grade warning, simply call the \fBset_grade_warning()\fR function, with a message: \fBbash set_grade_warning "Documentation is always right"\fR #### Implementing a new check which contains grade caps When implementing a new check (be it vulnerability or not) that sets grade caps, the \fBset_rating_state()\fR has to be updated (i\.e\. the \fB$do_mycheck\fR variable\-name has to be added to the loop, and \fB$nr_enabled\fR if\-statement has to be incremented)
-.P
-The \fBset_rating_state()\fR automatically disables rating, if all the required checks are \fInot\fR enabled\. This is to prevent giving out a misleading or wrong grade\.
-.P
-When a new revision of the rating specification comes around, the following has to be done: * New grade caps has to be either: 1\. Added to the script wherever relevant, or 2\. Added to the above list of missing checks (if above is not possible) * New grade warnings has to be added wherever relevant * The revision output in \fBrun_rating()\fR function has to updated
-.SH "EXAMPLES"
-.nf
-  testssl\.sh testssl\.sh
-.fi
-.P
-does a default run on https://testssl\.sh (protocols, standard cipher lists, server's cipher preferences, forward secrecy, server defaults, vulnerabilities, client simulation, and rating\.
-.IP "" 4
-.nf
-  testssl\.sh testssl\.net:443
-.fi
-.IP "" 0
-.P
-does the same default run as above with the subtle difference that testssl\.net has two IPv4 addresses\. Both are tested\.
-.IP "" 4
-.nf
-  testssl\.sh \-\-ip=one \-\-wide https://testssl\.net:443
-.fi
-.IP "" 0
-.P
-does the same checks as above, with the difference that one IP address is being picked randomly\. Displayed is everything where possible in wide format\.
-.IP "" 4
-.nf
-  testssl\.sh \-6 https://testssl\.net
-.fi
-.IP "" 0
-.P
-As opposed to the first example it also tests the IPv6 part \-\- supposed you have an IPv6 network and your openssl supports IPv6 (see above)\.
-.IP "" 4
-.nf
-  testssl\.sh \-t smtp smtp\.gmail\.com:25
-.fi
-.IP "" 0
-.P
-Checks are done via a STARTTLS handshake on the plain text port 25\. It checks every IP on smtp\.gmail\.com\.
-.IP "" 4
-.nf
-    testssl\.sh \-\-starttls=imap imap\.gmx\.net:143
-.fi
-.IP "" 0
-.P
-does the same on the plain text IMAP port\.
-.P
-Please note that for plain TLS\-encrypted ports you must not specify the protocol option when no STARTTLS handshake is offered: \fBtestssl\.sh smtp\.gmail\.com:465\fR just checks the encryption on the SMTPS port, \fBtestssl\.sh imap\.gmx\.net:993\fR on the IMAPS port\. Also MongoDB which provides TLS support without STARTTLS can be tested directly\.
-.SH "RFCs and other standards"
-.IP "\[ci]" 4
-RFC 2246: The TLS Protocol Version 1\.0
-.IP "\[ci]" 4
-RFC 2818: HTTP Over TLS
-.IP "\[ci]" 4
-RFC 2595: Using TLS with IMAP, POP3 and ACAP
-.IP "\[ci]" 4
-RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
-.IP "\[ci]" 4
-RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL \- VERSION 4rev1
-.IP "\[ci]" 4
-RFC 4346: The Transport Layer Security (TLS) Protocol Version 1\.1
-.IP "\[ci]" 4
-RFC 4366: Transport Layer Security (TLS) Extensions
-.IP "\[ci]" 4
-RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
-.IP "\[ci]" 4
-RFC 5077: Transport Layer Security (TLS) Session Resumption
-.IP "\[ci]" 4
-RFC 5246: The Transport Layer Security (TLS) Protocol Version 1\.2
-.IP "\[ci]" 4
-RFC 5280: Internet X\.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
-.IP "\[ci]" 4
-RFC 5321: Simple Mail Transfer Protocol
-.IP "\[ci]" 4
-RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
-.IP "\[ci]" 4
-RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
-.IP "\[ci]" 4
-RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3\.0
-.IP "\[ci]" 4
-RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core
-.IP "\[ci]" 4
-RFC 6125: Domain\-Based Application Service Identity [\.\.]
-.IP "\[ci]" 4
-RFC 6797: HTTP Strict Transport Security (HSTS)
-.IP "\[ci]" 4
-RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension
-.IP "\[ci]" 4
-RFC 7469: Public Key Pinning Extension for HTTP (HPKP)
-.IP "\[ci]" 4
-RFC 7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks
-.IP "\[ci]" 4
-RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
-.IP "\[ci]" 4
-RFC 7633: X\.509v3 Transport Layer Security (TLS) Feature Extension
-.IP "\[ci]" 4
-RFC 7465: Prohibiting RC4 Cipher Suites
-.IP "\[ci]" 4
-RFC 7685: A Transport Layer Security (TLS) ClientHello Padding Extension
-.IP "\[ci]" 4
-RFC 7905: ChaCha20\-Poly1305 Cipher Suites for Transport Layer Security (TLS)
-.IP "\[ci]" 4
-RFC 7919: Negotiated Finite Field Diffie\-Hellman Ephemeral Parameters for Transport Layer Security
-.IP "\[ci]" 4
-RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
-.IP "\[ci]" 4
-RFC 8446: The Transport Layer Security (TLS) Protocol Version 1\.3
-.IP "\[ci]" 4
-RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
-.IP "\[ci]" 4
-W3C CSP: Content Security Policy Level 1\-3
-.IP "\[ci]" 4
-TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1\.3
-.IP "" 0
-.SH "EXIT STATUS"
-.IP "\[ci]" 4
-0 testssl\.sh finished successfully without errors and without ambiguous results
-.IP "\[ci]" 4
-1 testssl\.sh has encountered exactly one ambiguous situation or an error during run
-.IP "\[ci]" 4
-1+n same as previous\. The errors or ambiguous results are added, also per IP\.
-.IP "\[ci]" 4
-50\-200 reserved for returning a vulnerability scoring for system monitoring or a CI tools
-.IP "\[ci]" 4
-242 (ERR_CHILD) Child received a signal from master
-.IP "\[ci]" 4
-244 (ERR_RESOURCE) Resources testssl\.sh needs couldn't be read
-.IP "\[ci]" 4
-245 (ERR_CLUELESS) Weird state, either though user options or testssl\.sh
-.IP "\[ci]" 4
-246 (ERR_CONNECT) Connectivity problem
-.IP "\[ci]" 4
-247 (ERR_DNSLOOKUP) Problem with resolving IP addresses or names
-.IP "\[ci]" 4
-248 (ERR_OTHERCLIENT) Other client problem
-.IP "\[ci]" 4
-249 (ERR_DNSBIN) Problem with DNS lookup binaries
-.IP "\[ci]" 4
-250 (ERR_OSSLBIN) Problem with OpenSSL binary
-.IP "\[ci]" 4
-251 (ERR_NOSUPPORT) Feature requested is not supported
-.IP "\[ci]" 4
-252 (ERR_FNAMEPARSE) Input file couldn't be parsed
-.IP "\[ci]" 4
-253 (ERR_FCREATE) Output file couldn't be created
-.IP "\[ci]" 4
-254 (ERR_CMDLINE) Cmd line couldn't be parsed
-.IP "\[ci]" 4
-255 (ERR_BASH) Bash version incorrect
-.IP "" 0
-.SH "FILES"
-\fBetc/*pem\fR are the certificate stores from Apple, Linux, Mozilla Firefox, Windows and Java\.
-.P
-\fBetc/client\-simulation\.txt\fR contains client simulation data\.
-.P
-\fBetc/cipher\-mapping\.txt\fR provides a mandatory file with mapping from OpenSSL cipher suites names to the ones from IANA / used in the RFCs\.
-.P
-\fBetc/tls_data\.txt\fR provides a mandatory file for ciphers (bash sockets) and key material\.
-.SH "AUTHORS"
-Developed by Dirk Wetter, David Cooper and many others, see CREDITS\.md \.
-.SH "COPYRIGHT"
-Copyright \(co 2012 Dirk Wetter\. License GPLv2: Free Software Foundation, Inc\. This is free software: you are free to change and redistribute it under the terms of the license, see LICENSE\.
-.P
-Attribution is important for the future of this project \- also in the internet\. Thus if you're offering a scanner based on testssl\.sh as a public and/or paid service in the internet you are strongly encouraged to mention to your audience that you're using this program and where to get this program from\. That helps us to get bugfixes, other feedback and more contributions\.
-.P
-Usage WITHOUT ANY WARRANTY\. USE at your OWN RISK!
-.SH "LIMITATION"
-All native Windows platforms emulating Linux are known to be slow\.
-.SH "BUGS"
-Probably\. Current known ones and interface for filing new ones: https://testssl\.sh/bugs/ \.
-.SH "SEE ALSO"
-\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/drwetter/testssl\.sh/ \.
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
deleted file mode 100644
index 23ce568..0000000
--- a/doc/testssl.1.html
+++ /dev/null
@@ -1,685 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta http-equiv='content-type' content='text/html;charset=utf8'>
-  <meta name='generator' content='Ronn-NG/v0.9.1 (http://github.com/apjanke/ronn-ng/tree/0.9.1)'>
-  <title>testssl(1)</title>
-  <style type='text/css' media='all'>
-  /* style: man */
-  body#manpage {margin:0}
-  .mp {padding:0 9ex 1ex 4ex}
-  .mp p,.mp pre,.mp ul,.mp ol,.mp dl {margin:0 0 20px 0}
-  .mp h2 {margin:10px 0 0 0}
-  .mp > p,.mp > pre,.mp > ul,.mp > ol,.mp > dl {margin-left:8ex}
-  .mp h3 {margin:0 0 0 4ex}
-  .mp dt {margin:0;clear:left}
-  .mp dt.flush {float:left;width:8ex}
-  .mp dd {margin:0 0 0 9ex}
-  .mp h1,.mp h2,.mp h3,.mp h4 {clear:left}
-  .mp pre {margin-bottom:20px}
-  .mp pre+h2,.mp pre+h3 {margin-top:22px}
-  .mp h2+pre,.mp h3+pre {margin-top:5px}
-  .mp img {display:block;margin:auto}
-  .mp h1.man-title {display:none}
-  .mp,.mp code,.mp pre,.mp tt,.mp kbd,.mp samp,.mp h3,.mp h4 {font-family:monospace;font-size:14px;line-height:1.42857142857143}
-  .mp h2 {font-size:16px;line-height:1.25}
-  .mp h1 {font-size:20px;line-height:2}
-  .mp {text-align:justify;background:#fff}
-  .mp,.mp code,.mp pre,.mp pre code,.mp tt,.mp kbd,.mp samp {color:#131211}
-  .mp h1,.mp h2,.mp h3,.mp h4 {color:#030201}
-  .mp u {text-decoration:underline}
-  .mp code,.mp strong,.mp b {font-weight:bold;color:#131211}
-  .mp em,.mp var {font-style:italic;color:#232221;text-decoration:none}
-  .mp a,.mp a:link,.mp a:hover,.mp a code,.mp a pre,.mp a tt,.mp a kbd,.mp a samp {color:#0000ff}
-  .mp b.man-ref {font-weight:normal;color:#434241}
-  .mp pre {padding:0 4ex}
-  .mp pre code {font-weight:normal;color:#434241}
-  .mp h2+pre,h3+pre {padding-left:0}
-  ol.man-decor,ol.man-decor li {margin:3px 0 10px 0;padding:0;float:left;width:33%;list-style-type:none;text-transform:uppercase;color:#999;letter-spacing:1px}
-  ol.man-decor {width:100%}
-  ol.man-decor li.tl {text-align:left}
-  ol.man-decor li.tc {text-align:center;letter-spacing:4px}
-  ol.man-decor li.tr {text-align:right;float:right}
-  </style>
-</head>
-<!--
-  The following styles are deprecated and will be removed at some point:
-  div#man, div#man ol.man, div#man ol.head, div#man ol.man.
-
-  The .man-page, .man-decor, .man-head, .man-foot, .man-title, and
-  .man-navigation should be used instead.
--->
-<body id='manpage'>
-  <div class='mp' id='man'>
-
-  <div class='man-navigation' style='display:none'>
-    <a href="#NAME">NAME</a>
-    <a href="#NAME">NAME</a>
-    <a href="#SYNOPSIS">SYNOPSIS</a>
-    <a href="#DESCRIPTION">DESCRIPTION</a>
-    <a href="#REQUIREMENTS">REQUIREMENTS</a>
-    <a href="#GENERAL">GENERAL</a>
-    <a href="#OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</a>
-    <a href="#EXAMPLES">EXAMPLES</a>
-    <a href="#RFCS-AND-OTHER-STANDARDS">RFCs and other standards</a>
-    <a href="#EXIT-STATUS">EXIT STATUS</a>
-    <a href="#FILES">FILES</a>
-    <a href="#AUTHORS">AUTHORS</a>
-    <a href="#COPYRIGHT">COPYRIGHT</a>
-    <a href="#LIMITATION">LIMITATION</a>
-    <a href="#BUGS">BUGS</a>
-    <a href="#SEE-ALSO">SEE ALSO</a>
-  </div>
-
-  <ol class='man-decor man-head man head'>
-    <li class='tl'>testssl(1)</li>
-    <li class='tc'></li>
-    <li class='tr'>testssl(1)</li>
-  </ol>
-
-  
-
-<h2 id="NAME">NAME</h2>
-<p class="man-name">
-  <code>testssl</code>
-</p>
-<h2 id="NAME">NAME</h2>
-<p>testssl.sh -- check encryption of SSL/TLS servers</p>
-
-<h2 id="SYNOPSIS">SYNOPSIS</h2>
-
-<p><code>testssl.sh [OPTIONS] &lt;URI&gt;</code>,   <code>testssl.sh [OPTIONS] --file &lt;FILE&gt;</code></p>
-
-<p>or</p>
-
-<p><code>testssl.sh [BANNER OPTIONS]</code></p>
-
-<h2 id="DESCRIPTION">DESCRIPTION</h2>
-
-<p>testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as cryptographic flaws and much more.</p>
-
-<p>The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad. The (screen) output has several sections in which classes of checks are being performed. To ease readability on the screen it aligns and indents the output properly.</p>
-
-<p>Only you see the result. You also can use it internally on your LAN. Except DNS lookups or unless you instruct testssl.sh to check for revocation of certificates it doesn't use any other hosts or even third parties for any test.</p>
-
-<h2 id="REQUIREMENTS">REQUIREMENTS</h2>
-
-<p>Testssl.sh is out of the box portable: it runs under any Unix-like
-stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux, Cygwin and MSYS2.
-<code>bash</code> is a prerequisite, also version 3 is still supported.
-Standard utilities like awk, sed, tr and head are also needed. This can be of a BSD,
-System 5 or GNU flavor whereas grep from System V is not yet supported.</p>
-
-<p>Any OpenSSL or LibreSSL version is needed as a helper. Unlike previous versions
-of testssl.sh almost every check is done via (TCP) sockets. In addition statically
-linked OpenSSL binaries for major operating systems are supplied in <code>./bin/</code>.</p>
-
-<h2 id="GENERAL">GENERAL</h2>
-
-<p><code>testssl.sh URI</code> as the default invocation does the so-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen. It does every check listed below except <code>-E</code> which are (order of appearance):</p>
-
-<p>0) displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup. Last but not least a service check is being done.</p>
-
-<p>1) SSL/TLS protocol check</p>
-
-<p>2) standard cipher categories</p>
-
-<p>3) server's cipher preferences (server order?)</p>
-
-<p>4) forward secrecy: ciphers and elliptical curves</p>
-
-<p>5) server defaults (certificate info, TLS extensions, session information)</p>
-
-<p>6) HTTP header (if HTTP detected or being forced via <code>--assume-http</code>)</p>
-
-<p>7) vulnerabilities</p>
-
-<p>8) testing each of 370 preconfigured ciphers</p>
-
-<p>8) client simulation</p>
-
-<p>9) rating</p>
-
-<h2 id="OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</h2>
-
-<p>Options are either short or long options. Any long or short option requiring a value can be called with or without an equal sign. E.g. <code>testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl &lt;URI&gt;</code> (short options with equal sign) is equivalent to <code>testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl &lt;URI&gt;</code> (long option without equal sign). Some command line options can also be preset via ENV variables. <code>WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls=smtp &lt;URI&gt;</code> would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables.</p>
-
-<p><code>&lt;URI&gt;</code> or <code>--file &lt;FILE&gt;</code> always needs to be the last parameter.</p>
-
-<h3 id="BANNER-OPTIONS-standalone-">BANNER OPTIONS (standalone)</h3>
-
-<p><code>--help</code> (or no arg) displays command line help</p>
-
-<p><code>-b, --banner</code>        displays testssl.sh banner, including license, usage conditions, version of testssl.sh, detected openssl version, its path to it, # of ciphers of openssl, its build date and the architecture.</p>
-
-<p><code>-v, --version</code>     same as before</p>
-
-<p><code>-V [pattern], --local [pattern]</code>  pretty print all local ciphers supported by openssl version. If a pattern is supplied it performs a match (ignore case) on any of the strings supplied in the wide output, see below. The pattern will be searched in the any of the columns: hexcode, cipher suite name (OpenSSL or IANA), key exchange, encryption, bits. It does a word pattern match for non-numbers, for number just a normal match applies. Numbers here are defined as [0-9,A-F]. This means (attention: catch) that the pattern CBC is matched as non-word, but AES as word. This option also accepts <code>--openssl=&lt;path_to_openssl&gt;</code>.</p>
-
-<h3 id="INPUT-PARAMETERS">INPUT PARAMETERS</h3>
-
-<p><code>URI</code> can be a hostname, an IPv4 or IPv6 address (restriction see below) or an URL. IPv6 addresses need to be in square brackets. For any given parameter port 443 is assumed unless specified by appending a colon and a port number. The only preceding protocol specifier allowed is <code>https</code>. You need to be aware that checks for an IP address might not hit the vhost you want. DNS resolution (A/AAAA record) is being performed unless you have an <code>/etc/hosts</code> entry for the hostname.</p>
-
-<p><code>--file &lt;fname&gt;</code> or the equivalent <code>-iL &lt;fname&gt;</code> are mass testing options. Per default it implicitly turns on <code>--warnings batch</code>. In its first incarnation the mass testing option reads command lines from <code>fname</code>. <code>fname</code> consists of command lines of testssl, one line per instance. Comments after <code>#</code> are ignored, <code>EOF</code> signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g.  When invoking <code>testssl.sh --wide --log --file &lt;fname&gt;</code> . Each single line in <code>fname</code> is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies, likely a line won't be scanned.</p>
-
-<p>Alternatively <code>fname</code> can be in <code>nmap</code>'s grep(p)able output format (<code>-oG</code>). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, i.e. if nmap shows in its output an open port 25, automatically <code>-t smtp</code> will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl.sh.</p>
-
-<p>Nmap's output always returns IP addresses and only if there's a PTR DNS record available a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this automatically for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Please keep in mind that checks against an IP address might not hit the vhost you maybe were aiming at and thus it may lead to different results.</p>
-
-<p>A typical internal conversion to testssl.sh file format from nmap's grep(p)able format could look like:</p>
-
-<p><code>
-10.10.12.16:443
-10.10.12.16:1443
--t smtp host.example.com:25
-host.example.com:443
-host.example.com:631
--t ftp 10.10.12.11:21
-10.10.12.11:8443
-</code>
-Please note that <code>fname</code> has to be in Unix format. DOS carriage returns won't be accepted. Instead of the command line switch the environment variable FNAME will be honored too.</p>
-
-<p><code>--mode &lt;serial|parallel&gt;</code>. Mass testing to be done serial (default) or parallel (<code>--parallel</code> is shortcut for the latter, <code>--serial</code> is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable <code>MASS_TESTING_MODE</code> can be defined to be either equal <code>serial</code> or <code>parallel</code>.</p>
-
-<p><code>--warnings &lt;batch|off&gt;</code>.  The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. <code>batch</code> doesn't wait for a confirming keypress when a client- or server-side problem is encountered. As of 3.0 it just then terminates the particular scan.  This is automatically chosen for mass testing (<code>--file</code>). <code>off</code> just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
-The same can be achieved by setting the environment variable <code>WARNINGS</code>.</p>
-
-<p><code>--connect-timeout &lt;seconds&gt;</code>  This is useful for socket TCP connections to a node. If the node does not complete a TCP handshake (e.g. because it is down or behind a firewall or there's an IDS or a tarpit) testssl.sh may usually hang for around 2 minutes or even much more. This parameter instructs testssl.sh to wait at most <code>seconds</code> for the handshake to complete before giving up. This option only works if your OS has a timeout binary installed. CONNECT_TIMEOUT is the corresponding environment variable.</p>
-
-<p><code>--openssl-timeout &lt;seconds&gt;</code> This is especially useful for all connects using openssl and practically useful for mass testing. It avoids the openssl connect to hang for ~2 minutes. The expected parameter <code>seconds</code> instructs testssl.sh to wait before the openssl connect will be terminated. The option is only available if your OS has a timeout binary installed. As there are different implementations of <code>timeout</code>: It automatically calls the binary with the right parameters. OPENSSL_TIMEOUT is the equivalent environment variable.</p>
-
-<p><code>--basicauth &lt;user:pass&gt;</code> This can be set to provide HTTP basic auth credentials which are used during checks for security headers. BASICAUTH is the ENV variable you can use instead.</p>
-
-<p><code>--reqheader &lt;header&gt;</code> This can be used to add additional HTTP request headers in the correct format <code>Headername: headercontent</code>. This parameter can be called multiple times if required. For example: <code>--reqheader 'Proxy-Authorization: Basic dGVzdHNzbDpydWxlcw==' --reqheader 'ClientID: 0xDEADBEAF'</code>. REQHEADER is the corresponding environment variable.</p>
-
-<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
-
-<p><code>-t &lt;protocol&gt;, --starttls &lt;protocol&gt;</code>    does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>,  <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
-
-<p><code>--xmpphost &lt;jabber_domain&gt;</code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
-
-<p><code>--mx &lt;domain|host&gt;</code> tests all MX records (STARTTLS on port 25) from high to low priority, one after the other.</p>
-
-<p><code>--ip &lt;ip&gt;</code> tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in <code>&lt;URI&gt;</code>. IPv6 addresses need to be supplied in square brackets. <code>--ip=one</code> means: just test the first A record DNS returns (useful for multiple IPs). If <code>-6</code> and  <code>--ip=one</code> was supplied an AAAA record will be picked if available. The <code>--ip</code> option might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit <code>/etc/hosts</code> or <code>/c/Windows/System32/drivers/etc/hosts</code>. <code>--ip=proxy</code> tries a DNS resolution via proxy.</p>
-
-<p><code>--proxy &lt;host&gt;:&lt;port&gt;</code>  does ANY check via the specified proxy. <code>--proxy=auto</code> inherits the proxy setting from the environment. The hostname supplied will be resolved to the first A record. In addition if you want lookups via proxy you can specify <code>DNS_VIA_PROXY=true</code>. OCSP revocation checking (<code>-S --phone-out</code>) is not supported by OpenSSL via proxy. As supplying a proxy is an indicator for port 80 and 443 outgoing being blocked in your network an OCSP revocation check won't be performed. However if <code>IGN_OCSP_PROXY=true</code> has been supplied it will be tried directly. Authentication to the proxy is not supported. Proxying via IPv6 addresses is not possible, no HTTPS or SOCKS proxy is supported.</p>
-
-<p><code>-6</code> does (also) IPv6 checks. Please note that testssl.sh doesn't perform checks on an IPv6 address automatically, because of two reasons: testssl.sh does no connectivity checks for IPv6 and it cannot determine reliably whether the OpenSSL binary you're using has IPv6 s_client support. <code>-6</code> assumes both is the case. If both conditions are met and you in general prefer to test for IPv6 branches as well you can add <code>HAS_IPv6</code> to your shell environment. Besides the OpenSSL binary supplied IPv6 is known to work with vanilla OpenSSL &gt;= 1.1.0 and older versions &gt;=1.0.2 in RHEL/CentOS/FC and Gentoo.</p>
-
-<p><code>--ssl-native</code>  Instead of using a mixture of bash sockets and a few openssl s_client connects, testssl.sh uses the latter (almost) only. This is faster at the moment but provides less accurate results, especially for the client simulation and for cipher support. For all checks you will see a warning if testssl.sh cannot tell if a particular check cannot be performed. For some checks however you might end up getting false negatives without a warning. This option is only recommended if you prefer speed over accuracy or you know that your target has sufficient overlap with the protocols and cipher provided by your openssl binary.</p>
-
-<p><code>--openssl &lt;path_to_openssl&gt;</code>           testssl.sh tries very hard to find automagically the binary supplied (where the tree of testssl.sh resides, from the directory where testssl.sh has been started from, etc.). If all that doesn't work it falls back to openssl supplied from the OS (<code>$PATH</code>). With this option you can point testssl.sh to your binary of choice and override any internal magic to find the openssl binary. (Environment preset via <code>OPENSSL=&lt;path_to_openssl&gt;</code>).</p>
-
-<h3 id="TUNING-OPTIONS">TUNING OPTIONS</h3>
-
-<p><code>--bugs</code>  does some workarounds for buggy servers like padding for old F5 devices. The option is passed as <code>-bug</code> to openssl when needed, see <code>s_client(1)</code>, environment preset via <code>BUGS="-bugs"</code> (1x dash). For the socket part testssl.sh has always workarounds in place to cope with broken server implementations.</p>
-
-<p><code>--assuming-http</code>  testssl.sh normally does upfront an application protocol detection. In cases where HTTP cannot be automatically detected you may want to use this option. It enforces testssl.sh not to skip HTTP specific tests (HTTP header) and to run a browser based client simulation. Please note that sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server.</p>
-
-<p><code>-n, --nodns &lt;min|none&gt;</code> tells testssl.sh which DNS lookups should be performed. <code>min</code> uses only forward DNS resolution (A and AAAA record or MX record) and skips CAA lookups and PTR records from the IP address back to a DNS name.  <code>none</code> performs no DNS lookups at all. For the latter you either have to supply the IP address as a target, to use <code>--ip</code> or have the IP address
-in <code>/etc/hosts</code>.  The use of the switch is only useful if you either can't or are not willing to perform DNS lookups. The latter can apply e.g. to some pentests. In general this option could e.g. help you to avoid timeouts by DNS lookups. <code>NODNS</code> is the environment variable for this.</p>
-
-<p><code>--sneaky</code> For HTTP header checks testssl.sh uses normally the server friendly HTTP user agent <code>TLS tester from ${URL}</code>. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via <code>SNEAKY=true</code>).</p>
-
-<p><code>--user-agent &lt;user agent&gt;</code> tells testssl.sh to use the supplied HTTP user agent instead of the standard user agent <code>TLS tester from ${URL}</code>.</p>
-
-<p><code>--ids-friendly</code> is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS. This switch skips tests for the following vulnerabilities: Heartbleed, CCS Injection, Ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK.</p>
-
-<p><code>--phone-out</code> Checking for revoked certificates via CRL and OCSP is not done per default. This switch instructs testssl.sh to query external -- in a sense of the current run -- URIs. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.</p>
-
-<p><code>--add-ca &lt;CAfile&gt;</code> enables you to add your own CA(s) in PEM format for trust chain checks. <code>CAfile</code> can be a directory containing files with a .pem extension, a single file or multiple files as a comma separated list of root CAs. Internally they will be added during runtime to all CA stores. This is (only) useful for internal hosts whose certificates are issued by internal CAs. Alternatively ADDTL_CA_FILES is the environment variable for this.</p>
-
-<h3 id="SINGLE-CHECK-OPTIONS">SINGLE CHECK OPTIONS</h3>
-
-<p>Any single check switch supplied as an argument prevents testssl.sh from doing a default run. It just takes this and if supplied other options and runs them - in the order they would also appear in the default run.</p>
-
-<p><code>-e, --each-cipher</code> checks each of the (currently configured) 370 ciphers via openssl + sockets remotely on the server and reports back the result in wide mode. If you want to display each cipher tested you need to add <code>--show-each</code>. Per default it lists the following parameters: <code>hexcode</code>, <code>OpenSSL cipher suite name</code>, <code>key exchange</code>, <code>encryption bits</code>, <code>IANA/RFC cipher suite name</code>. Please note the <code>--mapping</code> parameter changes what cipher suite names you will see here and at which position. Also please note that the <strong>bit</strong> length for the encryption is shown and not the <strong>security</strong> length, albeit it'll be sorted by the latter. For 3DES due to the Meet-in-the-Middle problem the bit size of 168 bits is equivalent to the security size of 112 bits.</p>
-
-<p><code>-E, --cipher-per-proto</code>  is similar to <code>-e, --each-cipher</code>. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add <code>--show-each</code>. The output is sorted by security strength, it lists the encryption bits though.</p>
-
-<p><code>-s, --std, --categories</code>   tests certain lists of cipher suites / cipher categories by strength. (<code>--standard</code> is deprecated.)  Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p>
-
-<ul>
-  <li>
-<code>NULL encryption ciphers</code>: 'NULL:eNULL'</li>
-  <li>
-<code>Anonymous NULL ciphers</code>: 'aNULL:ADH'</li>
-  <li>
-<code>Export ciphers</code> (w/o the preceding ones): 'EXPORT:!ADH:!NULL'</li>
-  <li>
-<code>LOW</code> (64 Bit + DES ciphers, without EXPORT ciphers): 'LOW:DES:RC2:RC4:!ADH:!EXP:!NULL:!eNULL'</li>
-  <li>
-<code>3DES + IDEA Ciphers</code>: '3DES:IDEA:!aNULL:!ADH'</li>
-  <li>
-<code>Average grade Ciphers</code>: 'HIGH:MEDIUM:AES:CAMELLIA:ARIA:!IDEA:!CHACHA20:!3DES:!RC2:!RC4:!AESCCM8:!AESCCM:!AESGCM:!ARIAGCM:!aNULL'</li>
-  <li>
-<code>Strong grade Ciphers</code> (AEAD): 'AESGCM:CHACHA20:CamelliaGCM:AESCCM8:AESCCM'</li>
-</ul>
-
-<p><code>-f, --fs, --nsa, --forward-secrecy</code> Checks robust forward secrecy key exchange. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1.2 and TLS 1.3).</p>
-
-<p><code>-p, --protocols</code>  checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 through TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (from 18 on) and final are supported and being tested for.</p>
-
-<p><code>-P, --preference</code>  displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol.</p>
-
-<p><code>-S, --server_defaults</code>  displays information from the server hello(s):</p>
-
-<ul>
-  <li>Available TLS extensions,</li>
-  <li>TLS ticket + session ID information/capabilities,</li>
-  <li>session resumption capabilities,</li>
-  <li>Time skew relative to localhost (most server implementations return random values).</li>
-  <li>Several certificate information
-    <ul>
-      <li>signature algorithm,</li>
-      <li>key size,</li>
-      <li>key usage and extended key usage,</li>
-      <li>fingerprints and serial</li>
-      <li>Common Name (CN), Subject Alternative Name (SAN), Issuer,</li>
-      <li>Trust via hostname + chain of trust against supplied certificates</li>
-      <li>EV certificate detection</li>
-      <li>experimental "eTLS" detection</li>
-      <li>validity: start + end time, how many days to go (warning for certificate lifetime &gt;=5 years)</li>
-      <li>revocation info (CRL, OCSP, OCSP stapling + must staple). When <code>--phone-out</code> supplied it checks against the certificate issuer whether the host certificate has been revoked (plain OCSP, CRL).</li>
-      <li>displaying DNS Certification Authority Authorization resource record</li>
-      <li>Certificate Transparency info (if provided by server).</li>
-    </ul>
-  </li>
-</ul>
-
-<p>For the trust chain check 5 certificate stores are provided. If the test against one of the trust stores failed, the one is being identified and the reason for the failure is displayed - in addition the ones which succeeded are displayed too.
-You can configure your own CA via ADDTL_CA_FILES, see section <code>FILES</code> below.  If the server provides no matching record in Subject Alternative Name (SAN) but in Common Name (CN), it will be indicated as this is deprecated.
-Also for multiple server certificates are being checked for as well as for the certificate reply to a non-SNI (Server Name Indication) client hello to the IP address. Regarding the TLS clock skew: it displays the time difference to the client. Only a few TLS stacks nowadays still support this and return the local clock <code>gmt_unix_time</code>, e.g. IIS, openssl &lt; 1.0.1f. In addition to the HTTP date you could e.g. derive that there are different hosts where your TLS and your HTTP request ended -- if the time deltas differ significantly.</p>
-
-<p><code>-x &lt;pattern&gt;, --single-cipher &lt;pattern&gt;</code> tests matched <code>pattern</code> of ciphers against a server. Patterns are similar to <code>-V pattern , --local pattern</code>, see above about matching.</p>
-
-<p><code>-h, --header, --headers</code>       if the service is HTTP (either by detection or by enforcing via <code>--assume-http</code>. It tests several HTTP headers like</p>
-
-<ul>
-  <li>HTTP Strict Transport Security (HSTS)</li>
-  <li>HTTP Public Key Pinning (HPKP)</li>
-  <li>Server banner</li>
-  <li>HTTP date+time</li>
-  <li>Server banner like Linux or other Unix vendor headers</li>
-  <li>Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc)</li>
-  <li>Reverse proxy headers</li>
-  <li>Web server modules</li>
-  <li>IPv4 address in header</li>
-  <li>Cookie (including Secure/HTTPOnly flags)</li>
-  <li>Decodes BIG IP F5 non-encrypted cookies</li>
-  <li>Security headers (X-Frame-Options, X-XSS-Protection, Expect-CT,... , CSP headers). Nonsense is not yet detected here.</li>
-</ul>
-
-<p><code>-c, --client-simulation</code>     This simulates a handshake with a number of standard clients so that you can figure out which client cannot or can connect to your site. For the latter case the protocol, cipher and curve is displayed, also if there's Forward Secrecy. testssl.sh uses a handselected set of clients which are retrieved by the SSLlabs API. The output is aligned in columns when combined with the <code>--wide</code> option. If you want the full nine yards of clients displayed use the environment variable ALL_CLIENTS.</p>
-
-<p><code>-g, --grease</code> checks several server implementation bugs like tolerance to size limitations and GREASE, see RFC 8701. This check doesn't run per default.</p>
-
-<h3 id="VULNERABILITIES">VULNERABILITIES</h3>
-
-<p><code>-U, --vulnerable, --vulnerabilities</code> Just tests all (of the following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p>
-
-<p><code>-H, --heartbleed</code>              Checks for Heartbleed, a memory leakage in openssl. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout. The seconds to wait for a reply can be adjusted with <code>HEARTBLEED_MAX_WAITSOCK</code>. 8 is the default.</p>
-
-<p><code>-I, --ccs, --ccs-injection</code>    Checks for CCS Injection which is an openssl vulnerability. Sometimes also here the check needs to wait for a reply. The predefined timeout of 5 seconds can be changed with the environment variable <code>CCS_MAX_WAITSOCK</code>.</p>
-
-<p><code>-T, --ticketbleed</code>             Checks for Ticketbleed memory leakage in BigIP loadbalancers.</p>
-
-<p><code>--BB, --robot</code>          Checks for vulnerability to ROBOT / (<em>Return Of Bleichenbacher's Oracle Threat</em>) attack.</p>
-
-<p><code>--SI, --starttls-injection</code>          Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only). <code>socat</code> and OpenSSL &gt;=1.1.0 is needed.</p>
-
-<p><code>-R, --renegotiation</code>           Tests renegotiation vulnerabilities. Currently there's a check for <em>Secure Renegotiation</em> and for <em>Secure Client-Initiated Renegotiation</em>. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP). A check for <em>Insecure Client-Initiated Renegotiation</em> is not yet implemented.</p>
-
-<p><code>-C, --compression, --crime</code>    Checks for CRIME (<em>Compression Ratio Info-leak Made Easy</em>) vulnerability in TLS. CRIME in SPDY is not yet being checked for.</p>
-
-<p><code>-B, --breach</code>                  Checks for BREACH (<em>Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext</em>) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.</p>
-
-<p><code>-O, --poodle</code>                  Tests for SSL POODLE (<em>Padding Oracle On Downgraded Legacy Encryption</em>) vulnerability. It basically checks for the existence of CBC ciphers in SSLv3.</p>
-
-<p><code>-Z, --tls-fallback</code>            Checks TLS_FALLBACK_SCSV mitigation. TLS_FALLBACK_SCSV is basically a ciphersuite appended to the Client Hello trying to prevent protocol downgrade attacks by a Man in the Middle.</p>
-
-<p><code>-W, --sweet32</code>                 Checks for vulnerability to SWEET32 by testing 64 bit block ciphers (3DES, RC2 and IDEA).</p>
-
-<p><code>-F, --freak</code>                   Checks for FREAK vulnerability (<em>Factoring RSA Export Keys</em>) by testing for EXPORT RSA ciphers</p>
-
-<p><code>-D, --drown</code>                   Checks for DROWN vulnerability (<em>Decrypting RSA with Obsolete and Weakened eNcryption</em>) by checking whether the SSL 2 protocol is available at the target. Please note that if you use the same RSA certificate elsewhere you might be vulnerable too. testssl.sh doesn't check for this but provides a helpful link @ censys.io which provides this service.</p>
-
-<p><code>-J, --logjam</code>                  Checks for LOGJAM vulnerability by checking for DH EXPORT ciphers. It also checks for "common primes" which are preconfigured DH keys. DH keys =&lt; 1024 Bit will be penalized. Also FFDHE groups (TLS 1.2) will be displayed here.</p>
-
-<p><code>-A, --beast</code>                   Checks BEAST vulnerabilities in SSL 3 and TLS 1.0 by testing the usage of CBC ciphers.</p>
-
-<p><code>-L, --lucky13</code>                 Checks for LUCKY13 vulnerability. It checks for the presence of CBC ciphers in TLS versions 1.0 - 1.2.</p>
-
-<p><code>-WS, --winshock</code>               Checks for Winshock vulnerability. It tests for the absence of a lot of ciphers, some TLS extensions and ec curves which were introduced later in Windows. In the end the server banner is being looked at.</p>
-
-<p><code>-4, --rc4, --appelbaum</code>        Checks which RC4 stream ciphers are being offered.</p>
-
-<h3 id="OUTPUT-OPTIONS">OUTPUT OPTIONS</h3>
-
-<p><code>-q, --quiet</code>  Normally testssl.sh displays a banner on stdout with several version information, usage rights and a warning. This option suppresses it. Please note that by choosing this option you acknowledge usage terms and the warning normally appearing in the banner.</p>
-
-<p><code>--wide</code> Except the "each cipher output" all tests displays the single cipher name (scheme see below). This option enables testssl.sh to display also for the following sections the same output as for testing each ciphers: BEAST, FS, RC4. The client simulation has also a wide mode. The difference here is restricted to a column aligned output and a proper headline. The environment variable <code>WIDE</code> can be used instead.</p>
-
-<p><code>--mapping &lt;openssl|iana|no-openssl|no-iana&gt;</code></p>
-
-<ul>
-  <li>
-<code>openssl</code>: use the OpenSSL cipher suite name as the primary name cipher suite name form (default),</li>
-  <li>
-<code>iana</code>: use the IANA cipher suite name as the primary name cipher suite name form.</li>
-  <li>
-<code>no-openssl</code>: don't display the OpenSSL cipher suite name, display IANA names only.</li>
-  <li>
-<code>no-iana</code>: don't display the IANA cipher suite name, display OpenSSL names only.</li>
-</ul>
-
-<p>Please note that in testssl.sh 3.0 you can still use <code>rfc</code> instead of <code>iana</code> and <code>no-rfc</code> instead of <code>no-iana</code> but it'll disappear after 3.0.</p>
-
-<p><code>--show-each</code> This is an option for all wide modes only: it displays all ciphers tested -- not only succeeded ones.  <code>SHOW_EACH_C</code> is your friend if you prefer to set this via the shell environment.</p>
-
-<p><code>--color &lt;0|1|2|3&gt;</code> determines the use of colors on the screen and in the log file: <code>2</code> is the default and makes use of ANSI and termcap escape codes on your terminal. <code>1</code> just uses non-colored mark-up like bold, italics, underline, reverse.  <code>0</code> means no mark-up at all = no escape codes. This is also what you want when you want a log file without any escape codes. <code>3</code> will color ciphers and EC according to an internal (not yet perfect) rating. Setting the environment variable <code>COLOR</code> to the value achieves the same result. Please not that OpenBSD and early FreeBSD do not support italics.</p>
-
-<p><code>--colorblind</code>                  Swaps green and blue colors in the output, so that this percentage of folks (up to 8% of males, see https://en.wikipedia.org/wiki/Color_blindness) can distinguish those findings better. <code>COLORBLIND</code> is the according variable if you want to set this in the environment.</p>
-
-<p><code>--debug &lt;0-6&gt;</code>                 This gives you additional output on the screen (2-6), only useful for debugging. <code>DEBUG</code> is the according environment variable which you can use. There are six levels (0 is the default, thus it has no effect):</p>
-
-<ol>
-  <li>screen output normal but leaves useful debug output in <strong>/tmp/testssl.XXXXXX/</strong> . The info about the exact directory is included in the screen output in the end of the run.</li>
-  <li>lists more what's going on, status (high level) and connection errors, a few general debug output</li>
-  <li>even slightly more info: hexdumps + other info</li>
-  <li>display bytes sent via sockets</li>
-  <li>display bytes received via sockets</li>
-  <li>whole 9 yards</li>
-</ol>
-
-<p><code>--disable-rating</code> disables rating.
-Rating automatically gets disabled, to not give a wrong or misleading grade, when not all required functions are executed (e.g when checking for a single vulnerabilities).</p>
-
-<h3 id="FILE-OUTPUT-OPTIONS">FILE OUTPUT OPTIONS</h3>
-
-<p><code>--log, --logging</code>      Logs stdout also to <code>${NODE}-p${port}${YYYYMMDD-HHMM}.log</code> in current working directory of the shell. Depending on the color output option (see above) the output file will contain color and other markup escape codes, unless you specify <code>--color 0</code> too. <code>cat</code> and -- if properly configured <code>less</code> -- will show the output properly formatted on your terminal. The output shows a banner with the almost the same information as on the screen. In addition it shows the command line of the testssl.sh instance. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. You can override the width with the environment variable TERM_WIDTH.</p>
-
-<p><code>--logfile &lt;logfile&gt;</code> or <code>-oL &lt;logfile&gt;</code>  Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If <code>logfile</code> is a directory the output will put into <code>logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.log</code>. If <code>logfile</code> is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. You can override the width with the environment variable TERM_WIDTH.</p>
-
-<p><code>--json</code>                Logs additionally to JSON file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.json</code> in the current working directory of the shell. The resulting JSON file is opposed to <code>--json-pretty</code> flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The output doesn't contain a banner or a footer.</p>
-
-<p><code>--jsonfile &lt;jsonfile&gt;</code> or <code>-oj &lt;jsonfile&gt;</code> Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If <code>jsonfile</code> is a directory the output will put into <code>logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If </code>jsonfile` is a file it will use that file name, an absolute path is also permitted here.</p>
-
-<p><code>--json-pretty</code> Logs additionally to JSON file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to </code>--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.</p>
-
-<p><code>--jsonfile-pretty &lt;jsonfile&gt;</code> or <code>-oJ &lt;jsonfile&gt;</code>  Similar to the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in pretty JSON format (see <code>--json-pretty</code>) into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
-
-<p><code>--csv</code>  Logs additionally to a CSV file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.csv</code> in the current working directory of the shell. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity, the finding and for vulnerabilities a CVE and CWE number).</p>
-
-<p><code>--csvfile &lt;csvfile&gt;</code> or <code>-oC &lt;csvfile&gt;</code> Similar to  the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in CSV format (see <code>--cvs</code>) additionally into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
-
-<p><code>--html</code> Logs additionally to an HTML file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.html</code> in the current working directory of the shell. It contains a 1:1 output of the console. In former versions there was a non-native option to use "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like <code>testssl.sh [options] &lt;URI&gt; | aha &gt;output.html</code>. This is not necessary anymore.</p>
-
-<p><code>--htmlfile &lt;htmlfile&gt;</code> or <code>-oH &lt;htmlfile&gt;</code>         Similar to  the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in HTML format (see <code>--html</code>) additionally into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
-
-<p><code>-oA &lt;filename&gt;</code> / <code>--outFile &lt;filename&gt;</code>    Similar to nmap it does a file output to all available file formats: LOG, JSON pretty, CSV, HTML. If the filename supplied is equal <code>auto</code> the filename is automatically generated using '${NODE}-p${port}${YYYYMMDD-HHMM}.${EXT}' with the according extension. If a directory is provided all output files will put into <code>&lt;filename&gt;/${NODE}-p${port}${YYYYMMDD-HHMM}.{log,json,csv,html}</code>.</p>
-
-<p><code>-oa &lt;filename&gt;</code> / <code>--outfile &lt;filename&gt;</code> Does the same as the previous option but uses flat JSON instead.</p>
-
-<p><code>--hints</code>  This option is not in use yet. This option is meant to give hints how to fix a finding or at least a help to improve something. GIVE_HINTS is the environment variable for this.</p>
-
-<p><code>--severity &lt;severity&gt;</code> For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the <code>severity</code> value specified. Allowed are <code>&lt;LOW|MEDIUM|HIGH|CRITICAL&gt;</code>. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur.</p>
-
-<p><code>--append</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file and exit with an error. <code>--append</code> however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design.</p>
-
-<p><code>--overwrite</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that <strong>without any warning</strong>. The environment variable OVERWRITE does the same. Be careful, you have been warned!</p>
-
-<p><code>--outprefix &lt;fname_prefix&gt;</code> Prepend output filename prefix <var>fname_prefix</var> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <code>&lt;fname_prefix&gt;-${NODE}-p${port}${YYYYMMDD-HHMM}.&lt;format&gt;</code> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <code>&lt;fname_prefix&gt;</code> ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <code>&lt;fname_prefix&gt;</code>.</p>
-
-<p>A few file output options can also be preset via environment variables.</p>
-
-<h3 id="COLOR-RATINGS">COLOR RATINGS</h3>
-
-<p>Testssl.sh makes use of (the eight) standard terminal colors. The color scheme is as follows:</p>
-
-<ul>
-  <li>light red: a critical finding</li>
-  <li>red: a high finding</li>
-  <li>brown: a medium finding</li>
-  <li>yellow: a low finding</li>
-  <li>green (blue if COLORBLIND is set): something which is either in general a good thing or a negative result of a check which otherwise results in a high finding</li>
-  <li>light green (light blue if COLORBLIND is set) : something which is either in general a very good thing or a negative result of a check which otherwise results in a critical finding</li>
-  <li>no color at places where also a finding can be expected: a finding on an info level</li>
-  <li>cyan: currently only used for <code>--show-each</code> or an additional hint</li>
-  <li>magenta: signals a warning condition, e.g. either a local lack of capabilities on the client side or another problem</li>
-  <li>light magenta: a fatal error which either requires strict consent from the user to continue or a condition which leaves no other choice for testssl.sh to quit</li>
-</ul>
-
-<p>What is labeled as "light" above appears as such on the screen but is technically speaking "bold". Besides <code>--color=3</code> will color ciphers according to an internal and rough rating.</p>
-
-<p>Markup (without any color) is used in the following manner:</p>
-
-<ul>
-  <li>bold: for the name of the test</li>
-  <li>underline + bold: for the headline of each test section</li>
-  <li>underline: for a sub-headline</li>
-  <li>italics: for strings just reflecting a value read from the server</li>
-</ul>
-
-<h3 id="TUNING-via-ENV-variables-and-more-options">TUNING via ENV variables and more options</h3>
-
-<p>Except the environment variables mentioned above which can replace command line options here a some which cannot be set otherwise. Variables used for tuning are preset with reasonable values. <em>There should be no reason to change them</em> unless you use testssl.sh under special conditions.</p>
-
-<ul>
-  <li>TERM_WIDTH is a variable which overrides the auto-determined terminal width size. Setting this variable normally only makes sense if you log the output to a file using the <code>--log</code>, <code>--logfile</code> or <code>-oL</code> option.</li>
-  <li>DEBUG_ALLINONE / SETX: when setting one of those to true testssl.sh falls back to the standard bash behavior, i.e. calling <code>bash -x testssl.sh</code> it displays the bash debugging output not in an external file <code>/tmp/testssl-&lt;XX&gt;.log</code>
-</li>
-  <li>DEBUGTIME: Profiling option. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in <code>/tmp/testssl-&lt;XX&gt;.time</code>. They need to be concatenated by <code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code>
-[comment]: # * FAST_SOCKET
-[comment]: # * SHOW_SIGALGO
-[comment]: # * FAST</li>
-  <li>EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier. In released versions this has no effect.</li>
-  <li>ALL_CLIENTS=true runs a client simulation with <em>all</em> (currently 126) clients when testing HTTP.</li>
-  <li>UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses</li>
-  <li>NO_ENGINE: if you have problems with garbled output containing the word 'engine' you might want to set this to true. It forces testssl.sh not try to configure openssl's engine or a non existing one from libressl</li>
-  <li>HEADER_MAXSLEEP: To wait how long before killing the process to retrieve a service banner / HTTP header</li>
-  <li>MAX_WAITSOCK: It instructs testssl.sh to wait until the specified time before declaring a socket connection dead. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
-  <li>CCS_MAX_WAITSOCK Is the similar to above but applies only to the CCS handshakes, for both of the two the two CCS payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
-  <li>HEARTBLEED_MAX_WAITSOCK  Is the similar to MAX_WAITSOCK but applies only to the ServerHello after sending the Heartbleed payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
-  <li>MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false.</li>
-  <li>STARTTLS_SLEEP is per default set to 10 (seconds). That's the value testssl.sh waits for a string in the STARTTLS handshake before giving up.</li>
-  <li>MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode. The default value of 20 may be made larger on systems with faster processors.</li>
-  <li>MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete. The default is 1200.
-[comment]: # USLEEP_SND
-[comment]: # USLEEP_REC</li>
-  <li>HSTS_MIN is preset to 179 (days). If you want warnings sooner or later for HTTP Strict Transport Security you can change this.</li>
-  <li>HPKP_MIN is preset to 30 (days). If you want warnings sooner or later for HTTP Public Key Pinning you can change this</li>
-  <li>DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days). For Let's Encrypt this value will be divided internally by 2.</li>
-  <li>DAYS2WARN2 is the second threshold when you'll be warning of a certificate expiration of a host, preset to 30 (days). For Let's Encrypt this value will be divided internally by 2.</li>
-  <li>TESTSSL_INSTALL_DIR is the derived installation directory of testssl.sh. Relatively to that the <code>bin</code> and mandatory <code>etc</code> directory will be looked for.</li>
-  <li>CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use <code>~/utils/create_ca_hashes.sh</code> to create the hashes for HPKP.</li>
-  <li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue</em>.</li>
-  <li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated TCP connect problems, giving up</em>.</li>
-  <li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like <em>Fatal error: repeated HTTP header connect problems, doesn't make sense to continue</em>.</li>
-</ul>
-
-<h3 id="RATING">RATING</h3>
-<p>This program has a near-complete implementation of SSL Labs's '<a href="https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide">SSL Server Rating Guide</a>'.</p>
-
-<p>This is <em>not</em> a 100% reimplementation of the <a href="https://www.ssllabs.com/ssltest/analyze.html">SSL Lab's SSL Server Test</a>, but an implementation of the above rating specification, slight discrepancies may occur. Please note that for now we stick to the SSL Labs rating as good as possible. We are not responsible for their rating. Before filing issues please inspect their Rating Guide.</p>
-
-<p>Disclaimer: Having a good grade is <strong>NOT</strong> necessarily equal to having good security! Don't start a competition for the best grade, at least not without monitoring the client handshakes and not without adding a portion of good sense to it. Please note STARTTLS always results in a grade cap to T. Anything else
-would lead to a false sense of security - at least until we test for DANE or MTA-STS.</p>
-
-<p>As of writing, these checks are missing:
-* GOLDENDOODLE - should be graded <strong>F</strong> if vulnerable
-* Insecure renegotiation - should be graded <strong>F</strong> if vulnerable
-* Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - should be graded <strong>F</strong> if vulnerable
-* Sleeping POODLE - should be graded <strong>F</strong> if vulnerable
-* Zero Length Padding Oracle (CVE-2019-1559) - should be graded <strong>F</strong> if vulnerable
-* Zombie POODLE - should be graded <strong>F</strong> if vulnerable
-* All remaining old Symantec PKI certificates are distrusted - should be graded <strong>T</strong>
-* Symantec certificates issued before June 2016 are distrusted - should be graded <strong>T</strong>
-* Anonymous key exchange - should give <strong>0</strong> points in <code>set_key_str_score()</code>
-* Exportable key exchange - should give <strong>40</strong> points in <code>set_key_str_score()</code>
-* Weak key (Debian OpenSSL Flaw) - should give <strong>0</strong> points in <code>set_key_str_score()</code></p>
-
-<h4 id="Implementing-new-grades-caps-or-warnings">Implementing new grades caps or -warnings</h4>
-<p>To implement a new grading cap, simply call the <code>set_grade_cap()</code> function, with the grade and a reason:
-<code>bash
-set_grade_cap "D" "Vulnerable to documentation"
-</code>
-To implement a new grade warning, simply call the <code>set_grade_warning()</code> function, with a message:
-<code>bash
-set_grade_warning "Documentation is always right"
-</code>
-#### Implementing a new check which contains grade caps
-When implementing a new check (be it vulnerability or not) that sets grade caps, the <code>set_rating_state()</code> has to be updated (i.e. the <code>$do_mycheck</code> variable-name has to be added to the loop, and <code>$nr_enabled</code> if-statement has to be incremented)</p>
-
-<p>The <code>set_rating_state()</code> automatically disables rating, if all the required checks are <em>not</em> enabled.
-This is to prevent giving out a misleading or wrong grade.</p>
-
-<h4 id="Implementing-a-new-revision">Implementing a new revision</h4>
-<p>When a new revision of the rating specification comes around, the following has to be done:
-* New grade caps has to be either:
-  1. Added to the script wherever relevant, or
-  2. Added to the above list of missing checks (if above is not possible)
-* New grade warnings has to be added wherever relevant
-* The revision output in <code>run_rating()</code> function has to updated</p>
-
-<h2 id="EXAMPLES">EXAMPLES</h2>
-
-<pre><code>  testssl.sh testssl.sh
-</code></pre>
-
-<p>does a default run on https://testssl.sh (protocols, standard cipher lists, server's cipher preferences, forward secrecy, server defaults, vulnerabilities, client simulation, and rating.</p>
-
-<pre><code>  testssl.sh testssl.net:443
-</code></pre>
-
-<p>does the same default run as above with the subtle difference that testssl.net has two IPv4 addresses. Both are tested.</p>
-
-<pre><code>  testssl.sh --ip=one --wide https://testssl.net:443
-</code></pre>
-
-<p>does the same checks as above, with the difference that one IP address is being picked randomly. Displayed is everything where possible in wide format.</p>
-
-<pre><code>  testssl.sh -6 https://testssl.net
-</code></pre>
-
-<p>As opposed to the first example it also tests the IPv6 part -- supposed you have an IPv6 network and your openssl supports IPv6 (see above).</p>
-
-<pre><code>  testssl.sh -t smtp smtp.gmail.com:25
-</code></pre>
-
-<p>Checks are done via a STARTTLS handshake on the plain text port 25. It checks every IP on smtp.gmail.com.</p>
-
-<pre><code>    testssl.sh --starttls=imap imap.gmx.net:143
-</code></pre>
-
-<p>does the same on the plain text IMAP port.</p>
-
-<p>Please note that for plain TLS-encrypted ports you must not specify the protocol option when no STARTTLS handshake is offered: <code>testssl.sh smtp.gmail.com:465</code> just checks the encryption on the SMTPS port, <code>testssl.sh imap.gmx.net:993</code> on the IMAPS port. Also MongoDB which provides TLS support without STARTTLS can be tested directly.</p>
-
-<h2 id="RFCs-and-other-standards">RFCs and other standards</h2>
-
-<ul>
-  <li>RFC 2246: The TLS Protocol Version 1.0</li>
-  <li>RFC 2818: HTTP Over TLS</li>
-  <li>RFC 2595: Using TLS with IMAP, POP3 and ACAP</li>
-  <li>RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security</li>
-  <li>RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</li>
-  <li>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</li>
-  <li>RFC 4366: Transport Layer Security (TLS) Extensions</li>
-  <li>RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</li>
-  <li>RFC 5077: Transport Layer Security (TLS) Session Resumption</li>
-  <li>RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2</li>
-  <li>RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</li>
-  <li>RFC 5321: Simple Mail Transfer Protocol</li>
-  <li>RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension</li>
-  <li>RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions</li>
-  <li>RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0</li>
-  <li>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core</li>
-  <li>RFC 6125: Domain-Based Application Service Identity [..]</li>
-  <li>RFC 6797: HTTP Strict Transport Security (HSTS)</li>
-  <li>RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension</li>
-  <li>RFC 7469: Public Key Pinning Extension for HTTP (HPKP)</li>
-  <li>RFC 7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks</li>
-  <li>RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension</li>
-  <li>RFC 7633: X.509v3 Transport Layer Security (TLS) Feature Extension</li>
-  <li>RFC 7465: Prohibiting RC4 Cipher Suites</li>
-  <li>RFC 7685: A Transport Layer Security (TLS) ClientHello Padding Extension</li>
-  <li>RFC 7905: ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)</li>
-  <li>RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security</li>
-  <li>RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)</li>
-  <li>RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3</li>
-  <li>RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility</li>
-  <li>W3C CSP: Content Security Policy Level 1-3</li>
-  <li>TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3</li>
-</ul>
-
-<h2 id="EXIT-STATUS">EXIT STATUS</h2>
-
-<ul>
-  <li>0    testssl.sh finished successfully without errors and without ambiguous results</li>
-  <li>1    testssl.sh has encountered exactly one ambiguous situation or an error during run</li>
-  <li>1+n  same as previous. The errors or ambiguous results are added, also per IP.</li>
-  <li>50-200 reserved for returning a vulnerability scoring for system monitoring or a CI tools</li>
-  <li>242 (ERR_CHILD)       Child received a signal from master</li>
-  <li>244 (ERR_RESOURCE)    Resources testssl.sh needs couldn't be read</li>
-  <li>245 (ERR_CLUELESS)    Weird state, either though user options or testssl.sh</li>
-  <li>246 (ERR_CONNECT)     Connectivity problem</li>
-  <li>247 (ERR_DNSLOOKUP)   Problem with resolving IP addresses or names</li>
-  <li>248 (ERR_OTHERCLIENT) Other client problem</li>
-  <li>249 (ERR_DNSBIN)      Problem with DNS lookup binaries</li>
-  <li>250 (ERR_OSSLBIN)     Problem with OpenSSL binary</li>
-  <li>251 (ERR_NOSUPPORT)   Feature requested is not supported</li>
-  <li>252 (ERR_FNAMEPARSE)  Input file couldn't be parsed</li>
-  <li>253 (ERR_FCREATE)     Output file couldn't be created</li>
-  <li>254 (ERR_CMDLINE)     Cmd line couldn't be parsed</li>
-  <li>255 (ERR_BASH)       Bash version incorrect</li>
-</ul>
-
-<h2 id="FILES">FILES</h2>
-
-<p><strong>etc/*pem</strong>               are the certificate stores from Apple, Linux, Mozilla Firefox, Windows and Java.</p>
-
-<p><strong>etc/client-simulation.txt</strong>  contains client simulation data.</p>
-
-<p><strong>etc/cipher-mapping.txt</strong>  provides a mandatory file with mapping from OpenSSL cipher suites names to the ones from IANA / used in the RFCs.</p>
-
-<p><strong>etc/tls_data.txt</strong>        provides a mandatory file for ciphers (bash sockets) and key material.</p>
-
-<h2 id="AUTHORS">AUTHORS</h2>
-
-<p>Developed by Dirk Wetter, David Cooper and many others, see CREDITS.md .</p>
-
-<h2 id="COPYRIGHT">COPYRIGHT</h2>
-
-<p>Copyright © 2012 Dirk Wetter. License GPLv2: Free Software Foundation, Inc.
-       This is free software: you are free to change and redistribute it under the terms of the license, see LICENSE.</p>
-
-<p>Attribution is important for the future of this project - also in the
-internet. Thus if you're offering a scanner based on testssl.sh as a public
-and/or paid service in the internet you are strongly encouraged to mention to
-your audience that you're using this program and where to get this program
-from. That helps us to get bugfixes, other feedback and more contributions.</p>
-
-<p>Usage WITHOUT ANY WARRANTY. USE at your OWN RISK!</p>
-
-<h2 id="LIMITATION">LIMITATION</h2>
-
-<p>All native Windows platforms emulating Linux are known to be slow.</p>
-
-<h2 id="BUGS">BUGS</h2>
-
-<p>Probably. Current known ones and interface for filing new ones: https://testssl.sh/bugs/ .</p>
-
-<h2 id="SEE-ALSO">SEE ALSO</h2>
-
-<p><span class="man-ref"><code>ciphers</code><span class="s">(1)</span></span>, <span class="man-ref"><code>openssl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>s_client</code><span class="s">(1)</span></span>, <span class="man-ref"><code>x509</code><span class="s">(1)</span></span>, <span class="man-ref"><code>verify</code><span class="s">(1)</span></span>, <span class="man-ref"><code>ocsp</code><span class="s">(1)</span></span>, <span class="man-ref"><code>crl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>bash</code><span class="s">(1)</span></span> and the websites https://testssl.sh/ and https://github.com/drwetter/testssl.sh/ .</p>
-
-  <ol class='man-decor man-foot man foot'>
-    <li class='tl'></li>
-    <li class='tc'>December 2021</li>
-    <li class='tr'>testssl(1)</li>
-  </ol>
-
-  </div>
-</body>
-</html>
diff --git a/doc/testssl.1.md b/doc/testssl.1.md
index 54cff9b..107cd27 100644
--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@@ -1,3 +1,4 @@
+% testssl(1) | General Commands Manual
 
