diff --git a/.github/workflows/docker-3.2.yml b/.github/workflows/docker-3.2.yml index cbd1a7b..6bb38c7 100644 --- a/.github/workflows/docker-3.2.yml +++ b/.github/workflows/docker-3.2.yml @@ -5,12 +5,14 @@ on: branches: - 3.2 workflow_dispatch: + # Every week at 8am on Mondays, publish the 3.2 branch: + # NOTE: `schedule` event is only triggered for the default branch: + # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule schedule: - cron: "0 8 * * 1" env: - BUILD_VERSION: "3.2" - DOCKER_CLI_EXPERIMENTAL: enabled + GIT_BRANCH: "3.2" jobs: @@ -18,12 +20,15 @@ jobs: runs-on: ubuntu-24.04 steps: + - name: lowercase the repository name + run: echo "REPO=${GITHUB_REPOSITORY@L}" >> "${GITHUB_ENV}" + - name: Source checkout uses: actions/checkout@v4 - name: Setup QEMU id: qemu - uses: docker/setup-qemu-action@v3.6.0 + uses: docker/setup-qemu-action@v3 - name: Setup Buildx id: buildx @@ -33,31 +38,31 @@ jobs: id: docker_meta uses: docker/metadata-action@v5 with: - images: ${{ github.repository }} + images: ${{ env.REPO }} labels: | - org.opencontainers.image.version=${{ env.BUILD_VERSION }} + org.opencontainers.image.version=${{ env.GIT_BRANCH }} org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.title=${{ github.repository }} + org.opencontainers.image.title=${{ env.REPO }} - name: GitHub login if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v3.4.0 + uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.actor }} + username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6.16.0 + uses: docker/build-push-action@v6 with: push: ${{ github.event_name != 'pull_request' }} context: . file: Dockerfile.alpine platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le - build-args: BUILD_VERSION + build-args: GIT_BRANCH cache-from: type=gha, scope=${{ github.workflow }} cache-to: type=gha, scope=${{ github.workflow }} labels: ${{ steps.docker_meta.outputs.labels }} tags: | - ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }} - ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ env.REPO }}:${{ env.GIT_BRANCH }} + ghcr.io/${{ env.REPO }}:latest diff --git a/.github/workflows/unit_tests_ubuntu.yml b/.github/workflows/unit_tests_ubuntu.yml new file mode 100644 index 0000000..f42224d --- /dev/null +++ b/.github/workflows/unit_tests_ubuntu.yml @@ -0,0 +1,60 @@ +--- +name: testssl.sh CI with Ubuntu + +on: + pull_request: + paths-ignore: + - 'utils/**' + - 'doc/**' + - 'bin/**' + - '**.md' + - '**.pem' + - '**.pdf' + - '**.html' + - 'LICENSE' + - 'Dockerfile' + - 'Dockerfile.alpine' + +permissions: + contents: read + +# see https://github.com/shogo82148/actions-setup-perl +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: ['ubuntu-24.04'] + perl: ['5.38'] + name: Unit test on ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + + - name: Set up perl + uses: shogo82148/actions-setup-perl@v1 + with: + perl-version: ${{ matrix.perl }} + + - name: Install OS dependencies + run: | + sudo apt install dnsutils jsonlint + printf "%s\n" "----------" + perl -V + printf "%s\n" "----------" + curl --version + printf "%s\n" "----------" + openssl version -a + printf "%s\n" "----------" + bash --version + printf "%s\n" "----------" + + - name: Install perl modules + run: | + cpanm --notest Test::More + cpanm --notest Data::Dumper + cpanm --notest JSON + cpanm --notest Text::Diff + + - name: run it + run: | + prove -v t diff --git a/Dockerfile-alpine b/Dockerfile.alpine similarity index 100% rename from Dockerfile-alpine rename to Dockerfile.alpine diff --git a/Dockerfile.md b/Dockerfile.md index 330e048..af9020f 100644 --- a/Dockerfile.md +++ b/Dockerfile.md @@ -17,11 +17,13 @@ Use a volume bind mount to a local host directory to access the files outside of docker run --rm -it -v /tmp:/data --workdir /data ghcr.io/testssl/testssl.sh:3.2 --htmlfile ./ example.com ``` -**NOTE:** -- The UID/GID ownership of the file will be created by the container user `testssl` (`1000:1000`), with permissions `644`. -- Your host directory must permit the `testssl` container user or group to write to that host volume. You could alternatively use [`docker cp`](https://docs.docker.com/reference/cli/docker/container/cp/). +> [!NOTE] +> - The UID/GID ownership of the file will be created by the container user `testssl` (`1000:1000`), with permissions `644`. +> - Your host directory must permit the `testssl` container user or group to write to that host volume. You could alternatively use [`docker cp`](https://docs.docker.com/reference/cli/docker/container/cp/). -### From