Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-23 16:57:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'potato-20-revive-hsts-preload' of github.com:testssl/testssl.sh into potato-20-revive-hsts-preload

Browse Source
This commit is contained in:
Dirk Wetter
2026-06-20 17:19:38 +02:00
parent bb408fd7d5 050a141a71
commit bfdfaf49a6
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
doc/testssl.1
+6 -1
View File
@@ -417,7 +417,8 @@ can try to apply evasion techniques by changing the variables USLEEP_SND
and / or USLEEP_REC and maybe MAX_WAITSOCK. and / or USLEEP_REC and maybe MAX_WAITSOCK.
.PP .PP
\f[CR]\-\-phone\-out\f[R] Checking for revoked certificates via CRL and \f[CR]\-\-phone\-out\f[R] Checking for revoked certificates via CRL and
OCSP is not done per default. OCSP, as well as the HSTS preload list status via hstspreload.org, is
not done per default.
This switch instructs testssl.sh to query external \(en in a sense of This switch instructs testssl.sh to query external \(en in a sense of
the current run \(en URIs. the current run \(en URIs.
By using this switch you acknowledge that the check might have privacy By using this switch you acknowledge that the check might have privacy
@@ -603,6 +604,10 @@ by detection or by enforcing via \f[CR]\-\-assume\-http\f[R].
It tests several HTTP headers like It tests several HTTP headers like
.IP \(bu 2 .IP \(bu 2
HTTP Strict Transport Security (HSTS) HTTP Strict Transport Security (HSTS)
.RS 2
.IP \(bu 2
HSTS preload list status (when \f[CR]\-\-phone\-out\f[R] supplied)
.RE
.IP \(bu 2 .IP \(bu 2
HTTP Public Key Pinning (HPKP) HTTP Public Key Pinning (HPKP)
.IP \(bu 2 .IP \(bu 2
doc/testssl.1.html
+7 -2
View File
@@ -396,7 +396,8 @@
evasion techniques by changing the variables USLEEP_SND and / or evasion techniques by changing the variables USLEEP_SND and / or
USLEEP_REC and maybe MAX_WAITSOCK.</p> USLEEP_REC and maybe MAX_WAITSOCK.</p>
<p><code>--phone-out</code> Checking for revoked certificates <p><code>--phone-out</code> Checking for revoked certificates
via CRL and OCSP is not done per default. This switch instructs via CRL and OCSP, as well as the HSTS preload list status via
hstspreload.org, is not done per default. This switch instructs
testssl.sh to query external in a sense of the current run testssl.sh to query external in a sense of the current run
URIs. By using this switch you acknowledge that the check might URIs. By using this switch you acknowledge that the check might
have privacy issues, a download of several megabytes (CRL file) have privacy issues, a download of several megabytes (CRL file)
@@ -548,7 +549,11 @@
<code>--assume-http</code>. It tests several HTTP headers <code>--assume-http</code>. It tests several HTTP headers
like</p> like</p>
<ul> <ul>
<li>HTTP Strict Transport Security (HSTS)</li> <li>HTTP Strict Transport Security (HSTS)
<ul>
<li>HSTS preload list status (when <code>--phone-out</code>
supplied)</li>
</ul></li>
<li>HTTP Public Key Pinning (HPKP)</li> <li>HTTP Public Key Pinning (HPKP)</li>
<li>Server banner</li> <li>Server banner</li>
<li>HTTP date+time</li> <li>HTTP date+time</li>