 ## NAME
    testssl.sh -- check encryption of SSL/TLS servers
@@ -54,9 +55,9 @@ linked OpenSSL binaries for major operating systems are supplied in `./bin/`.
 
 8) testing each of 370 preconfigured ciphers
 
-8) client simulation
+9) client simulation
 
-9) rating
+10) rating
 
 
 
@@ -89,14 +90,15 @@ Nmap's output always returns IP addresses and only if there's a PTR DNS record a
 A typical internal conversion to testssl.sh file format from nmap's grep(p)able format could look like:
 
 ```
-10.10.12.16:443
-10.10.12.16:1443
--t smtp host.example.com:25
-host.example.com:443
-host.example.com:631
--t ftp 10.10.12.11:21
-10.10.12.11:8443
+  10.10.12.16:443
+  10.10.12.16:1443
+  -t smtp host.example.com:25
+  host.example.com:443
+  host.example.com:631
+  -t ftp 10.10.12.11:21
+  10.10.12.11:8443
 ```
+
 Please note that `fname` has to be in Unix format. DOS carriage returns won't be accepted. Instead of the command line switch the environment variable FNAME will be honored too.
 
 `--mode <serial|parallel>`. Mass testing to be done serial (default) or parallel (`--parallel` is shortcut for the latter, `--serial` is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable `MASS_TESTING_MODE` can be defined to be either equal `serial` or `parallel`.
@@ -241,7 +243,7 @@ Also for multiple server certificates are being checked for as well as for the c
 
 `-C, --compression, --crime`    Checks for CRIME (*Compression Ratio Info-leak Made Easy*) vulnerability in TLS. CRIME in SPDY is not yet being checked for.
 
-`-B, --breach`                  Checks for BREACH (*Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext*) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.
+`-B, --breach`                  Checks for BREACH (*Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext*) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via `--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.
 
 `-O, --poodle`                  Tests for SSL POODLE (*Padding Oracle On Downgraded Legacy Encryption*) vulnerability. It basically checks for the existence of CBC ciphers in SSLv3.
 
@@ -308,9 +310,9 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
 
 `--json`                Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json-pretty` flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The output doesn't contain a banner or a footer.
 
-`--jsonfile <jsonfile>` or `-oj <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `jsonfile` is a directory the output will put into `logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If `jsonfile` is a file it will use that file name, an absolute path is also permitted here.
+`--jsonfile <jsonfile>` or `-oj <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `jsonfile` is a directory the output will put into `logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json`. If `jsonfile` is a file it will use that file name, an absolute path is also permitted here.
 
-`--json-pretty` Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.
+`--json-pretty` Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.
 
 `--jsonfile-pretty <jsonfile>` or `-oJ <jsonfile>`  Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) into a file or a directory. For further explanation see `--jsonfile` or `--logfile`.
 
@@ -334,7 +336,7 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
 
 `--overwrite` Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that **without any warning**. The environment variable OVERWRITE does the same. Be careful, you have been warned!
 
-`--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`.
+`--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before `${NODE}-`. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`.
 
 A few file output options can also be preset via environment variables.
 
@@ -370,9 +372,11 @@ Except the environment variables mentioned above which can replace command line
 * TERM_WIDTH is a variable which overrides the auto-determined terminal width size. Setting this variable normally only makes sense if you log the output to a file using the `--log`, `--logfile` or `-oL` option.
 * DEBUG_ALLINONE / SETX: when setting one of those to true testssl.sh falls back to the standard bash behavior, i.e. calling ``bash -x testssl.sh`` it displays the bash debugging output not in an external file `/tmp/testssl-<XX>.log`
 * DEBUGTIME: Profiling option. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in `/tmp/testssl-<XX>.time`. They need to be concatenated by `paste /tmp/testssl-<XX>.{time,log}`
-[comment]: # * FAST_SOCKET
-[comment]: # * SHOW_SIGALGO
-[comment]: # * FAST
+<!---
+* FAST_SOCKET
+* SHOW_SIGALGO
+* FAST
+-->
 * EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier. In released versions this has no effect.
 * ALL_CLIENTS=true runs a client simulation with *all* (currently 126) clients when testing HTTP.
 * UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses
@@ -385,8 +389,10 @@ Except the environment variables mentioned above which can replace command line
 * STARTTLS_SLEEP is per default set to 10 (seconds). That's the value testssl.sh waits for a string in the STARTTLS handshake before giving up.
 * MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode. The default value of 20 may be made larger on systems with faster processors.
 * MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete. The default is 1200.
-[comment]: # USLEEP_SND
-[comment]: # USLEEP_REC
+<!---
+* USLEEP_SND
+* USLEEP_REC
+-->
 * HSTS_MIN is preset to 179 (days). If you want warnings sooner or later for HTTP Strict Transport Security you can change this.
 * HPKP_MIN is preset to 30 (days). If you want warnings sooner or later for HTTP Public Key Pinning you can change this
 * DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days). For Let's Encrypt this value will be divided internally by 2.
@@ -398,6 +404,7 @@ Except the environment variables mentioned above which can replace command line
 * MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like *Fatal error: repeated HTTP header connect problems, doesn't make sense to continue*.
 
 ### RATING
+
 This program has a near-complete implementation of SSL Labs's '[SSL Server Rating Guide](https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide)'.
 
 This is *not* a 100% reimplementation of the [SSL Lab's SSL Server Test](https://www.ssllabs.com/ssltest/analyze.html), but an implementation of the above rating specification, slight discrepancies may occur. Please note that for now we stick to the SSL Labs rating as good as possible. We are not responsible for their rating. Before filing issues please inspect their Rating Guide.
@@ -406,6 +413,7 @@ Disclaimer: Having a good grade is **NOT** necessarily equal to having good secu
 would lead to a false sense of security - at least until we test for DANE or MTA-STS.
 
 As of writing, these checks are missing:
+
 * GOLDENDOODLE - should be graded **F** if vulnerable
 * Insecure renegotiation - should be graded **F** if vulnerable
 * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - should be graded **F** if vulnerable
@@ -419,6 +427,7 @@ As of writing, these checks are missing:
 * Weak key (Debian OpenSSL Flaw) - should give **0** points in `set_key_str_score()`
 
 #### Implementing new grades caps or -warnings
+
 To implement a new grading cap, simply call the `set_grade_cap()` function, with the grade and a reason:
 ```bash
 set_grade_cap "D" "Vulnerable to documentation"
@@ -427,14 +436,18 @@ To implement a new grade warning, simply call the `set_grade_warning()` function
 ```bash
 set_grade_warning "Documentation is always right"
 ```
+
 #### Implementing a new check which contains grade caps
+
 When implementing a new check (be it vulnerability or not) that sets grade caps, the `set_rating_state()` has to be updated (i.e. the `$do_mycheck` variable-name has to be added to the loop, and `$nr_enabled` if-statement has to be incremented)
 
 The `set_rating_state()` automatically disables rating, if all the required checks are *not* enabled.
 This is to prevent giving out a misleading or wrong grade.
 
 #### Implementing a new revision
+
 When a new revision of the rating specification comes around, the following has to be done:
+
 * New grade caps has to be either:
   1. Added to the script wherever relevant, or
   2. Added to the above list of missing checks (if above is not possible)

From bb48778fb331543cd8c1bdfaa877ab7077a2a93a Mon Sep 17 00:00:00 2001
From: Emmanuel Bouthenot <kolter@openics.org>
Date: Fri, 7 Jan 2022 22:23:21 +0100
Subject: [PATCH 02/33] Remove unused $PANDOCFLAGS in doc Makefile

---
 doc/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/Makefile b/doc/Makefile
index 35f3f04..acdc09e 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -8,7 +8,7 @@ clean:
 	rm -f $(NAME).$(MANSECTION) $(NAME).$(MANSECTION).html
 
 $(NAME).$(MANSECTION): $(NAME).$(MANSECTION).md
-	$(PANDOC) --standalone $(PANDOCFLAGS) --to man $(NAME).$(MANSECTION).md -o $@
+	$(PANDOC) --standalone --to man $(NAME).$(MANSECTION).md -o $@
 
 $(NAME).$(MANSECTION).html: template.html $(NAME).$(MANSECTION).md
-	$(PANDOC) --standalone $(PANDOCFLAGS) --to html5 --template template.html $(NAME).$(MANSECTION).md -o $@
+	$(PANDOC) --standalone --to html5 --template template.html $(NAME).$(MANSECTION).md -o $@

From 555c6eb4d0bdd43d0c36dac3bdec8701c48cd19e Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 22 Sep 2021 11:01:33 -0400
Subject: [PATCH 03/33] WIP: Improve check for client authentication

As noted in #1709, some servers will only request client authentication if a specific URL is requested. This commit modifies the check for client authentication, in the case that a $URL_PATH is provided, by having testssl.sh perform a GET request on the URL provided on the command line.
---
 testssl.sh | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index d4f7324..facf0af 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -353,6 +353,7 @@ HAS_AES256_GCM=false
 HAS_ZLIB=false
 HAS_UDS=false
 HAS_UDS2=false
+HAS_ENABLE_PHA=false
 HAS_DIG=false
 HAS_DIG_R=true
 DIG_R="-r"
@@ -2175,6 +2176,10 @@ s_client_options() {
      # isn't needed for these versions of OpenSSL.)
      ! "$HAS_NO_SSL2" && options="${options//-no_ssl2/}"
 
+     # The -enable_pha option causes the Post-Handshake Authentication extension to be sent.
+     # It is only supported by OpenSSL 1.1.1 and newer.
+     ! "$HAS_ENABLE_PHA" && options="${options//-enable_pha/}"
+
      # At least one server will fail under some circumstances if compression methods are offered.
      # So, only offer compression methods if necessary for the test. In OpenSSL 1.1.0 and
      # 1.1.1 compression is only offered if the "-comp" option is provided.
@@ -19450,6 +19455,7 @@ find_openssl_binary() {
      HAS_UDS=false
      HAS_UDS2=false
 	 TRUSTED1ST=""
+     HAS_ENABLE_PHA=false
 
      $OPENSSL ciphers -s 2>&1 | grep -aiq "unknown option" || OSSL_CIPHERS_S="-s"
 
@@ -19521,6 +19527,8 @@ find_openssl_binary() {
 
      grep -q 'Unix-domain socket' $s_client_has && HAS_UDS=true
 
+     grep -q '\-enable_pha' $s_client_has && HAS_ENABLE_PHA=true
+
      # Now check whether the standard $OPENSSL has Unix-domain socket and xmpp-server support. If
      # not check /usr/bin/openssl -- if available. This is more a kludge which we shouldn't use for
      # every openssl feature. At some point we need to decide which with openssl version we go.
@@ -19872,6 +19880,7 @@ HAS_NNTP: $HAS_NNTP
 HAS_IRC: $HAS_IRC
 HAS_UDS: $HAS_UDS
 HAS_UDS2: $HAS_UDS2
+HAS_ENABLE_PHA: $HAS_ENABLE_PHA
 
 HAS_DIG: $HAS_DIG
 HAS_HOST: $HAS_HOST
@@ -21070,7 +21079,16 @@ determine_optimal_proto() {
                     -ssl2)   "$HAS_SSL2" || continue ;;
                     *) ;;
                esac
-               $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
+               # Only send $GET_REQ11 in case of a non-empty $URL_PATH, as it
+               # is not needed otherwise. Also, sending $GET_REQ11 may cause
+               # problems if the server being tested is not an HTTPS server,
+               # and $GET_REQ11 should be empty for non-HTTPS servers.
+               if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then
+                    $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
+               else
+                    safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -prexit -enable_pha") </dev/null >$TMPFILE 2>>$ERRFILE
+               fi
+               
                if sclient_auth $? $TMPFILE; then
                     # we use the successful handshake at least to get one valid protocol supported -- it saves us time later
                     if [[ -z "$proto" ]]; then
@@ -21188,7 +21206,6 @@ determine_service() {
      if [[ -z "$1" ]]; then
           # no STARTTLS.
           determine_optimal_sockets_params
-          determine_optimal_proto
           $SNEAKY && \
                ua="$UA_SNEAKY" || \
                ua="$UA_STD"
@@ -21199,6 +21216,7 @@ determine_service() {
                reqheader="$(join_by "\r\n" "${REQHEADERS[@]}")\r\n" #Add all required custom http headers to one string with newlines
           fi
           GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\n${basicauth_header}${reqheader}Accept-Encoding: identity\r\nAccept: text/*\r\nConnection: Close\r\n\r\n"
+          determine_optimal_proto
           # returns always 0:
           service_detection $OPTIMAL_PROTO
      else # STARTTLS

From a66e3cd3ada7112bb628d74ea4a9ed916381283f Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Mon, 3 Jan 2022 15:02:27 -0500
Subject: [PATCH 04/33] Improve check for client authentication

Based on initial testing, this commit improves the check for client authentication in the case that the server only requests client authentication for specific URLs. However, it does not work correctly if the server supports TLS 1.3 and $OPENSSL is a version of LibreSSL that supports TLS 1.3 in s_client. The problem is that LibreSSL does not support post-handshake authentication with TLS 1.3
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index facf0af..bf5dc5f 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -21086,7 +21086,7 @@ determine_optimal_proto() {
                if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then
                     $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
                else
-                    safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -prexit -enable_pha") </dev/null >$TMPFILE 2>>$ERRFILE
+                    safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
                fi
                
                if sclient_auth $? $TMPFILE; then

From 0531d5df19c6912b86034b3bbda7f5994db4589e Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 4 Jan 2022 09:47:14 -0500
Subject: [PATCH 05/33] Improve check for client authentication with LibreSSL

Checking for client authentication with TLS 1.3 requires post-handshake authentication, which does not appear to be supported by LibreSSL. This commit improves the check for client authentication when testing a TLS 1.3 server using LibreSSL by having determine_optimal_proto() first test for connectivity with TLS 1.3 without checking for client authentication and then performing a separate check for client authentication using a non-TLS 1.3 protocol.

This commit only affects the flow of the program if a $URL_PATH is specified, the server supports TLS 1.3, and $OPENSSL supports TLS 1.3 but not -enable_pha.

testss.sh may still provide incorrect information about client authentication if a $URL_PATH is provided, the server is TLS 1.3-only, and LibreSSL is used.
---
 testssl.sh | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index bf5dc5f..e7eada0 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -21082,8 +21082,13 @@ determine_optimal_proto() {
                # Only send $GET_REQ11 in case of a non-empty $URL_PATH, as it
                # is not needed otherwise. Also, sending $GET_REQ11 may cause
                # problems if the server being tested is not an HTTPS server,
-               # and $GET_REQ11 should be empty for non-HTTPS servers.
-               if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == "/" ]]; then
+               # and $URL_PATH should be empty for non-HTTPS servers.
+               # With TLS 1.3 it is only possible to test for client authentication
+               # if $OPENSSL supports post-handshake authentication. So, don't send try
+               # to send $GET_REQ11 after a TLS 1.3 ClientHello to a TLS 1.3 server if
+               # $ENABLE_PHA is false.
+               if [[ -z "$URL_PATH" ]] || [[ "$URL_PATH" == / ]] || \
+                  ( "$HAS_TLS13" && ! "$HAS_ENABLE_PHA" && ( [[ -z "$proto" ]] || [[ "$proto" == -tls1_3 ]] ) && [[ $(has_server_protocol "tls1_3") -ne 1 ]] ); then
                     $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
                else
                     safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
@@ -21105,6 +21110,17 @@ determine_optimal_proto() {
                          OPTIMAL_PROTO="$proto"
                     fi
                     all_failed=false
+                    # If a $URL_PATH is specified and a TLS 1.3 server is being
+                    # tested using an $OPENSSL that supports TLS 1.3 but not
+                    # post-handshake authentication, then test for client
+                    # authentication using a protocol version earlier than
+                    # TLS 1.3 (unless the server only is TLS 1.3-only).
+                    if [[ "$tmp" == tls1_3 ]] && [[ -n "$URL_PATH" ]] && [[ "$URL_PATH" != / ]] && ! "$HAS_ENABLE_PHA" && \
+                       ( [[ "$(has_server_protocol "tls1_2")" -eq 0 ]] || [[ "$(has_server_protocol "tls1_1")" -eq 0 ]] || \
+                         [[ "$(has_server_protocol "tls1")" -eq 0 ]] || [[ "$(has_server_protocol "ssl3")" -eq 0 ]] ); then
+                         safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE
+                         sclient_auth $? $TEMPDIR/client_auth_test.txt
+                    fi
                     break
                fi
           done

From 4260ccbd1cf4d9302a148482e76fa5178fe04c64 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 4 Jan 2022 15:38:19 -0500
Subject: [PATCH 06/33] Report if couldn't test for client authentication

This commit fixes determine_optimal_proto() and run_server_defaults() so that a "Local problem" is reported if a $URL_PATH is specified, the server is TLS 1.3-only, and $OPENSSL does not support -enable_pha (and the server does not offer client authentication as part of the initial TLS handshake).
---
 testssl.sh | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index e7eada0..7a30d4e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10101,9 +10101,13 @@ run_server_defaults() {
 
      jsonID="clientAuth"
      pr_bold " Client Authentication        "
-     outln "$CLIENT_AUTH"
+     if [[ "$CLIENT_AUTH" == unknown ]]; then
+          prln_local_problem "$OPENSSL doesn't support \"s_client -enable_pha\""
+     else
+          outln "$CLIENT_AUTH"
+     fi
      fileout "$jsonID" "INFO" "$CLIENT_AUTH"
-     if [[ "$CLIENT_AUTH" != none ]]; then
+     if [[ "$CLIENT_AUTH" == optional ]] || [[ "$CLIENT_AUTH" == required ]]; then
           jsonID="clientAuth_CA_list"
           pr_bold " CA List for Client Auth      "
           out_row_aligned "$CLIENT_AUTH_CA_LIST" "                              "
@@ -21115,11 +21119,14 @@ determine_optimal_proto() {
                     # post-handshake authentication, then test for client
                     # authentication using a protocol version earlier than
                     # TLS 1.3 (unless the server only is TLS 1.3-only).
-                    if [[ "$tmp" == tls1_3 ]] && [[ -n "$URL_PATH" ]] && [[ "$URL_PATH" != / ]] && ! "$HAS_ENABLE_PHA" && \
-                       ( [[ "$(has_server_protocol "tls1_2")" -eq 0 ]] || [[ "$(has_server_protocol "tls1_1")" -eq 0 ]] || \
-                         [[ "$(has_server_protocol "tls1")" -eq 0 ]] || [[ "$(has_server_protocol "ssl3")" -eq 0 ]] ); then
-                         safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE
-                         sclient_auth $? $TEMPDIR/client_auth_test.txt
+                    if [[ "$tmp" == tls1_3 ]] && [[ -n "$URL_PATH" ]] && [[ "$URL_PATH" != / ]] && ! "$HAS_ENABLE_PHA"; then
+                         if [[ "$(has_server_protocol "tls1_2")" -eq 0 ]] || [[ "$(has_server_protocol "tls1_1")" -eq 0 ]] || \
+                            [[ "$(has_server_protocol "tls1")" -eq 0 ]] || [[ "$(has_server_protocol "ssl3")" -eq 0 ]]; then
+                              safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE
+                              sclient_auth $? $TEMPDIR/client_auth_test.txt
+                         elif [[ "$CLIENT_AUTH" == none ]]; then
+                              CLIENT_AUTH="unknown"
+                         fi
                     fi
                     break
                fi

From 9a1f7f85b7b757c906f0283e34d987fb98890637 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 5 Jan 2022 11:19:16 -0500
Subject: [PATCH 07/33] Fix potential stallling in HTTP query

In run_http_header() the GET command is first sent over TLS using a background process, and then if that does not hang, it is sent again in the foreground. Similarly, service_detection() runs the command in the background.

This commit changes determine_optimal_proto() to follow the example of run_http_header() as protection against the possibility of the HTTP query stalling.
---
 testssl.sh | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 7a30d4e..6792007 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -21095,7 +21095,18 @@ determine_optimal_proto() {
                   ( "$HAS_TLS13" && ! "$HAS_ENABLE_PHA" && ( [[ -z "$proto" ]] || [[ "$proto" == -tls1_3 ]] ) && [[ $(has_server_protocol "tls1_3") -ne 1 ]] ); then
                     $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
                else
-                    safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
+                    safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE &
+                    wait_kill $! $HEADER_MAXSLEEP
+                    if [[ $? -eq 0 ]]; then
+                         # Issue HTTP GET again as it properly finished within $HEADER_MAXSLEEP and didn't hang.
+                         # Doing it again in the foreground to get an accurate return code.
+                         safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -enable_pha") >$TMPFILE 2>>$ERRFILE
+                    else
+                         # Issuing HTTP GET caused $OPENSSL to hang, so just try to determine
+                         # protocol support without also trying to collect information about
+                         # client authentication.
+                         $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
+                    fi
                fi
                
                if sclient_auth $? $TMPFILE; then
@@ -21122,9 +21133,18 @@ determine_optimal_proto() {
                     if [[ "$tmp" == tls1_3 ]] && [[ -n "$URL_PATH" ]] && [[ "$URL_PATH" != / ]] && ! "$HAS_ENABLE_PHA"; then
                          if [[ "$(has_server_protocol "tls1_2")" -eq 0 ]] || [[ "$(has_server_protocol "tls1_1")" -eq 0 ]] || \
                             [[ "$(has_server_protocol "tls1")" -eq 0 ]] || [[ "$(has_server_protocol "ssl3")" -eq 0 ]]; then
-                              safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE
-                              sclient_auth $? $TEMPDIR/client_auth_test.txt
+                              safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE &
+                              wait_kill $! $HEADER_MAXSLEEP
+                              # If the HTTP properly finished within $HEADER_MAXSLEEP and didn't hang, then
+                              # do it again in the foreground to get an accurate return code. If it did hang,
+                              # there is no way to test for client authentication, so don't try.
+                              if [[ $? -eq 0 ]]; then
+                                   safe_echo "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI -ign_eof -no_tls1_3") >$TEMPDIR/client_auth_test.txt 2>>$ERRFILE
+                                   sclient_auth $? $TEMPDIR/client_auth_test.txt
+                              fi
                          elif [[ "$CLIENT_AUTH" == none ]]; then
+                              # This is a TLS 1.3-only server and $OPENSSL does not support -enable_pha, so it is not
+                              # possible to test for client authentication.
                               CLIENT_AUTH="unknown"
                          fi
                     fi

From 4b973f242ab93a8f1a70063ce2208b416f1f8b1f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jan 2022 00:34:18 +0000
Subject: [PATCH 08/33] Bump docker/build-push-action from 2.7.0 to 2.8.0

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-3.1dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index cf61840..718477c 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -48,7 +48,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v2.7.0
+        uses: docker/build-push-action@v2.8.0
         with:
           push: ${{ github.event_name != 'pull_request' }}
           context: .

From 6bd0d9eba00b83efce2d06c27cb9be3b50e9dd2c Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 24 Jan 2022 16:49:03 +0100
Subject: [PATCH 09/33] Add prototype for STARTTLS+ LDAP via sockets

See #1258

To do:
* more robustness. At least the success value from the response need to be retrieved and checked via starttls_io().
* double check the pre-handshake before the OID whether it's correct for every case
* documentation
* inline help

It seems to work though against db.debian.org
---
 testssl.sh | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 6792007..74a640c 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11094,6 +11094,29 @@ starttls_postgres_dialog() {
      return $ret
 }
 
+# RFC 2830
+starttls_ldap_dialog() {
+     local debugpad="  > "
+     local -i ret=0
+     local starttls_init=",
+     x30, x1d, x02, x01,                                                             # LDAP extendedReq
+     x01,                                                                            # messageID: 1
+     x77, x18, x80, x16, x31, x2e, x33, x2e, x36, x2e,                               # ProtocolOP: extendedReq
+     x31, x2e, x34, x2e, x31, x2e, x31, x34, x36, x36, x2e, x32, x30, x30, x33, x37" # OID for STATRTTLS = "1.3.6.1.4.1.1466.20037"
+
+     debugme echo "=== starting LDAP STARTTLS dialog ==="
+     socksend "${starttls_init}"   0    && debugme echo "${debugpad}initiated STARTTLS" &&
+     starttls_just_read            1    "read succeeded"
+
+     # response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00
+     #                                                  ^^ == success!  That [9] should be checked also!
+
+     ret=$?
+     debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ==="
+     return $ret
+
+}
+
 starttls_mysql_dialog() {
      local debugpad="  > "
      local -i ret=0
@@ -11214,8 +11237,10 @@ fd_socket() {
                irc|ircs) # IRC, https://ircv3.net/specs/extensions/tls-3.1.html, https://ircv3.net/specs/core/capability-negotiation.html
                     fatal "FIXME: IRC+STARTTLS not yet supported" $ERR_NOSUPPORT
                     ;;
-               ldap|ldaps) # LDAP, https://tools.ietf.org/html/rfc2830, https://tools.ietf.org/html/rfc4511
-                    fatal "FIXME: LDAP+STARTTLS over sockets not supported yet (try \"--ssl-native\")" $ERR_NOSUPPORT
+               ldap|ldaps) # LDAP, https://tools.ietf.org/html/rfc2830#section-2.1, https://tools.ietf.org/html/rfc4511
+                    # https://ldap.com/ldapv3-wire-protocol-reference-extended/
+                    #fatal "FIXME: LDAP+STARTTLS over sockets not supported yet (try \"--ssl-native\")" $ERR_NOSUPPORT
+                    starttls_ldap_dialog
                     ;;
                acap|acaps) # ACAP = Application Configuration Access Protocol, see https://tools.ietf.org/html/rfc2595
                     fatal "ACAP Easteregg: not implemented -- probably never will" $ERR_NOSUPPORT
@@ -11231,7 +11256,7 @@ fd_socket() {
                     starttls_mysql_dialog
                     ;;
                *) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
-                    fatal "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not yet supported" $ERR_NOSUPPORT
+                    fatal "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not supported yet" $ERR_NOSUPPORT
           esac
           ret=$?
           case $ret in

From 9ec1ca30baf09f7d9766aac01594afe0e86b7a40 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Thu, 27 Jan 2022 18:35:40 +0100
Subject: [PATCH 10/33] Amends LDAP + STARTTLS / rename sockread_serverhello()

This commit adds parsing the success value of the STARTTLS upgrade
in LDAP. Only possible values whould be 0 or one according to RFC 2380.
All values not equal to zero will terminate the check.

Also, this PR renames sockread_serverhello() to sockread() as the word
serverhello is pretty misleading. It just reads from ANY socket. (sorry
to confuse people here, that should have gone into a separate PR).
  Also sockread() and sockread_fast() are better documented.
---
 testssl.sh | 55 ++++++++++++++++++++++++++++++++----------------------
 1 file changed, 33 insertions(+), 22 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 74a640c..3f4cb69 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -4728,7 +4728,7 @@ client_simulation_sockets() {
      socksend_clienthello "${data}"
      sleep $USLEEP_SND
 
-     sockread_serverhello 32768
+     sockread 32768
      tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
      tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
 
@@ -4758,7 +4758,7 @@ client_simulation_sockets() {
 
           debugme echo -n "requesting more server hello data... "
           socksend "" $USLEEP_SND
-          sockread_serverhello 32768
+          sockread 32768
 
           next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
           next_packet="${next_packet%%[!0-9A-F]*}"
@@ -11094,10 +11094,12 @@ starttls_postgres_dialog() {
      return $ret
 }
 
+
 # RFC 2830
 starttls_ldap_dialog() {
      local debugpad="  > "
      local -i ret=0
+     local result=""
      local starttls_init=",
      x30, x1d, x02, x01,                                                             # LDAP extendedReq
      x01,                                                                            # messageID: 1
@@ -11106,15 +11108,20 @@ starttls_ldap_dialog() {
 
      debugme echo "=== starting LDAP STARTTLS dialog ==="
      socksend "${starttls_init}"   0    && debugme echo "${debugpad}initiated STARTTLS" &&
-     starttls_just_read            1    "read succeeded"
+     result=$(sockread_fast 256)
+     [[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $result\n"
 
      # response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00
-     #                                                  ^^ == success!  That [9] should be checked also!
-
-     ret=$?
+     #                                                  ^^ == success!  [9] is checked below
+     if [[ ${result:18:2} == 00 ]]; then
+          ret=0
+     elif [[ ${result:18:2} == 01 ]]; then
+          ret=1
+     else
+          ret=127
+     fi
      debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ==="
      return $ret
-
 }
 
 starttls_mysql_dialog() {
@@ -11346,9 +11353,11 @@ socksend() {
 }
 
 
-# for SSLv2 to TLS 1.2:
+# Reads from socket. Uses SOCK_REPLY_FILE global to save socket reply
+# Not blocking, polling
 # ARG1: blocksize for reading
-sockread_serverhello() {
+#
+sockread() {
      [[ -z "$2" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
      SOCK_REPLY_FILE=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
      dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null &
@@ -11356,8 +11365,10 @@ sockread_serverhello() {
      return $?
 }
 
-#trying a faster version
+# Reads from socket. Utilises a pipe. Output is ASCII.
+# Faster as previous, blocks however when socket stream is empty
 # ARG1: blocksize for reading
+#
 sockread_fast() {
      dd bs=$1 count=1 <&5 2>/dev/null | hexdump -v -e '16/1 "%02X"'
 }
@@ -14743,7 +14754,7 @@ sslv2_sockets() {
      debugme echo -n "sending client hello... "
      socksend_clienthello "$client_hello"
 
-     sockread_serverhello 32768
+     sockread 32768
      if "$parse_complete"; then
           if [[ -s "$SOCK_REPLY_FILE" ]]; then
                server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -14756,7 +14767,7 @@ sslv2_sockets() {
 
                     debugme echo -n "requesting more server hello data... "
                     socksend "" $USLEEP_SND
-                    sockread_serverhello 32768
+                    sockread 32768
 
                     [[ ! -s "$SOCK_REPLY_FILE" ]] && break
                     cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
@@ -15476,7 +15487,7 @@ resend_if_hello_retry_request() {
      done
      debugme echo -n "sending client hello... "
      socksend_clienthello "$data" $USLEEP_SND
-     sockread_serverhello 32768
+     sockread 32768
      return 2
 }
 
@@ -15531,7 +15542,7 @@ tls_sockets() {
      # if sending didn't succeed we don't bother
      if [[ $ret -eq 0 ]]; then
           clienthello1="$TLS_CLIENT_HELLO"
-          sockread_serverhello 32768
+          sockread 32768
           "$TLS_DIFFTIME_SET" && TLS_NOW=$(LC_ALL=C date "+%s")
 
           tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -15571,7 +15582,7 @@ tls_sockets() {
 
                     debugme echo -n "requesting more server hello data... "
                     socksend "" $USLEEP_SND
-                    sockread_serverhello 32768
+                    sockread 32768
 
                     next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
                     next_packet="${next_packet%%[!0-9A-F]*}"
@@ -15785,7 +15796,7 @@ receive_app_data() {
                if "$FAST_SOCKET"; then
                     res="$(sockread_fast 32768)"
                else
-                    sockread_serverhello 32768
+                    sockread 32768
                     res="$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")"
                fi
                res="${res%%[!0-9A-F]*}"
@@ -15878,7 +15889,7 @@ run_heartbleed(){
 
      [[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
      socksend "$heartbleed_payload" 1
-     sockread_serverhello 16384 $HEARTBLEED_MAX_WAITSOCK
+     sockread 16384 $HEARTBLEED_MAX_WAITSOCK
      if [[ $? -eq 3 ]]; then
           append=", timed out"
           pr_svrty_best "not vulnerable (OK)"; out "$append"
@@ -16015,7 +16026,7 @@ run_ccs_injection(){
      socksend "$client_hello" 1
 
      debugme echo "reading server hello... "
-     sockread_serverhello 32768
+     sockread 32768
      if [[ $DEBUG -ge 4 ]]; then
           hexdump -C "$SOCK_REPLY_FILE" | head -20
           tmln_out "[...]"
@@ -16024,7 +16035,7 @@ run_ccs_injection(){
      rm "$SOCK_REPLY_FILE"
 # ... and then send the change cipher spec message
      socksend "$ccs_message" 1 || ok_ids
-     sockread_serverhello 4096 $CCS_MAX_WAITSOCK
+     sockread 4096 $CCS_MAX_WAITSOCK
      if [[ $DEBUG -ge 3 ]]; then
           tmln_out "\n1st reply: "
           hexdump -C "$SOCK_REPLY_FILE" | head -20
@@ -16034,7 +16045,7 @@ run_ccs_injection(){
      rm "$SOCK_REPLY_FILE"
 
      socksend "$ccs_message" 2 || ok_ids
-     sockread_serverhello 4096 $CCS_MAX_WAITSOCK
+     sockread 4096 $CCS_MAX_WAITSOCK
      retval=$?
 
      tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -16307,7 +16318,7 @@ run_ticketbleed() {
           if "$FAST_SOCKET"; then
                tls_hello_ascii=$(sockread_fast 32768)
           else
-               sockread_serverhello 32768 $CCS_MAX_WAITSOCK
+               sockread 32768 $CCS_MAX_WAITSOCK
                tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
           fi
           [[ "$DEBUG" -ge 5 ]] && echo "$tls_hello_ascii"
@@ -19185,7 +19196,7 @@ run_robot() {
                fi
                debugme echo "reading server error response..."
                start_time=$(LC_ALL=C date "+%s")
-               sockread_serverhello 32768 $robottimeout
+               sockread 32768 $robottimeout
                subret=$?
                if [[ $subret -eq 0 ]]; then
                     end_time=$(LC_ALL=C date "+%s")

From a778356cc3f1297d2e6e7a0b8a7850156eed5211 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 31 Jan 2022 10:36:51 +0100
Subject: [PATCH 11/33] Remove ldap protocol early returns

Partly revert bb5450e3f5f83d9c560e5293c692a8d03d02523f
---
 testssl.sh | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 3f4cb69..43edd4e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -7512,7 +7512,7 @@ tls_time() {
 
      pr_bold " TLS clock skew" ; out "$spaces"
 
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -7872,7 +7872,7 @@ get_server_certificate() {
                success=$?
           else
                # For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
-               if [[ "$STARTTLS" =~ ldap ]] || [[ "$STARTTLS" =~ irc ]]; then
+               if [[ "$STARTTLS" =~ irc ]]; then
                     return 1
                elif [[ "$1" =~ tls1_3_RSA ]]; then
                     tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
@@ -15852,7 +15852,7 @@ run_heartbleed(){
      [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln
      pr_bold " Heartbleed"; out " ($cve)                "
 
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -15962,7 +15962,7 @@ run_ccs_injection(){
      [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln
      pr_bold " CCS"; out " ($cve)                       "
 
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -17653,7 +17653,7 @@ run_drown() {
           cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
      fi
 
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -18058,7 +18058,7 @@ run_winshock() {
           outln
           return 0
      fi
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -19039,7 +19039,7 @@ run_robot() {
      [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability " && outln
      pr_bold " ROBOT                                     "
 
-     if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
+     if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
           prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
           return 1
      fi
@@ -21400,7 +21400,6 @@ determine_sizelimitbug() {
 
      # For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
      # Fixme: find out whether we can't skip this in general for STARTTLS
-     [[ "$STARTTLS" =~ ldap ]] && return 0
      [[ "$STARTTLS" =~ irc ]] && return 0
 
      # Only with TLS 1.2 offered at the server side it is possible to hit this bug, in practice. Thus

From 05d94fa0198a8143f750ce1aafbaa8a32fa986e4 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 31 Jan 2022 11:05:52 +0100
Subject: [PATCH 12/33] Update documentation

* remove hint that LDAP only works with STARTTLS
* Add the relevant LDAP RFC for STARTTLS
* Amend with sieve RFC
* Correct numbering order of RFC section
---
 doc/testssl.1      | 604 +++++++++++++++++++++++++++++++++++++++
 doc/testssl.1.html | 687 +++++++++++++++++++++++++++++++++++++++++++++
 doc/testssl.1.md   |  55 ++--
 3 files changed, 1313 insertions(+), 33 deletions(-)
 create mode 100644 doc/testssl.1
 create mode 100644 doc/testssl.1.html

diff --git a/doc/testssl.1 b/doc/testssl.1
new file mode 100644
index 0000000..0e7fb0c
--- /dev/null
+++ b/doc/testssl.1
@@ -0,0 +1,604 @@
+.\" generated with Ronn-NG/v0.9.1
+.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
+.TH "TESTSSL" "1" "December 2021" ""
+.SH "NAME"
+\fBtestssl\fR
+.SH "NAME"
+testssl\.sh \-\- check encryption of SSL/TLS servers
+.SH "SYNOPSIS"
+\fBtestssl\.sh [OPTIONS] <URI>\fR, \fBtestssl\.sh [OPTIONS] \-\-file <FILE>\fR
+.P
+or
+.P
+\fBtestssl\.sh [BANNER OPTIONS]\fR
+.SH "DESCRIPTION"
+testssl\.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as cryptographic flaws and much more\.
+.P
+The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad\. The (screen) output has several sections in which classes of checks are being performed\. To ease readability on the screen it aligns and indents the output properly\.
+.P
+Only you see the result\. You also can use it internally on your LAN\. Except DNS lookups or unless you instruct testssl\.sh to check for revocation of certificates it doesn't use any other hosts or even third parties for any test\.
+.SH "REQUIREMENTS"
+Testssl\.sh is out of the box portable: it runs under any Unix\-like stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux, Cygwin and MSYS2\. \fBbash\fR is a prerequisite, also version 3 is still supported\. Standard utilities like awk, sed, tr and head are also needed\. This can be of a BSD, System 5 or GNU flavor whereas grep from System V is not yet supported\.
+.P
+Any OpenSSL or LibreSSL version is needed as a helper\. Unlike previous versions of testssl\.sh almost every check is done via (TCP) sockets\. In addition statically linked OpenSSL binaries for major operating systems are supplied in \fB\./bin/\fR\.
+.SH "GENERAL"
+\fBtestssl\.sh URI\fR as the default invocation does the so\-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen\. It does every check listed below except \fB\-E\fR which are (order of appearance):
+.P
+0) displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup\. Last but not least a service check is being done\.
+.P
+1) SSL/TLS protocol check
+.P
+2) standard cipher categories
+.P
+3) server's cipher preferences (server order?)
+.P
+4) forward secrecy: ciphers and elliptical curves
+.P
+5) server defaults (certificate info, TLS extensions, session information)
+.P
+6) HTTP header (if HTTP detected or being forced via \fB\-\-assume\-http\fR)
+.P
+7) vulnerabilities
+.P
+8) testing each of 370 preconfigured ciphers
+.P
+8) client simulation
+.P
+9) rating
+.SH "OPTIONS AND PARAMETERS"
+Options are either short or long options\. Any long or short option requiring a value can be called with or without an equal sign\. E\.g\. \fBtestssl\.sh \-t=smtp \-\-wide \-\-openssl=/usr/bin/openssl <URI>\fR (short options with equal sign) is equivalent to \fBtestssl\.sh \-\-starttls smtp \-\-wide \-\-openssl /usr/bin/openssl <URI>\fR (long option without equal sign)\. Some command line options can also be preset via ENV variables\. \fBWIDE=true OPENSSL=/usr/bin/openssl testssl\.sh \-\-starttls=smtp <URI>\fR would be the equivalent to the aforementioned examples\. Preference has the command line over any environment variables\.
+.P
+\fB<URI>\fR or \fB\-\-file <FILE>\fR always needs to be the last parameter\.
+.SS "BANNER OPTIONS (standalone)"
+\fB\-\-help\fR (or no arg) displays command line help
+.P
+\fB\-b, \-\-banner\fR displays testssl\.sh banner, including license, usage conditions, version of testssl\.sh, detected openssl version, its path to it, # of ciphers of openssl, its build date and the architecture\.
+.P
+\fB\-v, \-\-version\fR same as before
+.P
+\fB\-V [pattern], \-\-local [pattern]\fR pretty print all local ciphers supported by openssl version\. If a pattern is supplied it performs a match (ignore case) on any of the strings supplied in the wide output, see below\. The pattern will be searched in the any of the columns: hexcode, cipher suite name (OpenSSL or IANA), key exchange, encryption, bits\. It does a word pattern match for non\-numbers, for number just a normal match applies\. Numbers here are defined as [0\-9,A\-F]\. This means (attention: catch) that the pattern CBC is matched as non\-word, but AES as word\. This option also accepts \fB\-\-openssl=<path_to_openssl>\fR\.
+.SS "INPUT PARAMETERS"
+\fBURI\fR can be a hostname, an IPv4 or IPv6 address (restriction see below) or an URL\. IPv6 addresses need to be in square brackets\. For any given parameter port 443 is assumed unless specified by appending a colon and a port number\. The only preceding protocol specifier allowed is \fBhttps\fR\. You need to be aware that checks for an IP address might not hit the vhost you want\. DNS resolution (A/AAAA record) is being performed unless you have an \fB/etc/hosts\fR entry for the hostname\.
+.P
+\fB\-\-file <fname>\fR or the equivalent \fB\-iL <fname>\fR are mass testing options\. Per default it implicitly turns on \fB\-\-warnings batch\fR\. In its first incarnation the mass testing option reads command lines from \fBfname\fR\. \fBfname\fR consists of command lines of testssl, one line per instance\. Comments after \fB#\fR are ignored, \fBEOF\fR signals the end of fname any subsequent lines will be ignored too\. You can also supply additional options which will be inherited to each child, e\.g\. When invoking \fBtestssl\.sh \-\-wide \-\-log \-\-file <fname>\fR \. Each single line in \fBfname\fR is parsed upon execution\. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer\. In parallel mode the mileage varies, likely a line won't be scanned\.
+.P
+Alternatively \fBfname\fR can be in \fBnmap\fR's grep(p)able output format (\fB\-oG\fR)\. Only open ports will be considered\. Multiple ports per line are allowed\. The ports can be different and will be tested by testssl\.sh according to common practice in the internet, i\.e\. if nmap shows in its output an open port 25, automatically \fB\-t smtp\fR will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront\. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl\.sh\.
+.P
+Nmap's output always returns IP addresses and only if there's a PTR DNS record available a hostname\. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl\.sh does this automatically for you\. If the A record of the hostname matches the IP address, the hostname is used and not the IP address\. Please keep in mind that checks against an IP address might not hit the vhost you maybe were aiming at and thus it may lead to different results\.
+.P
+A typical internal conversion to testssl\.sh file format from nmap's grep(p)able format could look like:
+.P
+\fB10\.10\.12\.16:443 10\.10\.12\.16:1443 \-t smtp host\.example\.com:25 host\.example\.com:443 host\.example\.com:631 \-t ftp 10\.10\.12\.11:21 10\.10\.12\.11:8443\fR Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won't be accepted\. Instead of the command line switch the environment variable FNAME will be honored too\.
+.P
+\fB\-\-mode <serial|parallel>\fR\. Mass testing to be done serial (default) or parallel (\fB\-\-parallel\fR is shortcut for the latter, \fB\-\-serial\fR is the opposite option)\. Per default mass testing is being run in serial mode, i\.e\. one line after the other is processed and invoked\. The variable \fBMASS_TESTING_MODE\fR can be defined to be either equal \fBserial\fR or \fBparallel\fR\.
+.P
+\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn't wait for a confirming keypress when a client\- or server\-side problem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
+.P
+\fB\-\-connect\-timeout <seconds>\fR This is useful for socket TCP connections to a node\. If the node does not complete a TCP handshake (e\.g\. because it is down or behind a firewall or there's an IDS or a tarpit) testssl\.sh may usually hang for around 2 minutes or even much more\. This parameter instructs testssl\.sh to wait at most \fBseconds\fR for the handshake to complete before giving up\. This option only works if your OS has a timeout binary installed\. CONNECT_TIMEOUT is the corresponding environment variable\.
+.P
+\fB\-\-openssl\-timeout <seconds>\fR This is especially useful for all connects using openssl and practically useful for mass testing\. It avoids the openssl connect to hang for ~2 minutes\. The expected parameter \fBseconds\fR instructs testssl\.sh to wait before the openssl connect will be terminated\. The option is only available if your OS has a timeout binary installed\. As there are different implementations of \fBtimeout\fR: It automatically calls the binary with the right parameters\. OPENSSL_TIMEOUT is the equivalent environment variable\.
+.P
+\fB\-\-basicauth <user:pass>\fR This can be set to provide HTTP basic auth credentials which are used during checks for security headers\. BASICAUTH is the ENV variable you can use instead\.
+.P
+\fB\-\-reqheader <header>\fR This can be used to add additional HTTP request headers in the correct format \fBHeadername: headercontent\fR\. This parameter can be called multiple times if required\. For example: \fB\-\-reqheader 'Proxy\-Authorization: Basic dGVzdHNzbDpydWxlcw==' \-\-reqheader 'ClientID: 0xDEADBEAF'\fR\. REQHEADER is the corresponding environment variable\.
+.SS "SPECIAL INVOCATIONS"
+\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with \fB\-\-ssl\-native\fR\. \fBirc\fR is WIP\.
+.P
+\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
+.P
+\fB\-\-mx <domain|host>\fR tests all MX records (STARTTLS on port 25) from high to low priority, one after the other\.
+.P
+\fB\-\-ip <ip>\fR tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in \fB<URI>\fR\. IPv6 addresses need to be supplied in square brackets\. \fB\-\-ip=one\fR means: just test the first A record DNS returns (useful for multiple IPs)\. If \fB\-6\fR and \fB\-\-ip=one\fR was supplied an AAAA record will be picked if available\. The \fB\-\-ip\fR option might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit \fB/etc/hosts\fR or \fB/c/Windows/System32/drivers/etc/hosts\fR\. \fB\-\-ip=proxy\fR tries a DNS resolution via proxy\.
+.P
+\fB\-\-proxy <host>:<port>\fR does ANY check via the specified proxy\. \fB\-\-proxy=auto\fR inherits the proxy setting from the environment\. The hostname supplied will be resolved to the first A record\. In addition if you want lookups via proxy you can specify \fBDNS_VIA_PROXY=true\fR\. OCSP revocation checking (\fB\-S \-\-phone\-out\fR) is not supported by OpenSSL via proxy\. As supplying a proxy is an indicator for port 80 and 443 outgoing being blocked in your network an OCSP revocation check won't be performed\. However if \fBIGN_OCSP_PROXY=true\fR has been supplied it will be tried directly\. Authentication to the proxy is not supported\. Proxying via IPv6 addresses is not possible, no HTTPS or SOCKS proxy is supported\.
+.P
+\fB\-6\fR does (also) IPv6 checks\. Please note that testssl\.sh doesn't perform checks on an IPv6 address automatically, because of two reasons: testssl\.sh does no connectivity checks for IPv6 and it cannot determine reliably whether the OpenSSL binary you're using has IPv6 s_client support\. \fB\-6\fR assumes both is the case\. If both conditions are met and you in general prefer to test for IPv6 branches as well you can add \fBHAS_IPv6\fR to your shell environment\. Besides the OpenSSL binary supplied IPv6 is known to work with vanilla OpenSSL >= 1\.1\.0 and older versions >=1\.0\.2 in RHEL/CentOS/FC and Gentoo\.
+.P
+\fB\-\-ssl\-native\fR Instead of using a mixture of bash sockets and a few openssl s_client connects, testssl\.sh uses the latter (almost) only\. This is faster at the moment but provides less accurate results, especially for the client simulation and for cipher support\. For all checks you will see a warning if testssl\.sh cannot tell if a particular check cannot be performed\. For some checks however you might end up getting false negatives without a warning\. This option is only recommended if you prefer speed over accuracy or you know that your target has sufficient overlap with the protocols and cipher provided by your openssl binary\.
+.P
+\fB\-\-openssl <path_to_openssl>\fR testssl\.sh tries very hard to find automagically the binary supplied (where the tree of testssl\.sh resides, from the directory where testssl\.sh has been started from, etc\.)\. If all that doesn't work it falls back to openssl supplied from the OS (\fB$PATH\fR)\. With this option you can point testssl\.sh to your binary of choice and override any internal magic to find the openssl binary\. (Environment preset via \fBOPENSSL=<path_to_openssl>\fR)\.
+.SS "TUNING OPTIONS"
+\fB\-\-bugs\fR does some workarounds for buggy servers like padding for old F5 devices\. The option is passed as \fB\-bug\fR to openssl when needed, see \fBs_client(1)\fR, environment preset via \fBBUGS="\-bugs"\fR (1x dash)\. For the socket part testssl\.sh has always workarounds in place to cope with broken server implementations\.
+.P
+\fB\-\-assuming\-http\fR testssl\.sh normally does upfront an application protocol detection\. In cases where HTTP cannot be automatically detected you may want to use this option\. It enforces testssl\.sh not to skip HTTP specific tests (HTTP header) and to run a browser based client simulation\. Please note that sometimes also the severity depends on the application protocol, e\.g\. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server\.
+.P
+\fB\-n, \-\-nodns <min|none>\fR tells testssl\.sh which DNS lookups should be performed\. \fBmin\fR uses only forward DNS resolution (A and AAAA record or MX record) and skips CAA lookups and PTR records from the IP address back to a DNS name\. \fBnone\fR performs no DNS lookups at all\. For the latter you either have to supply the IP address as a target, to use \fB\-\-ip\fR or have the IP address in \fB/etc/hosts\fR\. The use of the switch is only useful if you either can't or are not willing to perform DNS lookups\. The latter can apply e\.g\. to some pentests\. In general this option could e\.g\. help you to avoid timeouts by DNS lookups\. \fBNODNS\fR is the environment variable for this\.
+.P
+\fB\-\-sneaky\fR For HTTP header checks testssl\.sh uses normally the server friendly HTTP user agent \fBTLS tester from ${URL}\fR\. With this option your traces are less verbose and a Firefox user agent is being used\. Be aware that it doesn't hide your activities\. That is just not possible (environment preset via \fBSNEAKY=true\fR)\.
+.P
+\fB\-\-user\-agent <user agent>\fR tells testssl\.sh to use the supplied HTTP user agent instead of the standard user agent \fBTLS tester from ${URL}\fR\.
+.P
+\fB\-\-ids\-friendly\fR is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS\. This switch skips tests for the following vulnerabilities: Heartbleed, CCS Injection, Ticketbleed and ROBOT\. The environment variable OFFENSIVE set to false will achieve the same result\. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK\.
+.P
+\fB\-\-phone\-out\fR Checking for revoked certificates via CRL and OCSP is not done per default\. This switch instructs testssl\.sh to query external \-\- in a sense of the current run \-\- URIs\. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl\.sh doesn't handle\. PHONE_OUT is the environment variable for this which needs to be set to true if you want this\.
+.P
+\fB\-\-add\-ca <CAfile>\fR enables you to add your own CA(s) in PEM format for trust chain checks\. \fBCAfile\fR can be a directory containing files with a \.pem extension, a single file or multiple files as a comma separated list of root CAs\. Internally they will be added during runtime to all CA stores\. This is (only) useful for internal hosts whose certificates are issued by internal CAs\. Alternatively ADDTL_CA_FILES is the environment variable for this\.
+.SS "SINGLE CHECK OPTIONS"
+Any single check switch supplied as an argument prevents testssl\.sh from doing a default run\. It just takes this and if supplied other options and runs them \- in the order they would also appear in the default run\.
+.P
+\fB\-e, \-\-each\-cipher\fR checks each of the (currently configured) 370 ciphers via openssl + sockets remotely on the server and reports back the result in wide mode\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. Per default it lists the following parameters: \fBhexcode\fR, \fBOpenSSL cipher suite name\fR, \fBkey exchange\fR, \fBencryption bits\fR, \fBIANA/RFC cipher suite name\fR\. Please note the \fB\-\-mapping\fR parameter changes what cipher suite names you will see here and at which position\. Also please note that the \fBbit\fR length for the encryption is shown and not the \fBsecurity\fR length, albeit it'll be sorted by the latter\. For 3DES due to the Meet\-in\-the\-Middle problem the bit size of 168 bits is equivalent to the security size of 112 bits\.
+.P
+\fB\-E, \-\-cipher\-per\-proto\fR is similar to \fB\-e, \-\-each\-cipher\fR\. It checks each of the possible ciphers, here: per protocol\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. The output is sorted by security strength, it lists the encryption bits though\.
+.P
+\fB\-s, \-\-std, \-\-categories\fR tests certain lists of cipher suites / cipher categories by strength\. (\fB\-\-standard\fR is deprecated\.) Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:)
+.IP "\[ci]" 4
+\fBNULL encryption ciphers\fR: 'NULL:eNULL'
+.IP "\[ci]" 4
+\fBAnonymous NULL ciphers\fR: 'aNULL:ADH'
+.IP "\[ci]" 4
+\fBExport ciphers\fR (w/o the preceding ones): 'EXPORT:!ADH:!NULL'
+.IP "\[ci]" 4
+\fBLOW\fR (64 Bit + DES ciphers, without EXPORT ciphers): 'LOW:DES:RC2:RC4:!ADH:!EXP:!NULL:!eNULL'
+.IP "\[ci]" 4
+\fB3DES + IDEA Ciphers\fR: '3DES:IDEA:!aNULL:!ADH'
+.IP "\[ci]" 4
+\fBAverage grade Ciphers\fR: 'HIGH:MEDIUM:AES:CAMELLIA:ARIA:!IDEA:!CHACHA20:!3DES:!RC2:!RC4:!AESCCM8:!AESCCM:!AESGCM:!ARIAGCM:!aNULL'
+.IP "\[ci]" 4
+\fBStrong grade Ciphers\fR (AEAD): 'AESGCM:CHACHA20:CamelliaGCM:AESCCM8:AESCCM'
+.IP "" 0
+.P
+\fB\-f, \-\-fs, \-\-nsa, \-\-forward\-secrecy\fR Checks robust forward secrecy key exchange\. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here\. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks\. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1\.2 and TLS 1\.3)\.
+.P
+\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 through TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (from 18 on) and final are supported and being tested for\.
+.P
+\fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there's not, it displays instead which ciphers from the server were picked with each protocol\.
+.P
+\fB\-S, \-\-server_defaults\fR displays information from the server hello(s):
+.IP "\[ci]" 4
+Available TLS extensions,
+.IP "\[ci]" 4
+TLS ticket + session ID information/capabilities,
+.IP "\[ci]" 4
+session resumption capabilities,
+.IP "\[ci]" 4
+Time skew relative to localhost (most server implementations return random values)\.
+.IP "\[ci]" 4
+Several certificate information
+.IP "\[ci]" 4
+signature algorithm,
+.IP "\[ci]" 4
+key size,
+.IP "\[ci]" 4
+key usage and extended key usage,
+.IP "\[ci]" 4
+fingerprints and serial
+.IP "\[ci]" 4
+Common Name (CN), Subject Alternative Name (SAN), Issuer,
+.IP "\[ci]" 4
+Trust via hostname + chain of trust against supplied certificates
+.IP "\[ci]" 4
+EV certificate detection
+.IP "\[ci]" 4
+experimental "eTLS" detection
+.IP "\[ci]" 4
+validity: start + end time, how many days to go (warning for certificate lifetime >=5 years)
+.IP "\[ci]" 4
+revocation info (CRL, OCSP, OCSP stapling + must staple)\. When \fB\-\-phone\-out\fR supplied it checks against the certificate issuer whether the host certificate has been revoked (plain OCSP, CRL)\.
+.IP "\[ci]" 4
+displaying DNS Certification Authority Authorization resource record
+.IP "\[ci]" 4
+Certificate Transparency info (if provided by server)\.
+.IP "" 0
+
+.IP "" 0
+.P
+For the trust chain check 5 certificate stores are provided\. If the test against one of the trust stores failed, the one is being identified and the reason for the failure is displayed \- in addition the ones which succeeded are displayed too\. You can configure your own CA via ADDTL_CA_FILES, see section \fBFILES\fR below\. If the server provides no matching record in Subject Alternative Name (SAN) but in Common Name (CN), it will be indicated as this is deprecated\. Also for multiple server certificates are being checked for as well as for the certificate reply to a non\-SNI (Server Name Indication) client hello to the IP address\. Regarding the TLS clock skew: it displays the time difference to the client\. Only a few TLS stacks nowadays still support this and return the local clock \fBgmt_unix_time\fR, e\.g\. IIS, openssl < 1\.0\.1f\. In addition to the HTTP date you could e\.g\. derive that there are different hosts where your TLS and your HTTP request ended \-\- if the time deltas differ significantly\.
+.P
+\fB\-x <pattern>, \-\-single\-cipher <pattern>\fR tests matched \fBpattern\fR of ciphers against a server\. Patterns are similar to \fB\-V pattern , \-\-local pattern\fR, see above about matching\.
+.P
+\fB\-h, \-\-header, \-\-headers\fR if the service is HTTP (either by detection or by enforcing via \fB\-\-assume\-http\fR\. It tests several HTTP headers like
+.IP "\[ci]" 4
+HTTP Strict Transport Security (HSTS)
+.IP "\[ci]" 4
+HTTP Public Key Pinning (HPKP)
+.IP "\[ci]" 4
+Server banner
+.IP "\[ci]" 4
+HTTP date+time
+.IP "\[ci]" 4
+Server banner like Linux or other Unix vendor headers
+.IP "\[ci]" 4
+Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc)
+.IP "\[ci]" 4
+Reverse proxy headers
+.IP "\[ci]" 4
+Web server modules
+.IP "\[ci]" 4
+IPv4 address in header
+.IP "\[ci]" 4
+Cookie (including Secure/HTTPOnly flags)
+.IP "\[ci]" 4
+Decodes BIG IP F5 non\-encrypted cookies
+.IP "\[ci]" 4
+Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\|\.\|\.\|\. , CSP headers)\. Nonsense is not yet detected here\.
+.IP "" 0
+.P
+\fB\-c, \-\-client\-simulation\fR This simulates a handshake with a number of standard clients so that you can figure out which client cannot or can connect to your site\. For the latter case the protocol, cipher and curve is displayed, also if there's Forward Secrecy\. testssl\.sh uses a handselected set of clients which are retrieved by the SSLlabs API\. The output is aligned in columns when combined with the \fB\-\-wide\fR option\. If you want the full nine yards of clients displayed use the environment variable ALL_CLIENTS\.
+.P
+\fB\-g, \-\-grease\fR checks several server implementation bugs like tolerance to size limitations and GREASE, see RFC 8701\. This check doesn't run per default\.
+.SS "VULNERABILITIES"
+\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
+.P
+\fB\-H, \-\-heartbleed\fR Checks for Heartbleed, a memory leakage in openssl\. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout\. The seconds to wait for a reply can be adjusted with \fBHEARTBLEED_MAX_WAITSOCK\fR\. 8 is the default\.
+.P
+\fB\-I, \-\-ccs, \-\-ccs\-injection\fR Checks for CCS Injection which is an openssl vulnerability\. Sometimes also here the check needs to wait for a reply\. The predefined timeout of 5 seconds can be changed with the environment variable \fBCCS_MAX_WAITSOCK\fR\.
+.P
+\fB\-T, \-\-ticketbleed\fR Checks for Ticketbleed memory leakage in BigIP loadbalancers\.
+.P
+\fB\-\-BB, \-\-robot\fR Checks for vulnerability to ROBOT / (\fIReturn Of Bleichenbacher's Oracle Threat\fR) attack\.
+.P
+\fB\-\-SI, \-\-starttls\-injection\fR Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only)\. \fBsocat\fR and OpenSSL >=1\.1\.0 is needed\.
+.P
+\fB\-R, \-\-renegotiation\fR Tests renegotiation vulnerabilities\. Currently there's a check for \fISecure Renegotiation\fR and for \fISecure Client\-Initiated Renegotiation\fR\. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP)\. A check for \fIInsecure Client\-Initiated Renegotiation\fR is not yet implemented\.
+.P
+\fB\-C, \-\-compression, \-\-crime\fR Checks for CRIME (\fICompression Ratio Info\-leak Made Easy\fR) vulnerability in TLS\. CRIME in SPDY is not yet being checked for\.
+.P
+\fB\-B, \-\-breach\fR Checks for BREACH (\fIBrowser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext\fR) vulnerability\. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``\-\-assume\-http`\. Please note that only the URL supplied (normally "/" ) is being tested\.
+.P
+\fB\-O, \-\-poodle\fR Tests for SSL POODLE (\fIPadding Oracle On Downgraded Legacy Encryption\fR) vulnerability\. It basically checks for the existence of CBC ciphers in SSLv3\.
+.P
+\fB\-Z, \-\-tls\-fallback\fR Checks TLS_FALLBACK_SCSV mitigation\. TLS_FALLBACK_SCSV is basically a ciphersuite appended to the Client Hello trying to prevent protocol downgrade attacks by a Man in the Middle\.
+.P
+\fB\-W, \-\-sweet32\fR Checks for vulnerability to SWEET32 by testing 64 bit block ciphers (3DES, RC2 and IDEA)\.
+.P
+\fB\-F, \-\-freak\fR Checks for FREAK vulnerability (\fIFactoring RSA Export Keys\fR) by testing for EXPORT RSA ciphers
+.P
+\fB\-D, \-\-drown\fR Checks for DROWN vulnerability (\fIDecrypting RSA with Obsolete and Weakened eNcryption\fR) by checking whether the SSL 2 protocol is available at the target\. Please note that if you use the same RSA certificate elsewhere you might be vulnerable too\. testssl\.sh doesn't check for this but provides a helpful link @ censys\.io which provides this service\.
+.P
+\fB\-J, \-\-logjam\fR Checks for LOGJAM vulnerability by checking for DH EXPORT ciphers\. It also checks for "common primes" which are preconfigured DH keys\. DH keys =< 1024 Bit will be penalized\. Also FFDHE groups (TLS 1\.2) will be displayed here\.
+.P
+\fB\-A, \-\-beast\fR Checks BEAST vulnerabilities in SSL 3 and TLS 1\.0 by testing the usage of CBC ciphers\.
+.P
+\fB\-L, \-\-lucky13\fR Checks for LUCKY13 vulnerability\. It checks for the presence of CBC ciphers in TLS versions 1\.0 \- 1\.2\.
+.P
+\fB\-WS, \-\-winshock\fR Checks for Winshock vulnerability\. It tests for the absence of a lot of ciphers, some TLS extensions and ec curves which were introduced later in Windows\. In the end the server banner is being looked at\.
+.P
+\fB\-4, \-\-rc4, \-\-appelbaum\fR Checks which RC4 stream ciphers are being offered\.
+.SS "OUTPUT OPTIONS"
+\fB\-q, \-\-quiet\fR Normally testssl\.sh displays a banner on stdout with several version information, usage rights and a warning\. This option suppresses it\. Please note that by choosing this option you acknowledge usage terms and the warning normally appearing in the banner\.
+.P
+\fB\-\-wide\fR Except the "each cipher output" all tests displays the single cipher name (scheme see below)\. This option enables testssl\.sh to display also for the following sections the same output as for testing each ciphers: BEAST, FS, RC4\. The client simulation has also a wide mode\. The difference here is restricted to a column aligned output and a proper headline\. The environment variable \fBWIDE\fR can be used instead\.
+.P
+\fB\-\-mapping <openssl|iana|no\-openssl|no\-iana>\fR
+.IP "\[ci]" 4
+\fBopenssl\fR: use the OpenSSL cipher suite name as the primary name cipher suite name form (default),
+.IP "\[ci]" 4
+\fBiana\fR: use the IANA cipher suite name as the primary name cipher suite name form\.
+.IP "\[ci]" 4
+\fBno\-openssl\fR: don't display the OpenSSL cipher suite name, display IANA names only\.
+.IP "\[ci]" 4
+\fBno\-iana\fR: don't display the IANA cipher suite name, display OpenSSL names only\.
+.IP "" 0
+.P
+Please note that in testssl\.sh 3\.0 you can still use \fBrfc\fR instead of \fBiana\fR and \fBno\-rfc\fR instead of \fBno\-iana\fR but it'll disappear after 3\.0\.
+.P
+\fB\-\-show\-each\fR This is an option for all wide modes only: it displays all ciphers tested \-\- not only succeeded ones\. \fBSHOW_EACH_C\fR is your friend if you prefer to set this via the shell environment\.
+.P
+\fB\-\-color <0|1|2|3>\fR determines the use of colors on the screen and in the log file: \fB2\fR is the default and makes use of ANSI and termcap escape codes on your terminal\. \fB1\fR just uses non\-colored mark\-up like bold, italics, underline, reverse\. \fB0\fR means no mark\-up at all = no escape codes\. This is also what you want when you want a log file without any escape codes\. \fB3\fR will color ciphers and EC according to an internal (not yet perfect) rating\. Setting the environment variable \fBCOLOR\fR to the value achieves the same result\. Please not that OpenBSD and early FreeBSD do not support italics\.
+.P
+\fB\-\-colorblind\fR Swaps green and blue colors in the output, so that this percentage of folks (up to 8% of males, see https://en\.wikipedia\.org/wiki/Color_blindness) can distinguish those findings better\. \fBCOLORBLIND\fR is the according variable if you want to set this in the environment\.
+.P
+\fB\-\-debug <0\-6>\fR This gives you additional output on the screen (2\-6), only useful for debugging\. \fBDEBUG\fR is the according environment variable which you can use\. There are six levels (0 is the default, thus it has no effect):
+.IP "1." 4
+screen output normal but leaves useful debug output in \fB/tmp/testssl\.XXXXXX/\fR \. The info about the exact directory is included in the screen output in the end of the run\.
+.IP "2." 4
+lists more what's going on, status (high level) and connection errors, a few general debug output
+.IP "3." 4
+even slightly more info: hexdumps + other info
+.IP "4." 4
+display bytes sent via sockets
+.IP "5." 4
+display bytes received via sockets
+.IP "6." 4
+whole 9 yards
+.IP "" 0
+.P
+\fB\-\-disable\-rating\fR disables rating\. Rating automatically gets disabled, to not give a wrong or misleading grade, when not all required functions are executed (e\.g when checking for a single vulnerabilities)\.
+.SS "FILE OUTPUT OPTIONS"
+\fB\-\-log, \-\-logging\fR Logs stdout also to \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.log\fR in current working directory of the shell\. Depending on the color output option (see above) the output file will contain color and other markup escape codes, unless you specify \fB\-\-color 0\fR too\. \fBcat\fR and \-\- if properly configured \fBless\fR \-\- will show the output properly formatted on your terminal\. The output shows a banner with the almost the same information as on the screen\. In addition it shows the command line of the testssl\.sh instance\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. You can override the width with the environment variable TERM_WIDTH\.
+.P
+\fB\-\-logfile <logfile>\fR or \fB\-oL <logfile>\fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fBlogfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.log\fR\. If \fBlogfile\fR is a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. You can override the width with the environment variable TERM_WIDTH\.
+.P
+\fB\-\-json\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\-pretty\fR flat \-\- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The output doesn't contain a banner or a footer\.
+.P
+\fB\-\-jsonfile <jsonfile>\fR or \fB\-oj <jsonfile>\fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fBjsonfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\. If\fRjsonfile` is a file it will use that file name, an absolute path is also permitted here\.
+.P
+\fB\-\-json\-pretty\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json in the current working directory of the shell\. The resulting JSON file is opposed to\fR\-\-json` non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time\. Then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The footer lists the scan time in seconds\.
+.P
+\fB\-\-jsonfile\-pretty <jsonfile>\fR or \fB\-oJ <jsonfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
+.P
+\fB\-\-csv\fR Logs additionally to a CSV file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.csv\fR in the current working directory of the shell\. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity, the finding and for vulnerabilities a CVE and CWE number)\.
+.P
+\fB\-\-csvfile <csvfile>\fR or \fB\-oC <csvfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
+.P
+\fB\-\-html\fR Logs additionally to an HTML file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.html\fR in the current working directory of the shell\. It contains a 1:1 output of the console\. In former versions there was a non\-native option to use "aha" (Ansi HTML Adapter: github\.com/theZiz/aha) like \fBtestssl\.sh [options] <URI> | aha >output\.html\fR\. This is not necessary anymore\.
+.P
+\fB\-\-htmlfile <htmlfile>\fR or \fB\-oH <htmlfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\.
+.P
+\fB\-oA <filename>\fR / \fB\-\-outFile <filename>\fR Similar to nmap it does a file output to all available file formats: LOG, JSON pretty, CSV, HTML\. If the filename supplied is equal \fBauto\fR the filename is automatically generated using '${NODE}\-p${port}${YYYYMMDD\-HHMM}\.${EXT}' with the according extension\. If a directory is provided all output files will put into \fB<filename>/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.{log,json,csv,html}\fR\.
+.P
+\fB\-oa <filename>\fR / \fB\-\-outfile <filename>\fR Does the same as the previous option but uses flat JSON instead\.
+.P
+\fB\-\-hints\fR This option is not in use yet\. This option is meant to give hints how to fix a finding or at least a help to improve something\. GIVE_HINTS is the environment variable for this\.
+.P
+\fB\-\-severity <severity>\fR For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the \fBseverity\fR value specified\. Allowed are \fB<LOW|MEDIUM|HIGH|CRITICAL>\fR\. WARN is another level which translates to a client\-side scanning error or problem\. Thus you will always see them in a file if they occur\.
+.P
+\fB\-\-append\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will prompt you to manually remove the file and exit with an error\. \fB\-\-append\fR however will append to this file, without a header\. The environment variable APPEND does the same\. Be careful using this switch/variable\. A complementary option which overwrites an existing file doesn't exist per design\.
+.P
+\fB\-\-overwrite\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will not allow you to overwrite this file\. This option will do that \fBwithout any warning\fR\. The environment variable OVERWRITE does the same\. Be careful, you have been warned!
+.P
+\fB\-\-outprefix <fname_prefix>\fR Prepend output filename prefix \fIfname_prefix\fR before '${NODE}\-'\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB<fname_prefix>\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.<format>\fR when no file name of the respective output option was specified\. If you do not like the separator '\-' you can as well supply a \fB<fname_prefix>\fR ending in '\.', '_' or ','\. In this case or if you already supplied '\-' no additional '\-' will be appended to \fB<fname_prefix>\fR\.
+.P
+A few file output options can also be preset via environment variables\.
+.SS "COLOR RATINGS"
+Testssl\.sh makes use of (the eight) standard terminal colors\. The color scheme is as follows:
+.IP "\[ci]" 4
+light red: a critical finding
+.IP "\[ci]" 4
+red: a high finding
+.IP "\[ci]" 4
+brown: a medium finding
+.IP "\[ci]" 4
+yellow: a low finding
+.IP "\[ci]" 4
+green (blue if COLORBLIND is set): something which is either in general a good thing or a negative result of a check which otherwise results in a high finding
+.IP "\[ci]" 4
+light green (light blue if COLORBLIND is set) : something which is either in general a very good thing or a negative result of a check which otherwise results in a critical finding
+.IP "\[ci]" 4
+no color at places where also a finding can be expected: a finding on an info level
+.IP "\[ci]" 4
+cyan: currently only used for \fB\-\-show\-each\fR or an additional hint
+.IP "\[ci]" 4
+magenta: signals a warning condition, e\.g\. either a local lack of capabilities on the client side or another problem
+.IP "\[ci]" 4
+light magenta: a fatal error which either requires strict consent from the user to continue or a condition which leaves no other choice for testssl\.sh to quit
+.IP "" 0
+.P
+What is labeled as "light" above appears as such on the screen but is technically speaking "bold"\. Besides \fB\-\-color=3\fR will color ciphers according to an internal and rough rating\.
+.P
+Markup (without any color) is used in the following manner:
+.IP "\[ci]" 4
+bold: for the name of the test
+.IP "\[ci]" 4
+underline + bold: for the headline of each test section
+.IP "\[ci]" 4
+underline: for a sub\-headline
+.IP "\[ci]" 4
+italics: for strings just reflecting a value read from the server
+.IP "" 0
+.SS "TUNING via ENV variables and more options"
+Except the environment variables mentioned above which can replace command line options here a some which cannot be set otherwise\. Variables used for tuning are preset with reasonable values\. \fIThere should be no reason to change them\fR unless you use testssl\.sh under special conditions\.
+.IP "\[ci]" 4
+TERM_WIDTH is a variable which overrides the auto\-determined terminal width size\. Setting this variable normally only makes sense if you log the output to a file using the \fB\-\-log\fR, \fB\-\-logfile\fR or \fB\-oL\fR option\.
+.IP "\[ci]" 4
+DEBUG_ALLINONE / SETX: when setting one of those to true testssl\.sh falls back to the standard bash behavior, i\.e\. calling \fBbash \-x testssl\.sh\fR it displays the bash debugging output not in an external file \fB/tmp/testssl\-<XX>\.log\fR
+.IP "\[ci]" 4
+DEBUGTIME: Profiling option\. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in \fB/tmp/testssl\-<XX>\.time\fR\. They need to be concatenated by \fBpaste /tmp/testssl\-<XX>\.{time,log}\fR [comment]: # * FAST_SOCKET [comment]: # * SHOW_SIGALGO [comment]: # * FAST
+.IP "\[ci]" 4
+EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier\. In released versions this has no effect\.
+.IP "\[ci]" 4
+ALL_CLIENTS=true runs a client simulation with \fIall\fR (currently 126) clients when testing HTTP\.
+.IP "\[ci]" 4
+UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses
+.IP "\[ci]" 4
+NO_ENGINE: if you have problems with garbled output containing the word 'engine' you might want to set this to true\. It forces testssl\.sh not try to configure openssl's engine or a non existing one from libressl
+.IP "\[ci]" 4
+HEADER_MAXSLEEP: To wait how long before killing the process to retrieve a service banner / HTTP header
+.IP "\[ci]" 4
+MAX_WAITSOCK: It instructs testssl\.sh to wait until the specified time before declaring a socket connection dead\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
+.IP "\[ci]" 4
+CCS_MAX_WAITSOCK Is the similar to above but applies only to the CCS handshakes, for both of the two the two CCS payload\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
+.IP "\[ci]" 4
+HEARTBLEED_MAX_WAITSOCK Is the similar to MAX_WAITSOCK but applies only to the ServerHello after sending the Heartbleed payload\. Don't change this unless you're absolutely sure what you're doing\. Value is in seconds\.
+.IP "\[ci]" 4
+MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false\.
+.IP "\[ci]" 4
+STARTTLS_SLEEP is per default set to 10 (seconds)\. That's the value testssl\.sh waits for a string in the STARTTLS handshake before giving up\.
+.IP "\[ci]" 4
+MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode\. The default value of 20 may be made larger on systems with faster processors\.
+.IP "\[ci]" 4
+MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete\. The default is 1200\. [comment]: # USLEEP_SND [comment]: # USLEEP_REC
+.IP "\[ci]" 4
+HSTS_MIN is preset to 179 (days)\. If you want warnings sooner or later for HTTP Strict Transport Security you can change this\.
+.IP "\[ci]" 4
+HPKP_MIN is preset to 30 (days)\. If you want warnings sooner or later for HTTP Public Key Pinning you can change this
+.IP "\[ci]" 4
+DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days)\. For Let's Encrypt this value will be divided internally by 2\.
+.IP "\[ci]" 4
+DAYS2WARN2 is the second threshold when you'll be warning of a certificate expiration of a host, preset to 30 (days)\. For Let's Encrypt this value will be divided internally by 2\.
+.IP "\[ci]" 4
+TESTSSL_INSTALL_DIR is the derived installation directory of testssl\.sh\. Relatively to that the \fBbin\fR and mandatory \fBetc\fR directory will be looked for\.
+.IP "\[ci]" 4
+CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl\.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl\.sh will use\. Please note that it overrides completely the builtin path of testssl\.sh which means that you will only test against the bundles you point to\. Also you might want to use \fB~/utils/create_ca_hashes\.sh\fR to create the hashes for HPKP\.
+.IP "\[ci]" 4
+MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connection may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fIFatal error: repeated openssl s_client connect problem, doesn't make sense to continue\fR\.
+.IP "\[ci]" 4
+MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fIFatal error: repeated TCP connect problems, giving up\fR\.
+.IP "\[ci]" 4
+MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\. Also here you can increase the threshold when you spot messages like \fIFatal error: repeated HTTP header connect problems, doesn't make sense to continue\fR\.
+.IP "" 0
+.SS "RATING"
+This program has a near\-complete implementation of SSL Labs's 'SSL Server Rating Guide \fIhttps://github\.com/ssllabs/research/wiki/SSL\-Server\-Rating\-Guide\fR'\.
+.P
+This is \fInot\fR a 100% reimplementation of the SSL Lab's SSL Server Test \fIhttps://www\.ssllabs\.com/ssltest/analyze\.html\fR, but an implementation of the above rating specification, slight discrepancies may occur\. Please note that for now we stick to the SSL Labs rating as good as possible\. We are not responsible for their rating\. Before filing issues please inspect their Rating Guide\.
+.P
+Disclaimer: Having a good grade is \fBNOT\fR necessarily equal to having good security! Don't start a competition for the best grade, at least not without monitoring the client handshakes and not without adding a portion of good sense to it\. Please note STARTTLS always results in a grade cap to T\. Anything else would lead to a false sense of security \- at least until we test for DANE or MTA\-STS\.
+.P
+As of writing, these checks are missing: * GOLDENDOODLE \- should be graded \fBF\fR if vulnerable * Insecure renegotiation \- should be graded \fBF\fR if vulnerable * Padding oracle in AES\-NI CBC MAC check (CVE\-2016\-2107) \- should be graded \fBF\fR if vulnerable * Sleeping POODLE \- should be graded \fBF\fR if vulnerable * Zero Length Padding Oracle (CVE\-2019\-1559) \- should be graded \fBF\fR if vulnerable * Zombie POODLE \- should be graded \fBF\fR if vulnerable * All remaining old Symantec PKI certificates are distrusted \- should be graded \fBT\fR * Symantec certificates issued before June 2016 are distrusted \- should be graded \fBT\fR * Anonymous key exchange \- should give \fB0\fR points in \fBset_key_str_score()\fR * Exportable key exchange \- should give \fB40\fR points in \fBset_key_str_score()\fR * Weak key (Debian OpenSSL Flaw) \- should give \fB0\fR points in \fBset_key_str_score()\fR
+.P
+To implement a new grading cap, simply call the \fBset_grade_cap()\fR function, with the grade and a reason: \fBbash set_grade_cap "D" "Vulnerable to documentation"\fR To implement a new grade warning, simply call the \fBset_grade_warning()\fR function, with a message: \fBbash set_grade_warning "Documentation is always right"\fR #### Implementing a new check which contains grade caps When implementing a new check (be it vulnerability or not) that sets grade caps, the \fBset_rating_state()\fR has to be updated (i\.e\. the \fB$do_mycheck\fR variable\-name has to be added to the loop, and \fB$nr_enabled\fR if\-statement has to be incremented)
+.P
+The \fBset_rating_state()\fR automatically disables rating, if all the required checks are \fInot\fR enabled\. This is to prevent giving out a misleading or wrong grade\.
+.P
+When a new revision of the rating specification comes around, the following has to be done: * New grade caps has to be either: 1\. Added to the script wherever relevant, or 2\. Added to the above list of missing checks (if above is not possible) * New grade warnings has to be added wherever relevant * The revision output in \fBrun_rating()\fR function has to updated
+.SH "EXAMPLES"
+.nf
+  testssl\.sh testssl\.sh
+.fi
+.P
+does a default run on https://testssl\.sh (protocols, standard cipher lists, server's cipher preferences, forward secrecy, server defaults, vulnerabilities, client simulation, and rating\.
+.IP "" 4
+.nf
+  testssl\.sh testssl\.net:443
+.fi
+.IP "" 0
+.P
+does the same default run as above with the subtle difference that testssl\.net has two IPv4 addresses\. Both are tested\.
+.IP "" 4
+.nf
+  testssl\.sh \-\-ip=one \-\-wide https://testssl\.net:443
+.fi
+.IP "" 0
+.P
+does the same checks as above, with the difference that one IP address is being picked randomly\. Displayed is everything where possible in wide format\.
+.IP "" 4
+.nf
+  testssl\.sh \-6 https://testssl\.net
+.fi
+.IP "" 0
+.P
+As opposed to the first example it also tests the IPv6 part \-\- supposed you have an IPv6 network and your openssl supports IPv6 (see above)\.
+.IP "" 4
+.nf
+  testssl\.sh \-t smtp smtp\.gmail\.com:25
+.fi
+.IP "" 0
+.P
+Checks are done via a STARTTLS handshake on the plain text port 25\. It checks every IP on smtp\.gmail\.com\.
+.IP "" 4
+.nf
+    testssl\.sh \-\-starttls=imap imap\.gmx\.net:143
+.fi
+.IP "" 0
+.P
+does the same on the plain text IMAP port\.
+.P
+Please note that for plain TLS\-encrypted ports you must not specify the protocol option when no STARTTLS handshake is offered: \fBtestssl\.sh smtp\.gmail\.com:465\fR just checks the encryption on the SMTPS port, \fBtestssl\.sh imap\.gmx\.net:993\fR on the IMAPS port\. Also MongoDB which provides TLS support without STARTTLS can be tested directly\.
+.SH "RFCs and other standards"
+.IP "\[ci]" 4
+RFC 2246: The TLS Protocol Version 1\.0
+.IP "\[ci]" 4
+RFC 2595: Using TLS with IMAP, POP3 and ACAP
+.IP "\[ci]" 4
+RFC 2818: HTTP Over TLS
+.IP "\[ci]" 4
+RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
+.IP "\[ci]" 4
+RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
+.IP "\[ci]" 4
+RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL \- VERSION 4rev1
+.IP "\[ci]" 4
+RFC 4346: The Transport Layer Security (TLS) Protocol Version 1\.1
+.IP "\[ci]" 4
+RFC 4366: Transport Layer Security (TLS) Extensions
+.IP "\[ci]" 4
+RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
+.IP "\[ci]" 4
+RFC 5077: Transport Layer Security (TLS) Session Resumption
+.IP "\[ci]" 4
+RFC 5246: The Transport Layer Security (TLS) Protocol Version 1\.2
+.IP "\[ci]" 4
+RFC 5280: Internet X\.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
+.IP "\[ci]" 4
+RFC 5321: Simple Mail Transfer Protocol
+.IP "\[ci]" 4
+RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
+.IP "\[ci]" 4
+RFC 5804: A Protocol for Remotely Managing Sieve Scripts
+.IP "\[ci]" 4
+RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
+.IP "\[ci]" 4
+RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3\.0
+.IP "\[ci]" 4
+RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core
+.IP "\[ci]" 4
+RFC 6125: Domain\-Based Application Service Identity [\.\.]
+.IP "\[ci]" 4
+RFC 6797: HTTP Strict Transport Security (HSTS)
+.IP "\[ci]" 4
+RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension
+.IP "\[ci]" 4
+RFC 7469: Public Key Pinning Extension for HTTP (HPKP)
+.IP "\[ci]" 4
+RFC 7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks
+.IP "\[ci]" 4
+RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
+.IP "\[ci]" 4
+RFC 7633: X\.509v3 Transport Layer Security (TLS) Feature Extension
+.IP "\[ci]" 4
+RFC 7465: Prohibiting RC4 Cipher Suites
+.IP "\[ci]" 4
+RFC 7685: A Transport Layer Security (TLS) ClientHello Padding Extension
+.IP "\[ci]" 4
+RFC 7905: ChaCha20\-Poly1305 Cipher Suites for Transport Layer Security (TLS)
+.IP "\[ci]" 4
+RFC 7919: Negotiated Finite Field Diffie\-Hellman Ephemeral Parameters for Transport Layer Security
+.IP "\[ci]" 4
+RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
+.IP "\[ci]" 4
+RFC 8446: The Transport Layer Security (TLS) Protocol Version 1\.3
+.IP "\[ci]" 4
+RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
+.IP "\[ci]" 4
+W3C CSP: Content Security Policy Level 1\-3
+.IP "\[ci]" 4
+TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1\.3
+.IP "" 0
+.SH "EXIT STATUS"
+.IP "\[ci]" 4
+0 testssl\.sh finished successfully without errors and without ambiguous results
+.IP "\[ci]" 4
+1 testssl\.sh has encountered exactly one ambiguous situation or an error during run
+.IP "\[ci]" 4
+1+n same as previous\. The errors or ambiguous results are added, also per IP\.
+.IP "\[ci]" 4
+50\-200 reserved for returning a vulnerability scoring for system monitoring or a CI tools
+.IP "\[ci]" 4
+242 (ERR_CHILD) Child received a signal from master
+.IP "\[ci]" 4
+244 (ERR_RESOURCE) Resources testssl\.sh needs couldn't be read
+.IP "\[ci]" 4
+245 (ERR_CLUELESS) Weird state, either though user options or testssl\.sh
+.IP "\[ci]" 4
+246 (ERR_CONNECT) Connectivity problem
+.IP "\[ci]" 4
+247 (ERR_DNSLOOKUP) Problem with resolving IP addresses or names
+.IP "\[ci]" 4
+248 (ERR_OTHERCLIENT) Other client problem
+.IP "\[ci]" 4
+249 (ERR_DNSBIN) Problem with DNS lookup binaries
+.IP "\[ci]" 4
+250 (ERR_OSSLBIN) Problem with OpenSSL binary
+.IP "\[ci]" 4
+251 (ERR_NOSUPPORT) Feature requested is not supported
+.IP "\[ci]" 4
+252 (ERR_FNAMEPARSE) Input file couldn't be parsed
+.IP "\[ci]" 4
+253 (ERR_FCREATE) Output file couldn't be created
+.IP "\[ci]" 4
+254 (ERR_CMDLINE) Cmd line couldn't be parsed
+.IP "\[ci]" 4
+255 (ERR_BASH) Bash version incorrect
+.IP "" 0
+.SH "FILES"
+\fBetc/*pem\fR are the certificate stores from Apple, Linux, Mozilla Firefox, Windows and Java\.
+.P
+\fBetc/client\-simulation\.txt\fR contains client simulation data\.
+.P
+\fBetc/cipher\-mapping\.txt\fR provides a mandatory file with mapping from OpenSSL cipher suites names to the ones from IANA / used in the RFCs\.
+.P
+\fBetc/tls_data\.txt\fR provides a mandatory file for ciphers (bash sockets) and key material\.
+.SH "AUTHORS"
+Developed by Dirk Wetter, David Cooper and many others, see CREDITS\.md \.
+.SH "COPYRIGHT"
+Copyright \(co 2012 Dirk Wetter\. License GPLv2: Free Software Foundation, Inc\. This is free software: you are free to change and redistribute it under the terms of the license, see LICENSE\.
+.P
+Attribution is important for the future of this project \- also in the internet\. Thus if you're offering a scanner based on testssl\.sh as a public and/or paid service in the internet you are strongly encouraged to mention to your audience that you're using this program and where to get this program from\. That helps us to get bugfixes, other feedback and more contributions\.
+.P
+Usage WITHOUT ANY WARRANTY\. USE at your OWN RISK!
+.SH "LIMITATION"
+All native Windows platforms emulating Linux are known to be slow\.
+.SH "BUGS"
+Probably\. Current known ones and interface for filing new ones: https://testssl\.sh/bugs/ \.
+.SH "SEE ALSO"
+\fBciphers\fR(1), \fBopenssl\fR(1), \fBs_client\fR(1), \fBx509\fR(1), \fBverify\fR(1), \fBocsp\fR(1), \fBcrl\fR(1), \fBbash\fR(1) and the websites https://testssl\.sh/ and https://github\.com/drwetter/testssl\.sh/ \.
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
new file mode 100644
index 0000000..d254a43
--- /dev/null
+++ b/doc/testssl.1.html
@@ -0,0 +1,687 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv='content-type' content='text/html;charset=utf8'>
+  <meta name='generator' content='Ronn-NG/v0.9.1 (http://github.com/apjanke/ronn-ng/tree/0.9.1)'>
+  <title>testssl(1)</title>
+  <style type='text/css' media='all'>
+  /* style: man */
+  body#manpage {margin:0}
+  .mp {padding:0 9ex 1ex 4ex}
+  .mp p,.mp pre,.mp ul,.mp ol,.mp dl {margin:0 0 20px 0}
+  .mp h2 {margin:10px 0 0 0}
+  .mp > p,.mp > pre,.mp > ul,.mp > ol,.mp > dl {margin-left:8ex}
+  .mp h3 {margin:0 0 0 4ex}
+  .mp dt {margin:0;clear:left}
+  .mp dt.flush {float:left;width:8ex}
+  .mp dd {margin:0 0 0 9ex}
+  .mp h1,.mp h2,.mp h3,.mp h4 {clear:left}
+  .mp pre {margin-bottom:20px}
+  .mp pre+h2,.mp pre+h3 {margin-top:22px}
+  .mp h2+pre,.mp h3+pre {margin-top:5px}
+  .mp img {display:block;margin:auto}
+  .mp h1.man-title {display:none}
+  .mp,.mp code,.mp pre,.mp tt,.mp kbd,.mp samp,.mp h3,.mp h4 {font-family:monospace;font-size:14px;line-height:1.42857142857143}
+  .mp h2 {font-size:16px;line-height:1.25}
+  .mp h1 {font-size:20px;line-height:2}
+  .mp {text-align:justify;background:#fff}
+  .mp,.mp code,.mp pre,.mp pre code,.mp tt,.mp kbd,.mp samp {color:#131211}
+  .mp h1,.mp h2,.mp h3,.mp h4 {color:#030201}
+  .mp u {text-decoration:underline}
+  .mp code,.mp strong,.mp b {font-weight:bold;color:#131211}
+  .mp em,.mp var {font-style:italic;color:#232221;text-decoration:none}
+  .mp a,.mp a:link,.mp a:hover,.mp a code,.mp a pre,.mp a tt,.mp a kbd,.mp a samp {color:#0000ff}
+  .mp b.man-ref {font-weight:normal;color:#434241}
+  .mp pre {padding:0 4ex}
+  .mp pre code {font-weight:normal;color:#434241}
+  .mp h2+pre,h3+pre {padding-left:0}
+  ol.man-decor,ol.man-decor li {margin:3px 0 10px 0;padding:0;float:left;width:33%;list-style-type:none;text-transform:uppercase;color:#999;letter-spacing:1px}
+  ol.man-decor {width:100%}
+  ol.man-decor li.tl {text-align:left}
+  ol.man-decor li.tc {text-align:center;letter-spacing:4px}
+  ol.man-decor li.tr {text-align:right;float:right}
+  </style>
+</head>
+<!--
+  The following styles are deprecated and will be removed at some point:
+  div#man, div#man ol.man, div#man ol.head, div#man ol.man.
+
+  The .man-page, .man-decor, .man-head, .man-foot, .man-title, and
+  .man-navigation should be used instead.
+-->
+<body id='manpage'>
+  <div class='mp' id='man'>
+
+  <div class='man-navigation' style='display:none'>
+    <a href="#NAME">NAME</a>
+    <a href="#NAME">NAME</a>
+    <a href="#SYNOPSIS">SYNOPSIS</a>
+    <a href="#DESCRIPTION">DESCRIPTION</a>
+    <a href="#REQUIREMENTS">REQUIREMENTS</a>
+    <a href="#GENERAL">GENERAL</a>
+    <a href="#OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</a>
+    <a href="#EXAMPLES">EXAMPLES</a>
+    <a href="#RFCS-AND-OTHER-STANDARDS">RFCs and other standards</a>
+    <a href="#EXIT-STATUS">EXIT STATUS</a>
+    <a href="#FILES">FILES</a>
+    <a href="#AUTHORS">AUTHORS</a>
+    <a href="#COPYRIGHT">COPYRIGHT</a>
+    <a href="#LIMITATION">LIMITATION</a>
+    <a href="#BUGS">BUGS</a>
+    <a href="#SEE-ALSO">SEE ALSO</a>
+  </div>
+
+  <ol class='man-decor man-head man head'>
+    <li class='tl'>testssl(1)</li>
+    <li class='tc'></li>
+    <li class='tr'>testssl(1)</li>
+  </ol>
+
+  
+
+<h2 id="NAME">NAME</h2>
+<p class="man-name">
+  <code>testssl</code>
+</p>
+<h2 id="NAME">NAME</h2>
+<p>testssl.sh -- check encryption of SSL/TLS servers</p>
+
+<h2 id="SYNOPSIS">SYNOPSIS</h2>
+
+<p><code>testssl.sh [OPTIONS] &lt;URI&gt;</code>,   <code>testssl.sh [OPTIONS] --file &lt;FILE&gt;</code></p>
+
+<p>or</p>
+
+<p><code>testssl.sh [BANNER OPTIONS]</code></p>
+
+<h2 id="DESCRIPTION">DESCRIPTION</h2>
+
+<p>testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as cryptographic flaws and much more.</p>
+
+<p>The output rates findings by color (screen) or severity (file output) so that you are able to tell whether something is good or bad. The (screen) output has several sections in which classes of checks are being performed. To ease readability on the screen it aligns and indents the output properly.</p>
+
+<p>Only you see the result. You also can use it internally on your LAN. Except DNS lookups or unless you instruct testssl.sh to check for revocation of certificates it doesn't use any other hosts or even third parties for any test.</p>
+
+<h2 id="REQUIREMENTS">REQUIREMENTS</h2>
+
+<p>Testssl.sh is out of the box portable: it runs under any Unix-like
+stack: Linux, *BSD, MacOS X, WSL=Windows Subsystem for Linux, Cygwin and MSYS2.
+<code>bash</code> is a prerequisite, also version 3 is still supported.
+Standard utilities like awk, sed, tr and head are also needed. This can be of a BSD,
+System 5 or GNU flavor whereas grep from System V is not yet supported.</p>
+
+<p>Any OpenSSL or LibreSSL version is needed as a helper. Unlike previous versions
+of testssl.sh almost every check is done via (TCP) sockets. In addition statically
+linked OpenSSL binaries for major operating systems are supplied in <code>./bin/</code>.</p>
+
+<h2 id="GENERAL">GENERAL</h2>
+
+<p><code>testssl.sh URI</code> as the default invocation does the so-called default run which does a number of checks and puts out the results colorized (ANSI and termcap) on the screen. It does every check listed below except <code>-E</code> which are (order of appearance):</p>
+
+<p>0) displays a banner (see below), does a DNS lookup also for further IP addresses and does for the returned IP address a reverse lookup. Last but not least a service check is being done.</p>
+
+<p>1) SSL/TLS protocol check</p>
+
+<p>2) standard cipher categories</p>
+
+<p>3) server's cipher preferences (server order?)</p>
+
+<p>4) forward secrecy: ciphers and elliptical curves</p>
+
+<p>5) server defaults (certificate info, TLS extensions, session information)</p>
+
+<p>6) HTTP header (if HTTP detected or being forced via <code>--assume-http</code>)</p>
+
+<p>7) vulnerabilities</p>
+
+<p>8) testing each of 370 preconfigured ciphers</p>
+
+<p>8) client simulation</p>
+
+<p>9) rating</p>
+
+<h2 id="OPTIONS-AND-PARAMETERS">OPTIONS AND PARAMETERS</h2>
+
+<p>Options are either short or long options. Any long or short option requiring a value can be called with or without an equal sign. E.g. <code>testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl &lt;URI&gt;</code> (short options with equal sign) is equivalent to <code>testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl &lt;URI&gt;</code> (long option without equal sign). Some command line options can also be preset via ENV variables. <code>WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls=smtp &lt;URI&gt;</code> would be the equivalent to the aforementioned examples. Preference has the command line over any environment variables.</p>
+
+<p><code>&lt;URI&gt;</code> or <code>--file &lt;FILE&gt;</code> always needs to be the last parameter.</p>
+
+<h3 id="BANNER-OPTIONS-standalone-">BANNER OPTIONS (standalone)</h3>
+
+<p><code>--help</code> (or no arg) displays command line help</p>
+
+<p><code>-b, --banner</code>        displays testssl.sh banner, including license, usage conditions, version of testssl.sh, detected openssl version, its path to it, # of ciphers of openssl, its build date and the architecture.</p>
+
+<p><code>-v, --version</code>     same as before</p>
+
+<p><code>-V [pattern], --local [pattern]</code>  pretty print all local ciphers supported by openssl version. If a pattern is supplied it performs a match (ignore case) on any of the strings supplied in the wide output, see below. The pattern will be searched in the any of the columns: hexcode, cipher suite name (OpenSSL or IANA), key exchange, encryption, bits. It does a word pattern match for non-numbers, for number just a normal match applies. Numbers here are defined as [0-9,A-F]. This means (attention: catch) that the pattern CBC is matched as non-word, but AES as word. This option also accepts <code>--openssl=&lt;path_to_openssl&gt;</code>.</p>
+
+<h3 id="INPUT-PARAMETERS">INPUT PARAMETERS</h3>
+
+<p><code>URI</code> can be a hostname, an IPv4 or IPv6 address (restriction see below) or an URL. IPv6 addresses need to be in square brackets. For any given parameter port 443 is assumed unless specified by appending a colon and a port number. The only preceding protocol specifier allowed is <code>https</code>. You need to be aware that checks for an IP address might not hit the vhost you want. DNS resolution (A/AAAA record) is being performed unless you have an <code>/etc/hosts</code> entry for the hostname.</p>
+
+<p><code>--file &lt;fname&gt;</code> or the equivalent <code>-iL &lt;fname&gt;</code> are mass testing options. Per default it implicitly turns on <code>--warnings batch</code>. In its first incarnation the mass testing option reads command lines from <code>fname</code>. <code>fname</code> consists of command lines of testssl, one line per instance. Comments after <code>#</code> are ignored, <code>EOF</code> signals the end of fname any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g.  When invoking <code>testssl.sh --wide --log --file &lt;fname&gt;</code> . Each single line in <code>fname</code> is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies, likely a line won't be scanned.</p>
+
+<p>Alternatively <code>fname</code> can be in <code>nmap</code>'s grep(p)able output format (<code>-oG</code>). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, i.e. if nmap shows in its output an open port 25, automatically <code>-t smtp</code> will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront. This is done by an internal table which correlates nmap's open port detected to the STARTTLS/plain text decision from testssl.sh.</p>
+
+<p>Nmap's output always returns IP addresses and only if there's a PTR DNS record available a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this automatically for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. Please keep in mind that checks against an IP address might not hit the vhost you maybe were aiming at and thus it may lead to different results.</p>
+
+<p>A typical internal conversion to testssl.sh file format from nmap's grep(p)able format could look like:</p>
+
+<p><code>
+10.10.12.16:443
+10.10.12.16:1443
+-t smtp host.example.com:25
+host.example.com:443
+host.example.com:631
+-t ftp 10.10.12.11:21
+10.10.12.11:8443
+</code>
+Please note that <code>fname</code> has to be in Unix format. DOS carriage returns won't be accepted. Instead of the command line switch the environment variable FNAME will be honored too.</p>
+
+<p><code>--mode &lt;serial|parallel&gt;</code>. Mass testing to be done serial (default) or parallel (<code>--parallel</code> is shortcut for the latter, <code>--serial</code> is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable <code>MASS_TESTING_MODE</code> can be defined to be either equal <code>serial</code> or <code>parallel</code>.</p>
+
+<p><code>--warnings &lt;batch|off&gt;</code>.  The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. <code>batch</code> doesn't wait for a confirming keypress when a client- or server-side problem is encountered. As of 3.0 it just then terminates the particular scan.  This is automatically chosen for mass testing (<code>--file</code>). <code>off</code> just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
+The same can be achieved by setting the environment variable <code>WARNINGS</code>.</p>
+
+<p><code>--connect-timeout &lt;seconds&gt;</code>  This is useful for socket TCP connections to a node. If the node does not complete a TCP handshake (e.g. because it is down or behind a firewall or there's an IDS or a tarpit) testssl.sh may usually hang for around 2 minutes or even much more. This parameter instructs testssl.sh to wait at most <code>seconds</code> for the handshake to complete before giving up. This option only works if your OS has a timeout binary installed. CONNECT_TIMEOUT is the corresponding environment variable.</p>
+
+<p><code>--openssl-timeout &lt;seconds&gt;</code> This is especially useful for all connects using openssl and practically useful for mass testing. It avoids the openssl connect to hang for ~2 minutes. The expected parameter <code>seconds</code> instructs testssl.sh to wait before the openssl connect will be terminated. The option is only available if your OS has a timeout binary installed. As there are different implementations of <code>timeout</code>: It automatically calls the binary with the right parameters. OPENSSL_TIMEOUT is the equivalent environment variable.</p>
+
+<p><code>--basicauth &lt;user:pass&gt;</code> This can be set to provide HTTP basic auth credentials which are used during checks for security headers. BASICAUTH is the ENV variable you can use instead.</p>
+
+<p><code>--reqheader &lt;header&gt;</code> This can be used to add additional HTTP request headers in the correct format <code>Headername: headercontent</code>. This parameter can be called multiple times if required. For example: <code>--reqheader 'Proxy-Authorization: Basic dGVzdHNzbDpydWxlcw==' --reqheader 'ClientID: 0xDEADBEAF'</code>. REQHEADER is the corresponding environment variable.</p>
+
+<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
+
+<p><code>-t &lt;protocol&gt;, --starttls &lt;protocol&gt;</code>    does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>,  <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with <code>--ssl-native</code>. <code>irc</code> is WIP.</p>
+
+<p><code>--xmpphost &lt;jabber_domain&gt;</code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
+
+<p><code>--mx &lt;domain|host&gt;</code> tests all MX records (STARTTLS on port 25) from high to low priority, one after the other.</p>
+
+<p><code>--ip &lt;ip&gt;</code> tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in <code>&lt;URI&gt;</code>. IPv6 addresses need to be supplied in square brackets. <code>--ip=one</code> means: just test the first A record DNS returns (useful for multiple IPs). If <code>-6</code> and  <code>--ip=one</code> was supplied an AAAA record will be picked if available. The <code>--ip</code> option might be also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit <code>/etc/hosts</code> or <code>/c/Windows/System32/drivers/etc/hosts</code>. <code>--ip=proxy</code> tries a DNS resolution via proxy.</p>
+
+<p><code>--proxy &lt;host&gt;:&lt;port&gt;</code>  does ANY check via the specified proxy. <code>--proxy=auto</code> inherits the proxy setting from the environment. The hostname supplied will be resolved to the first A record. In addition if you want lookups via proxy you can specify <code>DNS_VIA_PROXY=true</code>. OCSP revocation checking (<code>-S --phone-out</code>) is not supported by OpenSSL via proxy. As supplying a proxy is an indicator for port 80 and 443 outgoing being blocked in your network an OCSP revocation check won't be performed. However if <code>IGN_OCSP_PROXY=true</code> has been supplied it will be tried directly. Authentication to the proxy is not supported. Proxying via IPv6 addresses is not possible, no HTTPS or SOCKS proxy is supported.</p>
+
+<p><code>-6</code> does (also) IPv6 checks. Please note that testssl.sh doesn't perform checks on an IPv6 address automatically, because of two reasons: testssl.sh does no connectivity checks for IPv6 and it cannot determine reliably whether the OpenSSL binary you're using has IPv6 s_client support. <code>-6</code> assumes both is the case. If both conditions are met and you in general prefer to test for IPv6 branches as well you can add <code>HAS_IPv6</code> to your shell environment. Besides the OpenSSL binary supplied IPv6 is known to work with vanilla OpenSSL &gt;= 1.1.0 and older versions &gt;=1.0.2 in RHEL/CentOS/FC and Gentoo.</p>
+
+<p><code>--ssl-native</code>  Instead of using a mixture of bash sockets and a few openssl s_client connects, testssl.sh uses the latter (almost) only. This is faster at the moment but provides less accurate results, especially for the client simulation and for cipher support. For all checks you will see a warning if testssl.sh cannot tell if a particular check cannot be performed. For some checks however you might end up getting false negatives without a warning. This option is only recommended if you prefer speed over accuracy or you know that your target has sufficient overlap with the protocols and cipher provided by your openssl binary.</p>
+
+<p><code>--openssl &lt;path_to_openssl&gt;</code>           testssl.sh tries very hard to find automagically the binary supplied (where the tree of testssl.sh resides, from the directory where testssl.sh has been started from, etc.). If all that doesn't work it falls back to openssl supplied from the OS (<code>$PATH</code>). With this option you can point testssl.sh to your binary of choice and override any internal magic to find the openssl binary. (Environment preset via <code>OPENSSL=&lt;path_to_openssl&gt;</code>).</p>
+
+<h3 id="TUNING-OPTIONS">TUNING OPTIONS</h3>
+
+<p><code>--bugs</code>  does some workarounds for buggy servers like padding for old F5 devices. The option is passed as <code>-bug</code> to openssl when needed, see <code>s_client(1)</code>, environment preset via <code>BUGS="-bugs"</code> (1x dash). For the socket part testssl.sh has always workarounds in place to cope with broken server implementations.</p>
+
+<p><code>--assuming-http</code>  testssl.sh normally does upfront an application protocol detection. In cases where HTTP cannot be automatically detected you may want to use this option. It enforces testssl.sh not to skip HTTP specific tests (HTTP header) and to run a browser based client simulation. Please note that sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server.</p>
+
+<p><code>-n, --nodns &lt;min|none&gt;</code> tells testssl.sh which DNS lookups should be performed. <code>min</code> uses only forward DNS resolution (A and AAAA record or MX record) and skips CAA lookups and PTR records from the IP address back to a DNS name.  <code>none</code> performs no DNS lookups at all. For the latter you either have to supply the IP address as a target, to use <code>--ip</code> or have the IP address
+in <code>/etc/hosts</code>.  The use of the switch is only useful if you either can't or are not willing to perform DNS lookups. The latter can apply e.g. to some pentests. In general this option could e.g. help you to avoid timeouts by DNS lookups. <code>NODNS</code> is the environment variable for this.</p>
+
+<p><code>--sneaky</code> For HTTP header checks testssl.sh uses normally the server friendly HTTP user agent <code>TLS tester from ${URL}</code>. With this option your traces are less verbose and a Firefox user agent is being used. Be aware that it doesn't hide your activities. That is just not possible (environment preset via <code>SNEAKY=true</code>).</p>
+
+<p><code>--user-agent &lt;user agent&gt;</code> tells testssl.sh to use the supplied HTTP user agent instead of the standard user agent <code>TLS tester from ${URL}</code>.</p>
+
+<p><code>--ids-friendly</code> is a switch which may help to get a scan finished which otherwise would be blocked by a server side IDS. This switch skips tests for the following vulnerabilities: Heartbleed, CCS Injection, Ticketbleed and ROBOT. The environment variable OFFENSIVE set to false will achieve the same result. Please be advised that as an alternative or as a general approach you can try to apply evasion techniques by changing the variables USLEEP_SND and / or USLEEP_REC and maybe MAX_WAITSOCK.</p>
+
+<p><code>--phone-out</code> Checking for revoked certificates via CRL and OCSP is not done per default. This switch instructs testssl.sh to query external -- in a sense of the current run -- URIs. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl.sh doesn't handle. PHONE_OUT is the environment variable for this which needs to be set to true if you want this.</p>
+
+<p><code>--add-ca &lt;CAfile&gt;</code> enables you to add your own CA(s) in PEM format for trust chain checks. <code>CAfile</code> can be a directory containing files with a .pem extension, a single file or multiple files as a comma separated list of root CAs. Internally they will be added during runtime to all CA stores. This is (only) useful for internal hosts whose certificates are issued by internal CAs. Alternatively ADDTL_CA_FILES is the environment variable for this.</p>
+
+<h3 id="SINGLE-CHECK-OPTIONS">SINGLE CHECK OPTIONS</h3>
+
+<p>Any single check switch supplied as an argument prevents testssl.sh from doing a default run. It just takes this and if supplied other options and runs them - in the order they would also appear in the default run.</p>
+
+<p><code>-e, --each-cipher</code> checks each of the (currently configured) 370 ciphers via openssl + sockets remotely on the server and reports back the result in wide mode. If you want to display each cipher tested you need to add <code>--show-each</code>. Per default it lists the following parameters: <code>hexcode</code>, <code>OpenSSL cipher suite name</code>, <code>key exchange</code>, <code>encryption bits</code>, <code>IANA/RFC cipher suite name</code>. Please note the <code>--mapping</code> parameter changes what cipher suite names you will see here and at which position. Also please note that the <strong>bit</strong> length for the encryption is shown and not the <strong>security</strong> length, albeit it'll be sorted by the latter. For 3DES due to the Meet-in-the-Middle problem the bit size of 168 bits is equivalent to the security size of 112 bits.</p>
+
+<p><code>-E, --cipher-per-proto</code>  is similar to <code>-e, --each-cipher</code>. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add <code>--show-each</code>. The output is sorted by security strength, it lists the encryption bits though.</p>
+
+<p><code>-s, --std, --categories</code>   tests certain lists of cipher suites / cipher categories by strength. (<code>--standard</code> is deprecated.)  Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p>
+
+<ul>
+  <li>
+<code>NULL encryption ciphers</code>: 'NULL:eNULL'</li>
+  <li>
+<code>Anonymous NULL ciphers</code>: 'aNULL:ADH'</li>
+  <li>
+<code>Export ciphers</code> (w/o the preceding ones): 'EXPORT:!ADH:!NULL'</li>
+  <li>
+<code>LOW</code> (64 Bit + DES ciphers, without EXPORT ciphers): 'LOW:DES:RC2:RC4:!ADH:!EXP:!NULL:!eNULL'</li>
+  <li>
+<code>3DES + IDEA Ciphers</code>: '3DES:IDEA:!aNULL:!ADH'</li>
+  <li>
+<code>Average grade Ciphers</code>: 'HIGH:MEDIUM:AES:CAMELLIA:ARIA:!IDEA:!CHACHA20:!3DES:!RC2:!RC4:!AESCCM8:!AESCCM:!AESGCM:!ARIAGCM:!aNULL'</li>
+  <li>
+<code>Strong grade Ciphers</code> (AEAD): 'AESGCM:CHACHA20:CamelliaGCM:AESCCM8:AESCCM'</li>
+</ul>
+
+<p><code>-f, --fs, --nsa, --forward-secrecy</code> Checks robust forward secrecy key exchange. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1.2 and TLS 1.3).</p>
+
+<p><code>-p, --protocols</code>  checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 through TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (from 18 on) and final are supported and being tested for.</p>
+
+<p><code>-P, --preference</code>  displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol.</p>
+
+<p><code>-S, --server_defaults</code>  displays information from the server hello(s):</p>
+
+<ul>
+  <li>Available TLS extensions,</li>
+  <li>TLS ticket + session ID information/capabilities,</li>
+  <li>session resumption capabilities,</li>
+  <li>Time skew relative to localhost (most server implementations return random values).</li>
+  <li>Several certificate information
+    <ul>
+      <li>signature algorithm,</li>
+      <li>key size,</li>
+      <li>key usage and extended key usage,</li>
+      <li>fingerprints and serial</li>
+      <li>Common Name (CN), Subject Alternative Name (SAN), Issuer,</li>
+      <li>Trust via hostname + chain of trust against supplied certificates</li>
+      <li>EV certificate detection</li>
+      <li>experimental "eTLS" detection</li>
+      <li>validity: start + end time, how many days to go (warning for certificate lifetime &gt;=5 years)</li>
+      <li>revocation info (CRL, OCSP, OCSP stapling + must staple). When <code>--phone-out</code> supplied it checks against the certificate issuer whether the host certificate has been revoked (plain OCSP, CRL).</li>
+      <li>displaying DNS Certification Authority Authorization resource record</li>
+      <li>Certificate Transparency info (if provided by server).</li>
+    </ul>
+  </li>
+</ul>
+
+<p>For the trust chain check 5 certificate stores are provided. If the test against one of the trust stores failed, the one is being identified and the reason for the failure is displayed - in addition the ones which succeeded are displayed too.
+You can configure your own CA via ADDTL_CA_FILES, see section <code>FILES</code> below.  If the server provides no matching record in Subject Alternative Name (SAN) but in Common Name (CN), it will be indicated as this is deprecated.
+Also for multiple server certificates are being checked for as well as for the certificate reply to a non-SNI (Server Name Indication) client hello to the IP address. Regarding the TLS clock skew: it displays the time difference to the client. Only a few TLS stacks nowadays still support this and return the local clock <code>gmt_unix_time</code>, e.g. IIS, openssl &lt; 1.0.1f. In addition to the HTTP date you could e.g. derive that there are different hosts where your TLS and your HTTP request ended -- if the time deltas differ significantly.</p>
+
+<p><code>-x &lt;pattern&gt;, --single-cipher &lt;pattern&gt;</code> tests matched <code>pattern</code> of ciphers against a server. Patterns are similar to <code>-V pattern , --local pattern</code>, see above about matching.</p>
+
+<p><code>-h, --header, --headers</code>       if the service is HTTP (either by detection or by enforcing via <code>--assume-http</code>. It tests several HTTP headers like</p>
+
+<ul>
+  <li>HTTP Strict Transport Security (HSTS)</li>
+  <li>HTTP Public Key Pinning (HPKP)</li>
+  <li>Server banner</li>
+  <li>HTTP date+time</li>
+  <li>Server banner like Linux or other Unix vendor headers</li>
+  <li>Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc)</li>
+  <li>Reverse proxy headers</li>
+  <li>Web server modules</li>
+  <li>IPv4 address in header</li>
+  <li>Cookie (including Secure/HTTPOnly flags)</li>
+  <li>Decodes BIG IP F5 non-encrypted cookies</li>
+  <li>Security headers (X-Frame-Options, X-XSS-Protection, Expect-CT,... , CSP headers). Nonsense is not yet detected here.</li>
+</ul>
+
+<p><code>-c, --client-simulation</code>     This simulates a handshake with a number of standard clients so that you can figure out which client cannot or can connect to your site. For the latter case the protocol, cipher and curve is displayed, also if there's Forward Secrecy. testssl.sh uses a handselected set of clients which are retrieved by the SSLlabs API. The output is aligned in columns when combined with the <code>--wide</code> option. If you want the full nine yards of clients displayed use the environment variable ALL_CLIENTS.</p>
+
+<p><code>-g, --grease</code> checks several server implementation bugs like tolerance to size limitations and GREASE, see RFC 8701. This check doesn't run per default.</p>
+
+<h3 id="VULNERABILITIES">VULNERABILITIES</h3>
+
+<p><code>-U, --vulnerable, --vulnerabilities</code> Just tests all (of the following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p>
+
+<p><code>-H, --heartbleed</code>              Checks for Heartbleed, a memory leakage in openssl. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout. The seconds to wait for a reply can be adjusted with <code>HEARTBLEED_MAX_WAITSOCK</code>. 8 is the default.</p>
+
+<p><code>-I, --ccs, --ccs-injection</code>    Checks for CCS Injection which is an openssl vulnerability. Sometimes also here the check needs to wait for a reply. The predefined timeout of 5 seconds can be changed with the environment variable <code>CCS_MAX_WAITSOCK</code>.</p>
+
+<p><code>-T, --ticketbleed</code>             Checks for Ticketbleed memory leakage in BigIP loadbalancers.</p>
+
+<p><code>--BB, --robot</code>          Checks for vulnerability to ROBOT / (<em>Return Of Bleichenbacher's Oracle Threat</em>) attack.</p>
+
+<p><code>--SI, --starttls-injection</code>          Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only). <code>socat</code> and OpenSSL &gt;=1.1.0 is needed.</p>
+
+<p><code>-R, --renegotiation</code>           Tests renegotiation vulnerabilities. Currently there's a check for <em>Secure Renegotiation</em> and for <em>Secure Client-Initiated Renegotiation</em>. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP). A check for <em>Insecure Client-Initiated Renegotiation</em> is not yet implemented.</p>
+
+<p><code>-C, --compression, --crime</code>    Checks for CRIME (<em>Compression Ratio Info-leak Made Easy</em>) vulnerability in TLS. CRIME in SPDY is not yet being checked for.</p>
+
+<p><code>-B, --breach</code>                  Checks for BREACH (<em>Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext</em>) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.</p>
+
+<p><code>-O, --poodle</code>                  Tests for SSL POODLE (<em>Padding Oracle On Downgraded Legacy Encryption</em>) vulnerability. It basically checks for the existence of CBC ciphers in SSLv3.</p>
+
+<p><code>-Z, --tls-fallback</code>            Checks TLS_FALLBACK_SCSV mitigation. TLS_FALLBACK_SCSV is basically a ciphersuite appended to the Client Hello trying to prevent protocol downgrade attacks by a Man in the Middle.</p>
+
+<p><code>-W, --sweet32</code>                 Checks for vulnerability to SWEET32 by testing 64 bit block ciphers (3DES, RC2 and IDEA).</p>
+
+<p><code>-F, --freak</code>                   Checks for FREAK vulnerability (<em>Factoring RSA Export Keys</em>) by testing for EXPORT RSA ciphers</p>
+
+<p><code>-D, --drown</code>                   Checks for DROWN vulnerability (<em>Decrypting RSA with Obsolete and Weakened eNcryption</em>) by checking whether the SSL 2 protocol is available at the target. Please note that if you use the same RSA certificate elsewhere you might be vulnerable too. testssl.sh doesn't check for this but provides a helpful link @ censys.io which provides this service.</p>
+
+<p><code>-J, --logjam</code>                  Checks for LOGJAM vulnerability by checking for DH EXPORT ciphers. It also checks for "common primes" which are preconfigured DH keys. DH keys =&lt; 1024 Bit will be penalized. Also FFDHE groups (TLS 1.2) will be displayed here.</p>
+
+<p><code>-A, --beast</code>                   Checks BEAST vulnerabilities in SSL 3 and TLS 1.0 by testing the usage of CBC ciphers.</p>
+
+<p><code>-L, --lucky13</code>                 Checks for LUCKY13 vulnerability. It checks for the presence of CBC ciphers in TLS versions 1.0 - 1.2.</p>
+
+<p><code>-WS, --winshock</code>               Checks for Winshock vulnerability. It tests for the absence of a lot of ciphers, some TLS extensions and ec curves which were introduced later in Windows. In the end the server banner is being looked at.</p>
+
+<p><code>-4, --rc4, --appelbaum</code>        Checks which RC4 stream ciphers are being offered.</p>
+
+<h3 id="OUTPUT-OPTIONS">OUTPUT OPTIONS</h3>
+
+<p><code>-q, --quiet</code>  Normally testssl.sh displays a banner on stdout with several version information, usage rights and a warning. This option suppresses it. Please note that by choosing this option you acknowledge usage terms and the warning normally appearing in the banner.</p>
+
+<p><code>--wide</code> Except the "each cipher output" all tests displays the single cipher name (scheme see below). This option enables testssl.sh to display also for the following sections the same output as for testing each ciphers: BEAST, FS, RC4. The client simulation has also a wide mode. The difference here is restricted to a column aligned output and a proper headline. The environment variable <code>WIDE</code> can be used instead.</p>
+
+<p><code>--mapping &lt;openssl|iana|no-openssl|no-iana&gt;</code></p>
+
+<ul>
+  <li>
+<code>openssl</code>: use the OpenSSL cipher suite name as the primary name cipher suite name form (default),</li>
+  <li>
+<code>iana</code>: use the IANA cipher suite name as the primary name cipher suite name form.</li>
+  <li>
+<code>no-openssl</code>: don't display the OpenSSL cipher suite name, display IANA names only.</li>
+  <li>
+<code>no-iana</code>: don't display the IANA cipher suite name, display OpenSSL names only.</li>
+</ul>
+
+<p>Please note that in testssl.sh 3.0 you can still use <code>rfc</code> instead of <code>iana</code> and <code>no-rfc</code> instead of <code>no-iana</code> but it'll disappear after 3.0.</p>
+
+<p><code>--show-each</code> This is an option for all wide modes only: it displays all ciphers tested -- not only succeeded ones.  <code>SHOW_EACH_C</code> is your friend if you prefer to set this via the shell environment.</p>
+
+<p><code>--color &lt;0|1|2|3&gt;</code> determines the use of colors on the screen and in the log file: <code>2</code> is the default and makes use of ANSI and termcap escape codes on your terminal. <code>1</code> just uses non-colored mark-up like bold, italics, underline, reverse.  <code>0</code> means no mark-up at all = no escape codes. This is also what you want when you want a log file without any escape codes. <code>3</code> will color ciphers and EC according to an internal (not yet perfect) rating. Setting the environment variable <code>COLOR</code> to the value achieves the same result. Please not that OpenBSD and early FreeBSD do not support italics.</p>
+
+<p><code>--colorblind</code>                  Swaps green and blue colors in the output, so that this percentage of folks (up to 8% of males, see https://en.wikipedia.org/wiki/Color_blindness) can distinguish those findings better. <code>COLORBLIND</code> is the according variable if you want to set this in the environment.</p>
+
+<p><code>--debug &lt;0-6&gt;</code>                 This gives you additional output on the screen (2-6), only useful for debugging. <code>DEBUG</code> is the according environment variable which you can use. There are six levels (0 is the default, thus it has no effect):</p>
+
+<ol>
+  <li>screen output normal but leaves useful debug output in <strong>/tmp/testssl.XXXXXX/</strong> . The info about the exact directory is included in the screen output in the end of the run.</li>
+  <li>lists more what's going on, status (high level) and connection errors, a few general debug output</li>
+  <li>even slightly more info: hexdumps + other info</li>
+  <li>display bytes sent via sockets</li>
+  <li>display bytes received via sockets</li>
+  <li>whole 9 yards</li>
+</ol>
+
+<p><code>--disable-rating</code> disables rating.
+Rating automatically gets disabled, to not give a wrong or misleading grade, when not all required functions are executed (e.g when checking for a single vulnerabilities).</p>
+
+<h3 id="FILE-OUTPUT-OPTIONS">FILE OUTPUT OPTIONS</h3>
+
+<p><code>--log, --logging</code>      Logs stdout also to <code>${NODE}-p${port}${YYYYMMDD-HHMM}.log</code> in current working directory of the shell. Depending on the color output option (see above) the output file will contain color and other markup escape codes, unless you specify <code>--color 0</code> too. <code>cat</code> and -- if properly configured <code>less</code> -- will show the output properly formatted on your terminal. The output shows a banner with the almost the same information as on the screen. In addition it shows the command line of the testssl.sh instance. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. You can override the width with the environment variable TERM_WIDTH.</p>
+
+<p><code>--logfile &lt;logfile&gt;</code> or <code>-oL &lt;logfile&gt;</code>  Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If <code>logfile</code> is a directory the output will put into <code>logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.log</code>. If <code>logfile</code> is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. You can override the width with the environment variable TERM_WIDTH.</p>
+
+<p><code>--json</code>                Logs additionally to JSON file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.json</code> in the current working directory of the shell. The resulting JSON file is opposed to <code>--json-pretty</code> flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The output doesn't contain a banner or a footer.</p>
+
+<p><code>--jsonfile &lt;jsonfile&gt;</code> or <code>-oj &lt;jsonfile&gt;</code> Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If <code>jsonfile</code> is a directory the output will put into <code>logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If </code>jsonfile` is a file it will use that file name, an absolute path is also permitted here.</p>
+
+<p><code>--json-pretty</code> Logs additionally to JSON file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to </code>--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.</p>
+
+<p><code>--jsonfile-pretty &lt;jsonfile&gt;</code> or <code>-oJ &lt;jsonfile&gt;</code>  Similar to the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in pretty JSON format (see <code>--json-pretty</code>) into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
+
+<p><code>--csv</code>  Logs additionally to a CSV file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.csv</code> in the current working directory of the shell. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity, the finding and for vulnerabilities a CVE and CWE number).</p>
+
+<p><code>--csvfile &lt;csvfile&gt;</code> or <code>-oC &lt;csvfile&gt;</code> Similar to  the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in CSV format (see <code>--cvs</code>) additionally into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
+
+<p><code>--html</code> Logs additionally to an HTML file <code>${NODE}-p${port}${YYYYMMDD-HHMM}.html</code> in the current working directory of the shell. It contains a 1:1 output of the console. In former versions there was a non-native option to use "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like <code>testssl.sh [options] &lt;URI&gt; | aha &gt;output.html</code>. This is not necessary anymore.</p>
+
+<p><code>--htmlfile &lt;htmlfile&gt;</code> or <code>-oH &lt;htmlfile&gt;</code>         Similar to  the aforementioned <code>--jsonfile</code> or <code>--logfile</code> it logs the output in HTML format (see <code>--html</code>) additionally into a file or a directory. For further explanation see <code>--jsonfile</code> or <code>--logfile</code>.</p>
+
+<p><code>-oA &lt;filename&gt;</code> / <code>--outFile &lt;filename&gt;</code>    Similar to nmap it does a file output to all available file formats: LOG, JSON pretty, CSV, HTML. If the filename supplied is equal <code>auto</code> the filename is automatically generated using '${NODE}-p${port}${YYYYMMDD-HHMM}.${EXT}' with the according extension. If a directory is provided all output files will put into <code>&lt;filename&gt;/${NODE}-p${port}${YYYYMMDD-HHMM}.{log,json,csv,html}</code>.</p>
+
+<p><code>-oa &lt;filename&gt;</code> / <code>--outfile &lt;filename&gt;</code> Does the same as the previous option but uses flat JSON instead.</p>
+
+<p><code>--hints</code>  This option is not in use yet. This option is meant to give hints how to fix a finding or at least a help to improve something. GIVE_HINTS is the environment variable for this.</p>
+
+<p><code>--severity &lt;severity&gt;</code> For CSV and both JSON outputs this will only add findings to the output file if a severity is equal or higher than the <code>severity</code> value specified. Allowed are <code>&lt;LOW|MEDIUM|HIGH|CRITICAL&gt;</code>. WARN is another level which translates to a client-side scanning error or problem. Thus you will always see them in a file if they occur.</p>
+
+<p><code>--append</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will prompt you to manually remove the file and exit with an error. <code>--append</code> however will append to this file, without a header. The environment variable APPEND does the same. Be careful using this switch/variable. A complementary option which overwrites an existing file doesn't exist per design.</p>
+
+<p><code>--overwrite</code> Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that <strong>without any warning</strong>. The environment variable OVERWRITE does the same. Be careful, you have been warned!</p>
+
+<p><code>--outprefix &lt;fname_prefix&gt;</code> Prepend output filename prefix <var>fname_prefix</var> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <code>&lt;fname_prefix&gt;-${NODE}-p${port}${YYYYMMDD-HHMM}.&lt;format&gt;</code> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <code>&lt;fname_prefix&gt;</code> ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <code>&lt;fname_prefix&gt;</code>.</p>
+
+<p>A few file output options can also be preset via environment variables.</p>
+
+<h3 id="COLOR-RATINGS">COLOR RATINGS</h3>
+
+<p>Testssl.sh makes use of (the eight) standard terminal colors. The color scheme is as follows:</p>
+
+<ul>
+  <li>light red: a critical finding</li>
+  <li>red: a high finding</li>
+  <li>brown: a medium finding</li>
+  <li>yellow: a low finding</li>
+  <li>green (blue if COLORBLIND is set): something which is either in general a good thing or a negative result of a check which otherwise results in a high finding</li>
+  <li>light green (light blue if COLORBLIND is set) : something which is either in general a very good thing or a negative result of a check which otherwise results in a critical finding</li>
+  <li>no color at places where also a finding can be expected: a finding on an info level</li>
+  <li>cyan: currently only used for <code>--show-each</code> or an additional hint</li>
+  <li>magenta: signals a warning condition, e.g. either a local lack of capabilities on the client side or another problem</li>
+  <li>light magenta: a fatal error which either requires strict consent from the user to continue or a condition which leaves no other choice for testssl.sh to quit</li>
+</ul>
+
+<p>What is labeled as "light" above appears as such on the screen but is technically speaking "bold". Besides <code>--color=3</code> will color ciphers according to an internal and rough rating.</p>
+
+<p>Markup (without any color) is used in the following manner:</p>
+
+<ul>
+  <li>bold: for the name of the test</li>
+  <li>underline + bold: for the headline of each test section</li>
+  <li>underline: for a sub-headline</li>
+  <li>italics: for strings just reflecting a value read from the server</li>
+</ul>
+
+<h3 id="TUNING-via-ENV-variables-and-more-options">TUNING via ENV variables and more options</h3>
+
+<p>Except the environment variables mentioned above which can replace command line options here a some which cannot be set otherwise. Variables used for tuning are preset with reasonable values. <em>There should be no reason to change them</em> unless you use testssl.sh under special conditions.</p>
+
+<ul>
+  <li>TERM_WIDTH is a variable which overrides the auto-determined terminal width size. Setting this variable normally only makes sense if you log the output to a file using the <code>--log</code>, <code>--logfile</code> or <code>-oL</code> option.</li>
+  <li>DEBUG_ALLINONE / SETX: when setting one of those to true testssl.sh falls back to the standard bash behavior, i.e. calling <code>bash -x testssl.sh</code> it displays the bash debugging output not in an external file <code>/tmp/testssl-&lt;XX&gt;.log</code>
+</li>
+  <li>DEBUGTIME: Profiling option. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in <code>/tmp/testssl-&lt;XX&gt;.time</code>. They need to be concatenated by <code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code>
+[comment]: # * FAST_SOCKET
+[comment]: # * SHOW_SIGALGO
+[comment]: # * FAST</li>
+  <li>EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier. In released versions this has no effect.</li>
+  <li>ALL_CLIENTS=true runs a client simulation with <em>all</em> (currently 126) clients when testing HTTP.</li>
+  <li>UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses</li>
+  <li>NO_ENGINE: if you have problems with garbled output containing the word 'engine' you might want to set this to true. It forces testssl.sh not try to configure openssl's engine or a non existing one from libressl</li>
+  <li>HEADER_MAXSLEEP: To wait how long before killing the process to retrieve a service banner / HTTP header</li>
+  <li>MAX_WAITSOCK: It instructs testssl.sh to wait until the specified time before declaring a socket connection dead. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
+  <li>CCS_MAX_WAITSOCK Is the similar to above but applies only to the CCS handshakes, for both of the two the two CCS payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
+  <li>HEARTBLEED_MAX_WAITSOCK  Is the similar to MAX_WAITSOCK but applies only to the ServerHello after sending the Heartbleed payload. Don't change this unless you're absolutely sure what you're doing. Value is in seconds.</li>
+  <li>MEASURE_TIME_FILE For seldom cases when you don't want the scan time to be included in the output you can set this to false.</li>
+  <li>STARTTLS_SLEEP is per default set to 10 (seconds). That's the value testssl.sh waits for a string in the STARTTLS handshake before giving up.</li>
+  <li>MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode. The default value of 20 may be made larger on systems with faster processors.</li>
+  <li>MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete. The default is 1200.
+[comment]: # USLEEP_SND
+[comment]: # USLEEP_REC</li>
+  <li>HSTS_MIN is preset to 179 (days). If you want warnings sooner or later for HTTP Strict Transport Security you can change this.</li>
+  <li>HPKP_MIN is preset to 30 (days). If you want warnings sooner or later for HTTP Public Key Pinning you can change this</li>
+  <li>DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days). For Let's Encrypt this value will be divided internally by 2.</li>
+  <li>DAYS2WARN2 is the second threshold when you'll be warning of a certificate expiration of a host, preset to 30 (days). For Let's Encrypt this value will be divided internally by 2.</li>
+  <li>TESTSSL_INSTALL_DIR is the derived installation directory of testssl.sh. Relatively to that the <code>bin</code> and mandatory <code>etc</code> directory will be looked for.</li>
+  <li>CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use <code>~/utils/create_ca_hashes.sh</code> to create the hashes for HPKP.</li>
+  <li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue</em>.</li>
+  <li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated TCP connect problems, giving up</em>.</li>
+  <li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like <em>Fatal error: repeated HTTP header connect problems, doesn't make sense to continue</em>.</li>
+</ul>
+
+<h3 id="RATING">RATING</h3>
+<p>This program has a near-complete implementation of SSL Labs's '<a href="https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide">SSL Server Rating Guide</a>'.</p>
+
+<p>This is <em>not</em> a 100% reimplementation of the <a href="https://www.ssllabs.com/ssltest/analyze.html">SSL Lab's SSL Server Test</a>, but an implementation of the above rating specification, slight discrepancies may occur. Please note that for now we stick to the SSL Labs rating as good as possible. We are not responsible for their rating. Before filing issues please inspect their Rating Guide.</p>
+
+<p>Disclaimer: Having a good grade is <strong>NOT</strong> necessarily equal to having good security! Don't start a competition for the best grade, at least not without monitoring the client handshakes and not without adding a portion of good sense to it. Please note STARTTLS always results in a grade cap to T. Anything else
+would lead to a false sense of security - at least until we test for DANE or MTA-STS.</p>
+
+<p>As of writing, these checks are missing:
+* GOLDENDOODLE - should be graded <strong>F</strong> if vulnerable
+* Insecure renegotiation - should be graded <strong>F</strong> if vulnerable
+* Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - should be graded <strong>F</strong> if vulnerable
+* Sleeping POODLE - should be graded <strong>F</strong> if vulnerable
+* Zero Length Padding Oracle (CVE-2019-1559) - should be graded <strong>F</strong> if vulnerable
+* Zombie POODLE - should be graded <strong>F</strong> if vulnerable
+* All remaining old Symantec PKI certificates are distrusted - should be graded <strong>T</strong>
+* Symantec certificates issued before June 2016 are distrusted - should be graded <strong>T</strong>
+* Anonymous key exchange - should give <strong>0</strong> points in <code>set_key_str_score()</code>
+* Exportable key exchange - should give <strong>40</strong> points in <code>set_key_str_score()</code>
+* Weak key (Debian OpenSSL Flaw) - should give <strong>0</strong> points in <code>set_key_str_score()</code></p>
+
+<h4 id="Implementing-new-grades-caps-or-warnings">Implementing new grades caps or -warnings</h4>
+<p>To implement a new grading cap, simply call the <code>set_grade_cap()</code> function, with the grade and a reason:
+<code>bash
+set_grade_cap "D" "Vulnerable to documentation"
+</code>
+To implement a new grade warning, simply call the <code>set_grade_warning()</code> function, with a message:
+<code>bash
+set_grade_warning "Documentation is always right"
+</code>
+#### Implementing a new check which contains grade caps
+When implementing a new check (be it vulnerability or not) that sets grade caps, the <code>set_rating_state()</code> has to be updated (i.e. the <code>$do_mycheck</code> variable-name has to be added to the loop, and <code>$nr_enabled</code> if-statement has to be incremented)</p>
+
+<p>The <code>set_rating_state()</code> automatically disables rating, if all the required checks are <em>not</em> enabled.
+This is to prevent giving out a misleading or wrong grade.</p>
+
+<h4 id="Implementing-a-new-revision">Implementing a new revision</h4>
+<p>When a new revision of the rating specification comes around, the following has to be done:
+* New grade caps has to be either:
+  1. Added to the script wherever relevant, or
+  2. Added to the above list of missing checks (if above is not possible)
+* New grade warnings has to be added wherever relevant
+* The revision output in <code>run_rating()</code> function has to updated</p>
+
+<h2 id="EXAMPLES">EXAMPLES</h2>
+
+<pre><code>  testssl.sh testssl.sh
+</code></pre>
+
+<p>does a default run on https://testssl.sh (protocols, standard cipher lists, server's cipher preferences, forward secrecy, server defaults, vulnerabilities, client simulation, and rating.</p>
+
+<pre><code>  testssl.sh testssl.net:443
+</code></pre>
+
+<p>does the same default run as above with the subtle difference that testssl.net has two IPv4 addresses. Both are tested.</p>
+
+<pre><code>  testssl.sh --ip=one --wide https://testssl.net:443
+</code></pre>
+
+<p>does the same checks as above, with the difference that one IP address is being picked randomly. Displayed is everything where possible in wide format.</p>
+
+<pre><code>  testssl.sh -6 https://testssl.net
+</code></pre>
+
+<p>As opposed to the first example it also tests the IPv6 part -- supposed you have an IPv6 network and your openssl supports IPv6 (see above).</p>
+
+<pre><code>  testssl.sh -t smtp smtp.gmail.com:25
+</code></pre>
+
+<p>Checks are done via a STARTTLS handshake on the plain text port 25. It checks every IP on smtp.gmail.com.</p>
+
+<pre><code>    testssl.sh --starttls=imap imap.gmx.net:143
+</code></pre>
+
+<p>does the same on the plain text IMAP port.</p>
+
+<p>Please note that for plain TLS-encrypted ports you must not specify the protocol option when no STARTTLS handshake is offered: <code>testssl.sh smtp.gmail.com:465</code> just checks the encryption on the SMTPS port, <code>testssl.sh imap.gmx.net:993</code> on the IMAPS port. Also MongoDB which provides TLS support without STARTTLS can be tested directly.</p>
+
+<h2 id="RFCs-and-other-standards">RFCs and other standards</h2>
+
+<ul>
+  <li>RFC 2246: The TLS Protocol Version 1.0</li>
+  <li>RFC 2595: Using TLS with IMAP, POP3 and ACAP</li>
+  <li>RFC 2818: HTTP Over TLS</li>
+  <li>RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security</li>
+  <li>RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security</li>
+  <li>RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</li>
+  <li>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</li>
+  <li>RFC 4366: Transport Layer Security (TLS) Extensions</li>
+  <li>RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</li>
+  <li>RFC 5077: Transport Layer Security (TLS) Session Resumption</li>
+  <li>RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2</li>
+  <li>RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</li>
+  <li>RFC 5321: Simple Mail Transfer Protocol</li>
+  <li>RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension</li>
+  <li>RFC 5804: A Protocol for Remotely Managing Sieve Scripts</li>
+  <li>RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions</li>
+  <li>RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0</li>
+  <li>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core</li>
+  <li>RFC 6125: Domain-Based Application Service Identity [..]</li>
+  <li>RFC 6797: HTTP Strict Transport Security (HSTS)</li>
+  <li>RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension</li>
+  <li>RFC 7469: Public Key Pinning Extension for HTTP (HPKP)</li>
+  <li>RFC 7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks</li>
+  <li>RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension</li>
+  <li>RFC 7633: X.509v3 Transport Layer Security (TLS) Feature Extension</li>
+  <li>RFC 7465: Prohibiting RC4 Cipher Suites</li>
+  <li>RFC 7685: A Transport Layer Security (TLS) ClientHello Padding Extension</li>
+  <li>RFC 7905: ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)</li>
+  <li>RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security</li>
+  <li>RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)</li>
+  <li>RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3</li>
+  <li>RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility</li>
+  <li>W3C CSP: Content Security Policy Level 1-3</li>
+  <li>TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3</li>
+</ul>
+
+<h2 id="EXIT-STATUS">EXIT STATUS</h2>
+
+<ul>
+  <li>0    testssl.sh finished successfully without errors and without ambiguous results</li>
+  <li>1    testssl.sh has encountered exactly one ambiguous situation or an error during run</li>
+  <li>1+n  same as previous. The errors or ambiguous results are added, also per IP.</li>
+  <li>50-200 reserved for returning a vulnerability scoring for system monitoring or a CI tools</li>
+  <li>242 (ERR_CHILD)       Child received a signal from master</li>
+  <li>244 (ERR_RESOURCE)    Resources testssl.sh needs couldn't be read</li>
+  <li>245 (ERR_CLUELESS)    Weird state, either though user options or testssl.sh</li>
+  <li>246 (ERR_CONNECT)     Connectivity problem</li>
+  <li>247 (ERR_DNSLOOKUP)   Problem with resolving IP addresses or names</li>
+  <li>248 (ERR_OTHERCLIENT) Other client problem</li>
+  <li>249 (ERR_DNSBIN)      Problem with DNS lookup binaries</li>
+  <li>250 (ERR_OSSLBIN)     Problem with OpenSSL binary</li>
+  <li>251 (ERR_NOSUPPORT)   Feature requested is not supported</li>
+  <li>252 (ERR_FNAMEPARSE)  Input file couldn't be parsed</li>
+  <li>253 (ERR_FCREATE)     Output file couldn't be created</li>
+  <li>254 (ERR_CMDLINE)     Cmd line couldn't be parsed</li>
+  <li>255 (ERR_BASH)       Bash version incorrect</li>
+</ul>
+
+<h2 id="FILES">FILES</h2>
+
+<p><strong>etc/*pem</strong>               are the certificate stores from Apple, Linux, Mozilla Firefox, Windows and Java.</p>
+
+<p><strong>etc/client-simulation.txt</strong>  contains client simulation data.</p>
+
+<p><strong>etc/cipher-mapping.txt</strong>  provides a mandatory file with mapping from OpenSSL cipher suites names to the ones from IANA / used in the RFCs.</p>
+
+<p><strong>etc/tls_data.txt</strong>        provides a mandatory file for ciphers (bash sockets) and key material.</p>
+
+<h2 id="AUTHORS">AUTHORS</h2>
+
+<p>Developed by Dirk Wetter, David Cooper and many others, see CREDITS.md .</p>
+
+<h2 id="COPYRIGHT">COPYRIGHT</h2>
+
+<p>Copyright © 2012 Dirk Wetter. License GPLv2: Free Software Foundation, Inc.
+       This is free software: you are free to change and redistribute it under the terms of the license, see LICENSE.</p>
+
+<p>Attribution is important for the future of this project - also in the
+internet. Thus if you're offering a scanner based on testssl.sh as a public
+and/or paid service in the internet you are strongly encouraged to mention to
+your audience that you're using this program and where to get this program
+from. That helps us to get bugfixes, other feedback and more contributions.</p>
+
+<p>Usage WITHOUT ANY WARRANTY. USE at your OWN RISK!</p>
+
+<h2 id="LIMITATION">LIMITATION</h2>
+
+<p>All native Windows platforms emulating Linux are known to be slow.</p>
+
+<h2 id="BUGS">BUGS</h2>
+
+<p>Probably. Current known ones and interface for filing new ones: https://testssl.sh/bugs/ .</p>
+
+<h2 id="SEE-ALSO">SEE ALSO</h2>
+
+<p><span class="man-ref"><code>ciphers</code><span class="s">(1)</span></span>, <span class="man-ref"><code>openssl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>s_client</code><span class="s">(1)</span></span>, <span class="man-ref"><code>x509</code><span class="s">(1)</span></span>, <span class="man-ref"><code>verify</code><span class="s">(1)</span></span>, <span class="man-ref"><code>ocsp</code><span class="s">(1)</span></span>, <span class="man-ref"><code>crl</code><span class="s">(1)</span></span>, <span class="man-ref"><code>bash</code><span class="s">(1)</span></span> and the websites https://testssl.sh/ and https://github.com/drwetter/testssl.sh/ .</p>
+
+  <ol class='man-decor man-foot man foot'>
+    <li class='tl'></li>
+    <li class='tc'>December 2021</li>
+    <li class='tr'>testssl(1)</li>
+  </ol>
+
+  </div>
+</body>
+</html>
diff --git a/doc/testssl.1.md b/doc/testssl.1.md
index 107cd27..0f5f771 100644
--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@@ -1,4 +1,3 @@
-% testssl(1) | General Commands Manual
 
 ## NAME
    testssl.sh -- check encryption of SSL/TLS servers
@@ -55,9 +54,9 @@ linked OpenSSL binaries for major operating systems are supplied in `./bin/`.
 
 8) testing each of 370 preconfigured ciphers
 
-9) client simulation
+8) client simulation
 
-10) rating
+9) rating
 
 
 
@@ -90,15 +89,14 @@ Nmap's output always returns IP addresses and only if there's a PTR DNS record a
 A typical internal conversion to testssl.sh file format from nmap's grep(p)able format could look like:
 
 ```
-  10.10.12.16:443
-  10.10.12.16:1443
-  -t smtp host.example.com:25
-  host.example.com:443
-  host.example.com:631
-  -t ftp 10.10.12.11:21
-  10.10.12.11:8443
+10.10.12.16:443
+10.10.12.16:1443
+-t smtp host.example.com:25
+host.example.com:443
+host.example.com:631
+-t ftp 10.10.12.11:21
+10.10.12.11:8443
 ```
-
 Please note that `fname` has to be in Unix format. DOS carriage returns won't be accepted. Instead of the command line switch the environment variable FNAME will be honored too.
 
 `--mode <serial|parallel>`. Mass testing to be done serial (default) or parallel (`--parallel` is shortcut for the latter, `--serial` is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable `MASS_TESTING_MODE` can be defined to be either equal `serial` or `parallel`.
@@ -117,7 +115,7 @@ The same can be achieved by setting the environment variable `WARNINGS`.
 
 ### SPECIAL INVOCATIONS
 
-`-t <protocol>, --starttls <protocol>`    does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`,  `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
+`-t <protocol>, --starttls <protocol>`    does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`,  `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with `--ssl-native`. `irc` is WIP.
 
 `--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
 
@@ -243,7 +241,7 @@ Also for multiple server certificates are being checked for as well as for the c
 
 `-C, --compression, --crime`    Checks for CRIME (*Compression Ratio Info-leak Made Easy*) vulnerability in TLS. CRIME in SPDY is not yet being checked for.
 
-`-B, --breach`                  Checks for BREACH (*Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext*) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via `--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.
+`-B, --breach`                  Checks for BREACH (*Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext*) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.
 
 `-O, --poodle`                  Tests for SSL POODLE (*Padding Oracle On Downgraded Legacy Encryption*) vulnerability. It basically checks for the existence of CBC ciphers in SSLv3.
 
@@ -310,9 +308,9 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
 
 `--json`                Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json-pretty` flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The output doesn't contain a banner or a footer.
 
-`--jsonfile <jsonfile>` or `-oj <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `jsonfile` is a directory the output will put into `logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json`. If `jsonfile` is a file it will use that file name, an absolute path is also permitted here.
+`--jsonfile <jsonfile>` or `-oj <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `jsonfile` is a directory the output will put into `logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If `jsonfile` is a file it will use that file name, an absolute path is also permitted here.
 
-`--json-pretty` Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.
+`--json-pretty` Logs additionally to JSON file `${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too.  The footer lists the scan time in seconds.
 
 `--jsonfile-pretty <jsonfile>` or `-oJ <jsonfile>`  Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) into a file or a directory. For further explanation see `--jsonfile` or `--logfile`.
 
@@ -336,7 +334,7 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe
 
 `--overwrite` Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that **without any warning**. The environment variable OVERWRITE does the same. Be careful, you have been warned!
 
-`--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before `${NODE}-`. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`.
+`--outprefix <fname_prefix>` Prepend output filename prefix <fname_prefix> before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named `<fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format>` when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a `<fname_prefix>` ending in '.',  '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to `<fname_prefix>`.
 
 A few file output options can also be preset via environment variables.
 
@@ -372,11 +370,9 @@ Except the environment variables mentioned above which can replace command line
 * TERM_WIDTH is a variable which overrides the auto-determined terminal width size. Setting this variable normally only makes sense if you log the output to a file using the `--log`, `--logfile` or `-oL` option.
 * DEBUG_ALLINONE / SETX: when setting one of those to true testssl.sh falls back to the standard bash behavior, i.e. calling ``bash -x testssl.sh`` it displays the bash debugging output not in an external file `/tmp/testssl-<XX>.log`
 * DEBUGTIME: Profiling option. When using bash's debug mode and when this is set to true, it generates a separate text file with epoch times in `/tmp/testssl-<XX>.time`. They need to be concatenated by `paste /tmp/testssl-<XX>.{time,log}`
-<!---
-* FAST_SOCKET
-* SHOW_SIGALGO
-* FAST
--->
+[comment]: # * FAST_SOCKET
+[comment]: # * SHOW_SIGALGO
+[comment]: # * FAST
 * EXPERIMENTAL=true is an option which is sometimes used in the development process to make testing easier. In released versions this has no effect.
 * ALL_CLIENTS=true runs a client simulation with *all* (currently 126) clients when testing HTTP.
 * UNBRACKTD_IPV6: needs to be set to true for some old versions of OpenSSL (like from Gentoo) which don't support [bracketed] IPv6 addresses
@@ -389,10 +385,8 @@ Except the environment variables mentioned above which can replace command line
 * STARTTLS_SLEEP is per default set to 10 (seconds). That's the value testssl.sh waits for a string in the STARTTLS handshake before giving up.
 * MAX_PARALLEL is the maximum number of tests to run in parallel in parallel mass testing mode. The default value of 20 may be made larger on systems with faster processors.
 * MAX_WAIT_TEST is the maximum time (in seconds) to wait for a single test in parallel mass testing mode to complete. The default is 1200.
-<!---
-* USLEEP_SND
-* USLEEP_REC
--->
+[comment]: # USLEEP_SND
+[comment]: # USLEEP_REC
 * HSTS_MIN is preset to 179 (days). If you want warnings sooner or later for HTTP Strict Transport Security you can change this.
 * HPKP_MIN is preset to 30 (days). If you want warnings sooner or later for HTTP Public Key Pinning you can change this
 * DAYS2WARN1 is the first threshold when you'll be warning of a certificate expiration of a host, preset to 60 (days). For Let's Encrypt this value will be divided internally by 2.
@@ -404,7 +398,6 @@ Except the environment variables mentioned above which can replace command line
 * MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like *Fatal error: repeated HTTP header connect problems, doesn't make sense to continue*.
 
 ### RATING
-
 This program has a near-complete implementation of SSL Labs's '[SSL Server Rating Guide](https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide)'.
 
 This is *not* a 100% reimplementation of the [SSL Lab's SSL Server Test](https://www.ssllabs.com/ssltest/analyze.html), but an implementation of the above rating specification, slight discrepancies may occur. Please note that for now we stick to the SSL Labs rating as good as possible. We are not responsible for their rating. Before filing issues please inspect their Rating Guide.
@@ -413,7 +406,6 @@ Disclaimer: Having a good grade is **NOT** necessarily equal to having good secu
 would lead to a false sense of security - at least until we test for DANE or MTA-STS.
 
 As of writing, these checks are missing:
-
 * GOLDENDOODLE - should be graded **F** if vulnerable
 * Insecure renegotiation - should be graded **F** if vulnerable
 * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - should be graded **F** if vulnerable
@@ -427,7 +419,6 @@ As of writing, these checks are missing:
 * Weak key (Debian OpenSSL Flaw) - should give **0** points in `set_key_str_score()`
 
 #### Implementing new grades caps or -warnings
-
 To implement a new grading cap, simply call the `set_grade_cap()` function, with the grade and a reason:
 ```bash
 set_grade_cap "D" "Vulnerable to documentation"
@@ -436,18 +427,14 @@ To implement a new grade warning, simply call the `set_grade_warning()` function
 ```bash
 set_grade_warning "Documentation is always right"
 ```
-
 #### Implementing a new check which contains grade caps
-
 When implementing a new check (be it vulnerability or not) that sets grade caps, the `set_rating_state()` has to be updated (i.e. the `$do_mycheck` variable-name has to be added to the loop, and `$nr_enabled` if-statement has to be incremented)
 
 The `set_rating_state()` automatically disables rating, if all the required checks are *not* enabled.
 This is to prevent giving out a misleading or wrong grade.
 
 #### Implementing a new revision
-
 When a new revision of the rating specification comes around, the following has to be done:
-
 * New grade caps has to be either:
   1. Added to the script wherever relevant, or
   2. Added to the above list of missing checks (if above is not possible)
@@ -486,8 +473,9 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
 ## RFCs and other standards
 
 * RFC 2246: The TLS Protocol Version 1.0
-* RFC 2818: HTTP Over TLS
 * RFC 2595: Using TLS with IMAP, POP3 and ACAP
+* RFC 2818: HTTP Over TLS
+* RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
 * RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
 * RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1
 * RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
@@ -498,6 +486,7 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
 * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
 * RFC 5321: Simple Mail Transfer Protocol
 * RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
+* RFC 5804: A Protocol for Remotely Managing Sieve Scripts
 * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
 * RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0
 * RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core

From c5ed4c9e5e66e0a2365a671854b45eb5c4027325 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Tue, 1 Feb 2022 10:02:35 +0100
Subject: [PATCH 13/33] Add CI check

* for STARTTLS + LDAP
* for STARTTLS + POP3 reenable check with openssl as GH has not the time limits which Travis had
---
 t/21_baseline_starttls.t | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/t/21_baseline_starttls.t b/t/21_baseline_starttls.t
index 15b4873..744ea34 100755
--- a/t/21_baseline_starttls.t
+++ b/t/21_baseline_starttls.t
@@ -60,14 +60,11 @@ $socket_out = `./testssl.sh $check2run -t pop3 $uri 2>&1`;
 unlike($socket_out, qr/$socket_regex_bl/, "");
 $tests++;
 
-# commented out, bc of travis' limits
-#
-#printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ...";
-# unlink "tmp.json";
-#$openssl_out = `./testssl.sh --ssl-native $check2run -t pop3 $uri 2>&1`;
+printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ...";
+$openssl_out = `./testssl.sh --ssl-native $check2run -t pop3 $uri 2>&1`;
 # $openssl_json = json('tmp.json');
-#unlike($openssl_out, qr/$openssl_regex_bl/, "");
-#$tests++;
+unlike($openssl_out, qr/$openssl_regex_bl/, "");
+$tests++;
 
 
 $uri="imap.gmx.net:143";
@@ -146,6 +143,12 @@ $tests++;
 # https://ldapwiki.com/wiki/Public%20LDAP%20Servers
 $uri="db.debian.org:389";
 
+printf "\n%s\n", "STARTTLS LDAP unit tests via sockets --> $uri ...";
+$socket_out = `./testssl.sh $check2run -t ldap $uri 2>&1`;
+# $socket_json = json('tmp.json');
+unlike($socket_out, qr/$socket_regex_bl/, "");
+$tests++;
+
 printf "\n%s\n", "STARTTLS LDAP unit tests via OpenSSL --> $uri ...";
 $openssl_out = `./testssl.sh --ssl-native $check2run -t ldap $uri 2>&1`;
 # $openssl_json = json('tmp.json');
@@ -153,6 +156,7 @@ unlike($openssl_out, qr/$openssl_regex_bl/, "");
 $tests++;
 
 
+
 $uri="140.238.219.117:119";
 
 # unlink "tmp.json";

From a64094a80463a9e7e9ef835cbc263a1602148a0a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Feb 2022 00:30:46 +0000
Subject: [PATCH 14/33] Bump docker/build-push-action from 2.8.0 to 2.9.0

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-3.1dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index 718477c..f572215 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -48,7 +48,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v2.8.0
+        uses: docker/build-push-action@v2.9.0
         with:
           push: ${{ github.event_name != 'pull_request' }}
           context: .

From 8b4ebc385a69bf8721082b7369f6d83ff3726511 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 2 Feb 2022 11:38:33 +0100
Subject: [PATCH 15/33] Fix Darwin / LibreSSL startup problem

This PR addresses a bug where a user encountered the question "The results
might look ok but they could be nonsense. Really proceed".

That happened under Darwin and probably some LibreSSL versions when
checking some hosts. sclient_auth() returned 1 indicating no SSL/TLS
handshake could be established.

This PR modifies sclient_auth() so that in those cases 0 is returned by
skipping the check for the session ID. As NO_SSL_SESSIONID needs to
be set when there's no session ID, this is done separately.
---
 testssl.sh | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 43edd4e..ecd4dac 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -20898,8 +20898,10 @@ extract_calist() {
      return 0
 }
 
-# this is only being called from determine_optimal_proto in order to check whether we have a server
-# with client authentication, a server with no SSL session ID switched off
+# This is only being called from determine_optimal_proto() in order to check whether we have a server with
+# client authentication, a server with no SSL session ID switched off -- and as the name indicates a protocol.
+# ARG1 is the return value von openssl s_client connect. (Darwin or LibreSSL may return 1 here)
+# ARG2 is the file name from server hello
 #
 sclient_auth() {
      local server_hello="$(cat -v "$2")"
@@ -20908,12 +20910,17 @@ sclient_auth() {
      local connect_success=false
 
      [[ $1 -eq 0 ]] && connect_success=true
+
      ! "$connect_success" && [[ "$server_hello" =~ $re ]] && \
           [[ -n "${BASH_REMATCH[1]}" ]] && connect_success=true
      ! "$connect_success" && \
           [[ "$server_hello" =~ (New|Reused)\,\ (SSLv[23]|TLSv1(\.[0-3])?(\/SSLv3)?)\,\ Cipher\ is\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]] && \
           connect_success=true
+
      if "$connect_success"; then
+          [[ ! "$server_hello" =~ Session-ID:\ [a-fA-F0-9]{2,64} ]] && NO_SSL_SESSIONID=true
+          # we needed to set this for later
+
           if [[ "$server_hello" =~ \<\<\<\ (SSL\ [23]|TLS\ 1)(\.[0-3])?[\,]?\ Handshake\ \[length\ [0-9a-fA-F]*\]\,\ CertificateRequest ]]; then
                # CertificateRequest message in -msg
                CLIENT_AUTH="required"
@@ -20922,17 +20929,14 @@ sclient_auth() {
                return 0
           fi
           [[ $1 -eq 0 ]] && return 0
-          if [[ ! "$server_hello" =~ Session-ID:\ [a-fA-F0-9]{2,64} ]]; then   # probably no SSL session
-               # do another sanity check to be sure
-               if [[ "$server_hello" =~ \-\-\-BEGIN\ CERTIFICATE\-\-\-.*\-\-\-END\ CERTIFICATE\-\-\- ]]; then
-                    CLIENT_AUTH="none"
-                    NO_SSL_SESSIONID=true  # NO_SSL_SESSIONID is preset globally to false for all other cases
-                    return 0
-               fi
+          if [[ "$server_hello" =~ \-\-\-BEGIN\ CERTIFICATE\-\-\-.*\-\-\-END\ CERTIFICATE\-\-\- ]]; then
+               # This should be already set but just to be sure
+               CLIENT_AUTH="none"
+               return 0
+          else
+               return 1
           fi
      fi
-     # what's left now is: no protocol and ciphersuite specified, handshake returned not successful, session ID empty --> not successful
-     return 1
 }
 
 # Determine the best parameters to use with tls_sockets():
@@ -21144,7 +21148,7 @@ determine_optimal_proto() {
                          $OPENSSL s_client $(s_client_options "$proto $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI") </dev/null >$TMPFILE 2>>$ERRFILE
                     fi
                fi
-               
+
                if sclient_auth $? $TMPFILE; then
                     # we use the successful handshake at least to get one valid protocol supported -- it saves us time later
                     if [[ -z "$proto" ]]; then

From 86853c4a5c226fc82b7e4f2b86c26ca7dddc4c20 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 2 Feb 2022 12:28:09 +0100
Subject: [PATCH 16/33] correct English in comment

---
 testssl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index ecd4dac..35e292c 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -20900,8 +20900,8 @@ extract_calist() {
 
 # This is only being called from determine_optimal_proto() in order to check whether we have a server with
 # client authentication, a server with no SSL session ID switched off -- and as the name indicates a protocol.
-# ARG1 is the return value von openssl s_client connect. (Darwin or LibreSSL may return 1 here)
-# ARG2 is the file name from server hello
+# ARG1 is the openssl s_client connect return value. (Darwin or LibreSSL may return 1 here)
+# ARG2 is the server hello file name
 #
 sclient_auth() {
      local server_hello="$(cat -v "$2")"

From dd5d91f527483d5fdc89e96a2ffa40df024b766c Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 14 Feb 2022 18:07:57 +0100
Subject: [PATCH 17/33] Fix locale error message when en_US.UTF-8 isn't
 available

Therefore a new global function was declared checking whether any of
the known locales work on the client without seeting them.
C / POSIX should work as well for LC_COLLATE.

This fixes #2100 for 3.1dev.
---
 testssl.sh | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 35e292c..2df3953 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -236,7 +236,7 @@ SSL_RENEG_ATTEMPTS=${SSL_RENEG_ATTEMPTS:-6}       # number of times to check SSL
 
 ########### Initialization part, further global vars just being declared here
 #
-LC_COLLATE=en_US.UTF-8                  # ensures certain regex patterns work as expected and aren't localized, see #1860
+LC_COLLATE=""                           # will ensure certain regex patterns work as expected and aren't localized, see setup_lc_collate()
 SYSTEM2=""                              # currently only being used for WSL = bash on windows
 PRINTF=""                               # which external printf to use. Empty presets the internal one, see #1130
 CIPHERS_BY_STRENGTH_FILE=""
@@ -5315,7 +5315,7 @@ run_protocols() {
                     set_grade_cap "F" "SSLv2 is offered"
                     ;;
                7)   prln_local_problem "$OPENSSL doesn't support \"s_client -ssl2\""
-                    fileout "$jsonID" "INFO" "not tested due to lack of local support"
+                    fileout "$jsonID" "WARN" "not tested due to lack of local support"
                     ((ret++))
                     ;;
           esac
@@ -19680,6 +19680,29 @@ check_bsd_mount() {
      fi
 }
 
+# It's important to avoid certain locales as the impact bash's pattern matching, see #1860
+# and comment in #2100
+#
+setup_lc_collate() {
+     local l=""
+     local msg='locale(1) support for any of "C, POSIX, C.UTF-8, en_US.UTF-8, en_GB.UTF-8" missing'
+     local found=false
+
+     for l in C POSIX C.UTF-8 en_US.UTF-8 en_GB.UTF-8; do
+          locale -a | grep -q $l
+          [[ $? -ne 0 ]] && continue
+          export LC_COLLATE=$l
+          found=true
+          break
+     done
+     if ! "$found"; then
+          prln_local_problem "$msg\n"
+          fileout "$jsonID" "WARN" "$msg"
+          return 1
+     fi
+     return 0
+}
+
 # This sets the PRINTF command for writing into TCP sockets. It is needed because
 # The shell builtin printf flushes the write buffer at every \n, ("\x0a") which
 # in turn means a new TCP fragment. That causes a slight performance penalty and
@@ -23367,7 +23390,7 @@ lets_roll() {
      check_proxy
      check4openssl_oldfarts
      check_bsd_mount
-
+     setup_lc_collate
 
      if "$do_display_only"; then
           prettyprint_local "$PATTERN2SHOW"

From deef51305a2034cb6e9e4b459a85a34eb4821ea4 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 16 Feb 2022 12:16:11 +0100
Subject: [PATCH 18/33] Fix JSON output bc of missing locale in alpine (3.1dev)

It is now being tested whether the binary locale exists and
there's a global introduced for that.

Also there's no fileout warning at this early stage anymore
as it leads to non-valid JSON.

This fixes #2103 in 3.1dev.
---
 testssl.sh | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 2df3953..10601c5 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -236,7 +236,8 @@ SSL_RENEG_ATTEMPTS=${SSL_RENEG_ATTEMPTS:-6}       # number of times to check SSL
 
 ########### Initialization part, further global vars just being declared here
 #
-LC_COLLATE=""                           # will ensure certain regex patterns work as expected and aren't localized, see setup_lc_collate()
+LC_COLLATE=""                           # ensures certain regex patterns work as expected and aren't localized, see setup_lc_collate()
+HAS_LOCALE=false
 SYSTEM2=""                              # currently only being used for WSL = bash on windows
 PRINTF=""                               # which external printf to use. Empty presets the internal one, see #1130
 CIPHERS_BY_STRENGTH_FILE=""
@@ -19688,6 +19689,13 @@ setup_lc_collate() {
      local msg='locale(1) support for any of "C, POSIX, C.UTF-8, en_US.UTF-8, en_GB.UTF-8" missing'
      local found=false
 
+     type -p locale &> /dev/null && HAS_LOCALE=true
+     if ! "$HAS_LOCALE"; then
+          # likely docker container or any other minimal environment. This should work(tm)
+          LC_COLLATE=C
+          return 0
+     fi
+
      for l in C POSIX C.UTF-8 en_US.UTF-8 en_GB.UTF-8; do
           locale -a | grep -q $l
           [[ $? -ne 0 ]] && continue
@@ -19697,7 +19705,7 @@ setup_lc_collate() {
      done
      if ! "$found"; then
           prln_local_problem "$msg\n"
-          fileout "$jsonID" "WARN" "$msg"
+          # we can't use fileout yet as it messes up JSON output, see #2103
           return 1
      fi
      return 0
@@ -19971,6 +19979,7 @@ HAS_GNUDATE: $HAS_GNUDATE
 HAS_FREEBSDDATE: $HAS_FREEBSDDATE
 HAS_OPENBSDDATE: $HAS_OPENBSDDATE
 HAS_SED_E: $HAS_SED_E
+HAS_LOCALE: $HAS_LOCALE
 
 SHOW_EACH_C: $SHOW_EACH_C
 SSL_NATIVE: $SSL_NATIVE

From 1059b0790943e788852392e313c344549da58c39 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 16 Feb 2022 23:09:11 +0100
Subject: [PATCH 19/33] Fix "ID resumption test failed" under Darwin

Under Darwin using LibreSSL it was not possible to test for session
resumption by session ID.

This fixes #2096 by checking not only the return value of the s_client
hello but also whether a probable certificate is being returned.
---
 testssl.sh | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 10601c5..4381114 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -6521,17 +6521,22 @@ sub_session_resumption() {
           addcmd+=" $protocol"
      fi
 
-     $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>/dev/null
+     $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>$tmpfile
      ret1=$?
      if [[ $ret1 -ne 0 ]]; then
-          debugme echo -n "Couldn't connect #1  "
-          return 7
+          # MacOS and LibreSSL return 1 here, that's why we need to check whether the handshake contains e.g. a certificate
+          if [[ ! $(<$tmpfile) =~ -----.*\ CERTIFICATE----- ]]; then
+               debugme echo -n "Couldn't connect #1  "
+               return 7
+          fi
      fi
      if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \
         ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR == 3 ]] ) && \
         [[ ! -s "$sess_data" ]]; then
           # it seems OpenSSL indicates no Session ID resumption by just not generating output
           debugme echo -n "No session resumption byID (empty file)"
+          # If we want to check the presence of session data:
+          # [[ ! $(<$sess_data) =~ -----.*\ SSL\ SESSION\ PARAMETERS----- ]]
           ret=2
      else
           $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_in $sess_data") </dev/null >$tmpfile 2>$ERRFILE
@@ -6541,8 +6546,10 @@ sub_session_resumption() {
                [[ -s "$sess_data" ]] && echo "not empty" || echo "empty"
           fi
           if [[ $ret2 -ne 0 ]]; then
-               debugme echo -n "Couldn't connect #2  "
-               return 7
+               if [[ ! $(<$tmpfile) =~ -----.*\ CERTIFICATE----- ]]; then
+                    debugme echo -n "Couldn't connect #2  "
+                    return 7
+               fi
           fi
           # "Reused" indicates session material was reused, "New": not
           if grep -aq "^Reused" "$tmpfile"; then
@@ -6553,7 +6560,7 @@ sub_session_resumption() {
                debugme echo -n "Problem with 2nd ServerHello  "
           fi
           # Now get the line and compare the numbers "read" and "written" as a second criteria.
-          # If the "read" number is bigger: a new session ID was probably used
+          # If the "read" number is bigger: a new session ID was probably used.
           rw_line="$(awk '/^SSL handshake has read/ { print $5" "$(NF-1) }' "$tmpfile" )"
           rw_line=($rw_line)
           if [[ "${rw_line[0]}" -gt "${rw_line[1]}" ]]; then

From 00e7977a2ce5d46f029886def75f08688efad66a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Feb 2022 00:50:50 +0000
Subject: [PATCH 20/33] Bump docker/login-action from 1.12.0 to 1.13.0

Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-3.1dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index f572215..cdc47b7 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -41,7 +41,7 @@ jobs:
 
       - name: GitHub login
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1.12.0
+        uses: docker/login-action@v1.13.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

From 7a3b1f018f26c7a65a46e340c53baf77fb278c3b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Mar 2022 00:34:27 +0000
Subject: [PATCH 21/33] Bump docker/login-action from 1.13.0 to 1.14.1

Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-3.1dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index cdc47b7..e38b95d 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -41,7 +41,7 @@ jobs:
 
       - name: GitHub login
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1.13.0
+        uses: docker/login-action@v1.14.1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

From 60885e0c1550954011a45f09b4294f732005877a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Mar 2022 00:34:23 +0000
Subject: [PATCH 22/33] Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml     | 2 +-
 .github/workflows/docker-3.1dev.yml | 2 +-
 .github/workflows/test.yml          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 28a2126..6b3b084 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -6,7 +6,7 @@ jobs:
     name: Check for spelling errors
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: codespell-project/actions-codespell@master
         with:
           skip: ca_hashes.txt,tls_data.txt,*.pem,OPENSSL-LICENSE.txt
diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index e38b95d..ff15c7a 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Source checkout
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3
 
       - name: Setup QEMU
         id: qemu
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7fdf62f..60e2dc7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
         perl: ['5.26']
     name: Perl ${{ matrix.perl }} on ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up perl
         uses: shogo82148/actions-setup-perl@v1
         with:

From 1eb5b2949e183d399d59b29d71045689ced56990 Mon Sep 17 00:00:00 2001
From: enxio <enxio6@gmail.com>
Date: Wed, 2 Mar 2022 10:04:57 +0100
Subject: [PATCH 23/33] Add support for TN3270/telnet STARTTLS (similar to
 OpenSSL's approach).

---
 testssl.sh | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/testssl.sh b/testssl.sh
index 4381114..b159508 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11159,6 +11159,29 @@ starttls_mysql_dialog() {
      return $ret
 }
 
+starttls_telnet_dialog() {
+     debugme echo "=== starting telnet STARTTLS dialog ==="
+     local msg1="
+     , xff, xfb, x2e"
+     local msg2="
+     , xff, xfa, x2e, x01, xff, xf0
+     "
+     local tnres=""
+     local ret=""
+     socksend "${msg1}"            0    && debugme echo "${debugpad}initiated STARTTLS" &&
+     socksend "${msg2}"            1    &&
+     tnres=$(sockread_fast 20)          && debugme echo "read succeeded"
+     [[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $tnres\n"
+     # check for START_TLS and FOLLOWS
+     if [[ ${tnres:10:2} == 2E && ${tnres:12:2} == 01 ]]; then
+          ret=0
+     else
+          ret=1
+     fi
+     debugme echo "=== finished telnet STARTTLS dialog with ${ret} ==="
+     return $ret
+}
+
 # arg1: fd for socket -- which we don't use yes as it is a hassle (not clear whether it works under every bash version)
 # arg2: optional: for STARTTLS additional command to be injected
 # returns 6 if opening the socket caused a problem, 1 if STARTTLS handshake failed, 0: all ok
@@ -11270,6 +11293,9 @@ fd_socket() {
                mysql) # MySQL, see https://dev.mysql.com/doc/internals/en/x-protocol-lifecycle-lifecycle.html#x-protocol-lifecycle-tls-extension
                     starttls_mysql_dialog
                     ;;
+               telnet) # captured from a tn3270 negotiation against a z/VM 7.2
+                    starttls_telnet_dialog
+                    ;;
                *) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP
                     fatal "FIXME: STARTTLS protocol $STARTTLS_PROTOCOL is not supported yet" $ERR_NOSUPPORT
           esac

From 1c2e3405061eca2a311bbc63d78350b94a8215a0 Mon Sep 17 00:00:00 2001
From: enxio <enxio6@gmail.com>
Date: Wed, 2 Mar 2022 14:02:14 +0100
Subject: [PATCH 24/33] Conform to style. Add some more info on the TN3270
 STARTTLS negotiation.

---
 testssl.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index b159508..fbc1691 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11168,12 +11168,13 @@ starttls_telnet_dialog() {
      "
      local tnres=""
      local ret=""
+
      socksend "${msg1}"            0    && debugme echo "${debugpad}initiated STARTTLS" &&
      socksend "${msg2}"            1    &&
      tnres=$(sockread_fast 20)          && debugme echo "read succeeded"
      [[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $tnres\n"
      # check for START_TLS and FOLLOWS
-     if [[ ${tnres:10:2} == 2E && ${tnres:12:2} == 01 ]]; then
+     if [[ ${tnres:10:2} == 2E ]] && [[ ${tnres:12:2} == 01 ]]; then
           ret=0
      else
           ret=1
@@ -11293,7 +11294,7 @@ fd_socket() {
                mysql) # MySQL, see https://dev.mysql.com/doc/internals/en/x-protocol-lifecycle-lifecycle.html#x-protocol-lifecycle-tls-extension
                     starttls_mysql_dialog
                     ;;
-               telnet) # captured from a tn3270 negotiation against a z/VM 7.2
+               telnet) # captured from a tn3270 negotiation against z/VM 7.2. Also, see OpenSSL apps/s_client.c for the handling of PROTO_TELNET
                     starttls_telnet_dialog
                     ;;
                *) # we need to throw an error here -- otherwise testssl.sh treats the STARTTLS protocol as plain SSL/TLS which leads to FP

From bddf9c967f4c0b5c4a2162f80c28e23024dd02cf Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 8 Mar 2022 11:45:55 -0500
Subject: [PATCH 25/33] Include RSA-PSS in ClientHello

This commit changes prepare_tls_clienthello() so that the RSA-PSS algorithms are offered in the signature algorithms extension of TLS 1.2 and below ClientHello messages.
---
 testssl.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index fbc1691..6a7c531 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -14996,9 +14996,10 @@ prepare_tls_clienthello() {
           if [[ 0x$tls_low_byte -le 0x03 ]]; then
                extension_signature_algorithms="
                00, 0d,                    # Type: signature_algorithms , see RFC 5246 and RFC 8422
-               00, 24, 00,22,             # lengths
+               00, 30, 00,2e,             # lengths
                06,01, 06,02, 06,03, 05,01, 05,02, 05,03, 04,01, 04,02, 04,03,
-               03,01, 03,02, 03,03, 02,01, 02,02, 02,03, 08,07, 08,08"
+               03,01, 03,02, 03,03, 02,01, 02,02, 02,03,
+               08,04, 08,05, 08,06, 08,07, 08,08, 08,09, 08,0a, 08,0b"
           else
                extension_signature_algorithms="
                00, 0d,                    # Type: signature_algorithms , see RFC 8446

From 7a3ce9c677d72c0744673fb44094abce86ad92d9 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 8 Mar 2022 11:38:11 -0500
Subject: [PATCH 26/33] Fix sclient_auth

If $connect_success is false, then sclient_auth() does not "return" any value, and the calling function treats this as if sclient_auth() had returned 0.

This commit fixes sclient_auth() so that 1 is returned if $client_success is false.
---
 testssl.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/testssl.sh b/testssl.sh
index 6a7c531..40ce4ff 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -21004,6 +21004,7 @@ sclient_auth() {
                return 1
           fi
      fi
+     return 1
 }
 
 # Determine the best parameters to use with tls_sockets():

From 008fa228c098c5c1923922237bdf41cc493ae5c2 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 9 Mar 2022 10:33:51 -0500
Subject: [PATCH 27/33] Add DH groups to supported_groups

There is at least one server that will not negotiate TLS_DHE_* cipher suites with TLS 1.2 and below if the supported_groups extension is present but does not include any DH groups. This commit adds the DH groups that are currently in the TLS 1.3 ClientHello to the TLS 1.2 and earlier ClientHello.
---
 testssl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 40ce4ff..523273d 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -15025,11 +15025,11 @@ prepare_tls_clienthello() {
                # Supported Groups Extension
                extension_supported_groups="
                00, 0a,                    # Type: Supported Elliptic Curves , see RFC 4492
-               00, 3e, 00, 3c,            # lengths
+               00, 42, 00, 40,            # lengths
                00, 0e, 00, 0d, 00, 19, 00, 1c, 00, 1e, 00, 0b, 00, 0c, 00, 1b,
                00, 18, 00, 09, 00, 0a, 00, 1a, 00, 16, 00, 17, 00, 1d, 00, 08,
                00, 06, 00, 07, 00, 14, 00, 15, 00, 04, 00, 05, 00, 12, 00, 13,
-               00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11"
+               00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11, 01, 00, 01, 01"
           elif [[ 0x$tls_low_byte -gt 0x03 ]]; then
                # Supported Groups Extension
                if [[ ! "$process_full" =~ all ]] || ( "$HAS_X25519" && "$HAS_X448" ); then

From bcacee1e4c1849b2b4dcadeafc4b02df0d3acd83 Mon Sep 17 00:00:00 2001
From: enxio <enxio6@gmail.com>
Date: Mon, 14 Mar 2022 15:24:55 +0100
Subject: [PATCH 28/33] Conform to style with local variables: declare "ret"
 properly.

---
 testssl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 523273d..5f3673f 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11161,13 +11161,13 @@ starttls_mysql_dialog() {
 
 starttls_telnet_dialog() {
      debugme echo "=== starting telnet STARTTLS dialog ==="
+     local tnres=""
+     local -i ret=0
      local msg1="
      , xff, xfb, x2e"
      local msg2="
      , xff, xfa, x2e, x01, xff, xf0
      "
-     local tnres=""
-     local ret=""
 
      socksend "${msg1}"            0    && debugme echo "${debugpad}initiated STARTTLS" &&
      socksend "${msg2}"            1    &&

From c0fb2d1f70495d92b2b8a61ebd057b191a0faa38 Mon Sep 17 00:00:00 2001
From: enxio <enxio6@gmail.com>
Date: Mon, 14 Mar 2022 15:27:55 +0100
Subject: [PATCH 29/33] Declare missing variable, style.

---
 testssl.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 5f3673f..6e3429d 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11160,7 +11160,7 @@ starttls_mysql_dialog() {
 }
 
 starttls_telnet_dialog() {
-     debugme echo "=== starting telnet STARTTLS dialog ==="
+     local debugpad="  > "
      local tnres=""
      local -i ret=0
      local msg1="
@@ -11169,6 +11169,7 @@ starttls_telnet_dialog() {
      , xff, xfa, x2e, x01, xff, xf0
      "
 
+     debugme echo "=== starting telnet STARTTLS dialog ==="
      socksend "${msg1}"            0    && debugme echo "${debugpad}initiated STARTTLS" &&
      socksend "${msg2}"            1    &&
      tnres=$(sockread_fast 20)          && debugme echo "read succeeded"

From 16369853d5714fdbea3f3265bd907ffabb3c4977 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Wed, 16 Mar 2022 06:43:08 -0400
Subject: [PATCH 30/33] Working NNTP server

Switch NNTP server testing to a currently working server from http://vivil.free.fr/nntpeng.htm.
---
 t/21_baseline_starttls.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/21_baseline_starttls.t b/t/21_baseline_starttls.t
index 744ea34..79d90e2 100755
--- a/t/21_baseline_starttls.t
+++ b/t/21_baseline_starttls.t
@@ -157,7 +157,7 @@ $tests++;
 
 
 
-$uri="140.238.219.117:119";
+$uri="144.76.182.167:119";
 
 # unlink "tmp.json";
 printf "\n%s\n", "STARTTLS NNTP unit tests via sockets --> $uri ...";

From b3979a8979e70a683dad49a20552575386613617 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Mar 2022 00:27:58 +0000
Subject: [PATCH 31/33] Bump docker/build-push-action from 2.9.0 to 2.10.0

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-3.1dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-3.1dev.yml b/.github/workflows/docker-3.1dev.yml
index ff15c7a..c3cb57a 100644
--- a/.github/workflows/docker-3.1dev.yml
+++ b/.github/workflows/docker-3.1dev.yml
@@ -48,7 +48,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v2.9.0
+        uses: docker/build-push-action@v2.10.0
         with:
           push: ${{ github.event_name != 'pull_request' }}
           context: .

From c14ea2efc8c279e6f596293e9b6c616adcd900bb Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 22 Mar 2022 15:10:28 -0400
Subject: [PATCH 32/33] Use tls_sockets() in run_tls_fallback_scsv()

This commit adds the use of tls_sockets() to run_tls_fallback_scsv() to perform testing when the --ssl-native flag is not used. With this commit, run_tls_fallback_scsv() only uses tls_sockets() instead of $OPENSSL if the ClientHello needs to include the TLS_FALLBACK_SCSV flag, but it is not supported by $OPENSSL, or if the protocol that would be negotiated is SSLv3 and $OPENSSL does not support SSLv3.
---
 testssl.sh | 91 +++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 73 insertions(+), 18 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 6e3429d..2e8c2c5 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -13599,6 +13599,7 @@ parse_tls_serverhello() {
      fi
 
      if [[ $tls_alert_ascii_len -gt 0 ]]; then
+          echo "CONNECTED(00000003)" > $TMPFILE
           debugme echo "TLS alert messages:"
           for (( i=0; i+3 < tls_alert_ascii_len; i+=4 )); do
                tls_err_level=${tls_alert_ascii:i:2}    # 1: warning, 2: fatal
@@ -13798,10 +13799,12 @@ parse_tls_serverhello() {
           [[ $DEBUG -ge 1 ]] && tmpfile_handle ${FUNCNAME[0]}.txt
           return 1
      fi
-     if [[ $DEBUG -eq 0 ]]; then
-          echo "CONNECTED(00000003)" > $TMPFILE
-     else
-          echo "CONNECTED(00000003)" >> $TMPFILE
+     if [[ $tls_alert_ascii_len -eq 0 ]]; then
+          if [[ $DEBUG -eq 0 ]]; then
+               echo "CONNECTED(00000003)" > $TMPFILE
+          else
+               echo "CONNECTED(00000003)" >> $TMPFILE
+          fi
      fi
 
      # First parse the server hello handshake message
@@ -17096,16 +17099,19 @@ run_tls_poodle() {
 # the countermeasure to protect against protocol downgrade attacks.
 #
 run_tls_fallback_scsv() {
-     local -i ret=0
+     local -i ret=0 debug_level
      local high_proto="" low_proto=""
      local p high_proto_str protos_to_try
+     local using_sockets=true
      local jsonID="fallback_SCSV"
 
+     "$SSL_NATIVE" && using_sockets=false
+
      [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for TLS_FALLBACK_SCSV Protection " && outln
      pr_bold " TLS_FALLBACK_SCSV"; out " (RFC 7507)              "
 
      # First check we have support for TLS_FALLBACK_SCSV in our local OpenSSL
-     if ! "$HAS_FALLBACK_SCSV"; then
+     if ! "$HAS_FALLBACK_SCSV" && ! "$using_sockets"; then
           prln_local_problem "$OPENSSL lacks TLS_FALLBACK_SCSV support"
           fileout "$jsonID" "WARN" "$OPENSSL lacks TLS_FALLBACK_SCSV support"
           return 1
@@ -17123,11 +17129,23 @@ run_tls_fallback_scsv() {
                high_proto="$p"
                break
           fi
-          [[ "$p" == ssl3 ]] && ! "$HAS_SSL3" && continue
-          $OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
-          if sclient_connect_successful $? $TMPFILE; then
-               high_proto="$p"
-               break
+          
+          if [[ "$p" == ssl3 ]] && ! "$HAS_SSL3"; then
+               "$using_sockets" || continue
+               tls_sockets "00" "$TLS_CIPHER" "" "" "true"
+               if [[ $? -eq 0 ]]; then
+                    high_proto="$p"
+                    add_proto_offered ssl3 yes
+                    break
+               else
+                    add_proto_offered ssl3 no
+               fi
+          else
+               $OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
+               if sclient_connect_successful $? $TMPFILE; then
+                    high_proto="$p"
+                    break
+               fi
           fi
      done
      case "$high_proto" in
@@ -17181,15 +17199,26 @@ run_tls_fallback_scsv() {
                low_proto="$p"
                break
           fi
-          [[ "$p" == ssl3 ]] && ! "$HAS_SSL3" && continue
-          $OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
-          if sclient_connect_successful $? $TMPFILE; then
-               low_proto="$p"
-               break
+          if [[ "$p" == ssl3 ]] && ! "$HAS_SSL3"; then
+               "$using_sockets" || continue
+               tls_sockets "00" "$TLS_CIPHER" "" "" "true"
+               if [[ $? -eq 0 ]]; then
+                    low_proto="$p"
+                    add_proto_offered ssl3 yes
+                    break
+               else
+                    add_proto_offered ssl3 no
+               fi
+          else
+               $OPENSSL s_client $(s_client_options "-$p $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
+               if sclient_connect_successful $? $TMPFILE; then
+                    low_proto="$p"
+                    break
+               fi
           fi
      done
 
-     if ! "$HAS_SSL3" && \
+     if ! "$HAS_SSL3" && ! "$using_sockets" && \
          ( [[ "$low_proto" == ssl3 ]] || \
            ( [[ "$high_proto" == tls1 ]] && [[ $(has_server_protocol ssl3) -eq 2 ]] ) ); then
           # If the protocol that the server would fall back to is SSLv3, but $OPENSSL does
@@ -17228,7 +17257,33 @@ run_tls_fallback_scsv() {
      debugme echo "Simulating fallback from $high_proto to $low_proto"
 
      # ...and do the test (we need to parse the error here!)
-     $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $p -fallback_scsv") &>$TMPFILE </dev/null
+     if "$HAS_FALLBACK_SCSV" && sclient_supported "-$low_proto"; then
+          $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $p -fallback_scsv") &>$TMPFILE </dev/null
+     else
+          # Need to ensure that $TEMPDIR/$NODEIP.parse_tls_serverhello.txt contains the results of the
+          # most recent calls to tls_sockets even if tls_sockets is not successful. Setting $DEBUG to
+          # a non-zero value ensures this. Setting it to 1 prevents any extra information from being
+          # displayed.
+          debug_level="$DEBUG"
+          [[ $DEBUG -eq 0 ]] && DEBUG=1
+          > "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt"
+
+          # tls_sockets() needs to parse the full response since the following code is
+          # looking for "BEGIN CERTIFICATE" when the TLS connection is successful. It
+          # may be possible to speed up this code by having the following code check
+          # the return value from tls_sockets() to determine whether the connection was
+          # successful rather than looking for "BEGIN CERTIFICATE".
+          case "$low_proto" in
+               "tls1_1")
+                    tls_sockets "02" "56,00, $TLS_CIPHER" "all" "" "true" ;;
+               "tls1")
+                    tls_sockets "01" "56,00, $TLS_CIPHER" "all" "" "true" ;;
+               "ssl3")
+                    tls_sockets "00" "56,00, $TLS_CIPHER" "all" "" "true" ;;
+          esac
+          mv "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" "$TMPFILE"
+          DEBUG=$debug_level
+     fi
      if grep -q "CONNECTED(00" "$TMPFILE"; then
           if grep -qa "BEGIN CERTIFICATE" "$TMPFILE"; then
                if [[ -z "$POODLE" ]]; then

From 9829105450549378866383e94e964aabfe1872f5 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 22 Mar 2022 15:20:02 -0400
Subject: [PATCH 33/33] Reorder output of run_server_preference()

This commit reorders the output of run_server_preference() as discussed in #1311.
---
 t/baseline_data/default_testssl.csvfile |   6 +-
 testssl.sh                              | 115 ++++++++++++------------
 2 files changed, 60 insertions(+), 61 deletions(-)

diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile
index 74b972d..fd45dd0 100644
--- a/t/baseline_data/default_testssl.csvfile
+++ b/t/baseline_data/default_testssl.csvfile
@@ -18,9 +18,6 @@
 "cipherlist_AVERAGE","testssl.sh/81.169.166.184","443","LOW","offered","","CWE-310"
 "cipherlist_GOOD","testssl.sh/81.169.166.184","443","OK","offered","",""
 "cipherlist_STRONG","testssl.sh/81.169.166.184","443","OK","offered","",""
-"cipher_order","testssl.sh/81.169.166.184","443","OK","server","",""
-"protocol_negotiated","testssl.sh/81.169.166.184","443","OK","Default protocol TLS1.3","",""
-"cipher_negotiated","testssl.sh/81.169.166.184","443","OK","TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)","",""
 "cipher-tls1_xc014","testssl.sh/81.169.166.184","443","LOW","TLSv1   xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","",""
 "cipher-tls1_xc013","testssl.sh/81.169.166.184","443","LOW","TLSv1   xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","",""
 "cipher-tls1_x88","testssl.sh/81.169.166.184","443","LOW","TLSv1   x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","",""
@@ -60,6 +57,9 @@
 "cipher-tls1_3_x1301","testssl.sh/81.169.166.184","443","OK","TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256","",""
 "cipherorder_TLSv1_3","testssl.sh/81.169.166.184","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256","",""
 "prioritize_chacha_TLSv1_3","testssl.sh/81.169.166.184","443","INFO","false","",""
+"cipher_order","testssl.sh/81.169.166.184","443","OK","server","",""
+"protocol_negotiated","testssl.sh/81.169.166.184","443","OK","Default protocol TLS1.3","",""
+"cipher_negotiated","testssl.sh/81.169.166.184","443","OK","TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)","",""
 "FS","testssl.sh/81.169.166.184","443","OK","offered","",""
 "FS_ciphers","testssl.sh/81.169.166.184","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA","",""
 "FS_ECDHE_curves","testssl.sh/81.169.166.184","443","OK","prime256v1 secp384r1 secp521r1 X25519 X448","",""
diff --git a/testssl.sh b/testssl.sh
index 2e8c2c5..512f4b4 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -6613,9 +6613,7 @@ run_server_preference() {
 
      outln
      pr_headlineln " Testing server's cipher preferences "
-
      outln
-     pr_bold " Has server cipher order?     "
 
      if [[ "$OPTIMAL_PROTO" == -ssl2 ]]; then
           addcmd="$OPTIMAL_PROTO"
@@ -6726,6 +6724,56 @@ run_server_preference() {
      debugme echo "has_cipher_order: $has_cipher_order"
      debugme echo "has_tls13_cipher_order: $has_tls13_cipher_order"
 
+     # restore file from above
+     [[ "$default_proto" == TLSv1.3 ]] && cp "$TEMPDIR/$NODEIP.parse_tls13_serverhello.txt" $TMPFILE
+     cipher1=$(get_cipher $TMPFILE)
+     tmpfile_handle ${FUNCNAME[0]}.txt
+
+     # Sanity check: Handshake with no ciphers and one with forward list didn't overlap
+     if [[ "$cipher0" != $cipher1 ]]; then
+          limitedsense=" (matching cipher in list missing)"
+     fi
+
+     if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && ( [[ "$cipher1" == TLS_* ]] || [[ "$cipher1" == SSL_* ]] ); then
+          default_cipher="$(rfc2openssl "$cipher1")"
+     elif [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ "$cipher1" != TLS_* ]] && [[ "$cipher1" != SSL_* ]]; then
+          default_cipher="$(openssl2rfc "$cipher1")"
+     fi
+     [[ -z "$default_cipher" ]] && default_cipher="$cipher1"
+
+     "$FAST" && using_sockets=false
+     [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
+
+     neat_header
+     while read proto_ossl proto_hex proto_txt; do
+          pr_underline "$(printf -- "%b" "$proto_txt")"
+          # TODO: If there's no cipher we should consider not displaying the text in the round brackets)
+          # the following takes care of that but only if we know the protocol is not supported
+          if [[ $(has_server_protocol "$proto_ossl") -eq 1 ]]; then
+               outln "\n - "
+               continue
+          fi
+          # TODO: Also the fact that a protocol is not supported seems not to be saved by cipher_pref_check()
+          # (./testssl.sh --wide -p -P -E  vs ./testssl.sh --wide -P -E )
+          if [[ $proto_ossl == ssl2 ]] || \
+                    ( [[ $proto_ossl != tls1_3 ]] && ! "$has_cipher_order" ) || \
+                    ( [[ $proto_ossl == tls1_3 ]] && ! "$has_tls13_cipher_order" ); then
+               if [[ $proto_ossl == ssl2 ]]; then
+                    outln " (listed by strength)"
+               elif [[ $proto_ossl == tls1_3 ]]; then
+                    outln " (no server order, thus listed by strength)"
+               else
+                    prln_svrty_high " (no server order, thus listed by strength)"
+               fi
+               ciphers_by_strength "-$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
+          else
+               cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
+          fi
+     done <<< "$(tm_out " ssl2 22 SSLv2\n ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
+     outln
+
+     pr_bold " Has server cipher order?     "
+     jsonID="cipher_order"
      if "$TLS13_ONLY" && ! "$has_tls13_cipher_order"; then
           out "no (TLS 1.3 only)"
           limitedsense=" (limited sense as client will pick)"
@@ -6807,33 +6855,17 @@ run_server_preference() {
 
      pr_bold " Negotiated cipher            "
      jsonID="cipher_negotiated"
-
-     # restore file from above
-     [[ "$default_proto" == TLSv1.3 ]] && cp "$TEMPDIR/$NODEIP.parse_tls13_serverhello.txt" $TMPFILE
-     cipher1=$(get_cipher $TMPFILE)
-
-     # Sanity check: Handshake with no ciphers and one with forward list didn't overlap
-     if [[ "$cipher0" != $cipher1 ]]; then
-          limitedsense=" (matching cipher in list missing)"
-     fi
-
-     if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && ( [[ "$cipher1" == TLS_* ]] || [[ "$cipher1" == SSL_* ]] ); then
-          default_cipher="$(rfc2openssl "$cipher1")"
-     elif [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ "$cipher1" != TLS_* ]] && [[ "$cipher1" != SSL_* ]]; then
-          default_cipher="$(openssl2rfc "$cipher1")"
-     fi
-     [[ -z "$default_cipher" ]] && default_cipher="$cipher1"
      pr_cipher_quality "$default_cipher"
      case $? in
-          1)   fileout "$jsonID" "CRITICAL" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") $limitedsense"
+          1)   fileout "$jsonID" "CRITICAL" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") $limitedsense"
                ;;
-          2)   fileout "$jsonID" "HIGH" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") $limitedsense"
+          2)   fileout "$jsonID" "HIGH" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") $limitedsense"
                ;;
-          3)   fileout "$jsonID" "MEDIUM" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") $limitedsense"
+          3)   fileout "$jsonID" "MEDIUM" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") $limitedsense"
                ;;
-          6|7) fileout "$jsonID" "OK" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") $limitedsense"
+          6|7) fileout "$jsonID" "OK" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") $limitedsense"
                ;;   # best ones
-          4)   fileout "$jsonID" "LOW" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") (cbc) $limitedsense"
+          4)   fileout "$jsonID" "LOW" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") (cbc) $limitedsense"
                ;;  # it's CBC. --> lucky13
           0)   pr_warning "default cipher empty" ;
                if [[ $OSSL_VER == 1.0.2* ]]; then
@@ -6844,10 +6876,10 @@ run_server_preference() {
                fi
                ret=1
                ;;
-          *)   fileout "$jsonID" "INFO" "$default_cipher$(read_dhbits_from_file "$TMPFILE" "string") $limitedsense"
+          *)   fileout "$jsonID" "INFO" "$default_cipher$(read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt" "string") $limitedsense"
                ;;
      esac
-     read_dhbits_from_file "$TMPFILE"
+     read_dhbits_from_file "$TEMPDIR/$NODEIP.run_server_preference.txt"
 
      if [[ "$cipher0" != $cipher1 ]]; then
           pr_warning " -- inconclusive test, matching cipher in list missing"
@@ -6856,39 +6888,6 @@ run_server_preference() {
      else
           outln "$limitedsense"
      fi
-
-     "$FAST" && using_sockets=false
-     [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
-
-     pr_bold " Cipher per protocol"
-     outln "\n" && neat_header
-     while read proto_ossl proto_hex proto_txt; do
-          pr_underline "$(printf -- "%b" "$proto_txt")"
-          # TODO: If there's no cipher we should consider not displaying the text in the round brackets)
-          # the following takes care of that but only if we know the protocol is not supported
-          if [[ $(has_server_protocol "$proto_ossl") -eq 1 ]]; then
-               outln "\n - "
-               continue
-          fi
-          # TODO: Also the fact that a protocol is not supported seems not to be saved by cipher_pref_check()
-          # (./testssl.sh --wide -p -P -E  vs ./testssl.sh --wide -P -E )
-          if [[ $proto_ossl == ssl2 ]] || \
-                    ( [[ $proto_ossl != tls1_3 ]] && ! "$has_cipher_order" ) || \
-                    ( [[ $proto_ossl == tls1_3 ]] && ! "$has_tls13_cipher_order" ); then
-               if [[ $proto_ossl == ssl2 ]]; then
-                    outln " (listed by strength)"
-               elif [[ $proto_ossl == tls1_3 ]]; then
-                    outln " (no server order, thus listed by strength)"
-               else
-                    prln_svrty_high " (no server order, thus listed by strength)"
-               fi
-               ciphers_by_strength "-$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
-          else
-               cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
-          fi
-     done <<< "$(tm_out " ssl2 22 SSLv2\n ssl3 00 SSLv3\n tls1 01 TLSv1\n tls1_1 02 TLSv1.1\n tls1_2 03 TLSv1.2\n tls1_3 04 TLSv1.3\n")"
-     outln
-
      return $ret
      # end of run_server_preference()
 }