DockerHub or GHCR +## Images + +### Available at DockerHub and GHCR You can pull the image from either of these registries: - DockerHub: [`drwetter/testssl.sh`](https://hub.docker.com/r/drwetter/testssl.sh) @@ -31,7 +33,7 @@ Supported tags: - `3.2` / `latest` - `3.0` is the old stable version ([soon to become EOL](https://github.com/testssl/testssl.sh/tree/3.0#status)) -### Building +### Building the `testssl.sh` container image You can build with a standard `git clone` + `docker build`. Tagging the image will make it easier to reference. @@ -41,26 +43,30 @@ git clone --branch 3.2 --depth 1 https://github.com/testssl/testssl.sh . docker build --tag localhost/testssl.sh:3.2 . ``` -There are two base images available: -- `Dockerfile` (openSUSE Leap), glibc-based + faster. -- `Dockerfile-alpine` (Alpine), musl-based + half the size. +There are two base images supported: +- openSUSE Leap ([`Dockerfile`](./Dockerfile)), glibc-based + faster. +- Alpine ([`Dockerfile`](./Dockerfile.alpine)), musl-based + half the size. -Alpine is made available if you need broarder platform support or an image about 30MB smaller at the expense of speed. +The Alpine variant is made available if you need broarder platform support, or an image about 30MB smaller at the expense of slightly slower performance. + +#### Tip - Remote build context + `Dockerfile` -#### Remote build context + `Dockerfile` You can build with a single command instead via: ```bash docker build --tag localhost/testssl.sh:3.2 https://github.com/testssl/testssl.sh.git#3.2 ``` -This will produce a slightly larger image however as `.dockerignore` is not supported with remote build contexts. +> [!NOTE] +> This will produce a slightly larger image as [`.dockerignore` is not supported with remote build contexts](https://github.com/docker/buildx/issues/3169). -If you would like to build the Alpine image instead this way, just provide the alternative `Dockerfile` via `--file`: +--- + +To build the Alpine image instead, additionally provide the ([alternative `Dockerfile`](./Dockerfile.alpine)) via the `--file` option: ```bash docker build \ --tag localhost/testssl.sh:3.2-alpine \ - --file https://raw.githubusercontent.com/testssl/testssl.sh/3.2/Dockerfile-alpine \ + --file https://raw.githubusercontent.com/testssl/testssl.sh/3.2/Dockerfile.alpine \ https://github.com/testssl/testssl.sh.git#3.2 ``` diff --git a/Readme.md b/Readme.md index 9c26f62..ac06638 100644 --- a/Readme.md +++ b/Readme.md @@ -1,7 +1,7 @@ ## Intro -[![CI tests](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests.yml/badge.svg)](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests.yml) +[![CI tests](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests_ubuntu.yml/badge.svg)](https://github.com/testssl/testssl.sh/actions/workflows/unit_tests_ubuntu.yml) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/testssl/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![License](https://img.shields.io/github/license/testssl/testssl.sh)](https://github.com/testssl/testssl.sh/LICENSE) [![Docker](https://img.shields.io/docker/pulls/drwetter/testssl.sh)](https://github.com/testssl/testssl.sh/blob/3.2/Dockerfile.md) @@ -119,6 +119,9 @@ You can also debug yourself, see [here](https://github.com/testssl/testssl.sh/wi Please address questions not specifically to the code of testssl.sh to the respective projects below. +#### AI powered docs @ DeepWiki +* https://deepwiki.com/testssl/testssl.sh + #### Web frontend * https://github.com/johannesschaefer/webnettools * https://github.com/TKCERT/testssl.sh-webfrontend diff --git a/etc/client-simulation.txt b/etc/client-simulation.txt index f3fd51a..7b603a0 100644 --- a/etc/client-simulation.txt +++ b/etc/client-simulation.txt @@ -310,7 +310,31 @@ ja4+=("t13d1713h1_5b57614c22b0_352634941f3a") current+=(true) - names+=("Chrome 27 Win 7") + names+=("Android 15 (native)") + short+=("android_15") + ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + ch_sni+=("$SNI") + warning+=("") + handshakebytes+=("16030108ad010008a9030391072cb3571b43dc4a8cc1ad1c53edf47f89a855e5e52a701befa485fdcc847d201e6800efce12bdb7a96cdb1d7b6c3d451f1e7275ef468a873b746fe29fa89e2200201a1a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035010008409a9a0000000500050100000000000b0002010044cd0005000302683200170000002b000706eaea03040303002d000201010000001b0019000016706c61792d66652e676f6f676c65617069732e636f6d001b0003020002002300000010000e000c02683208687474702f312e3100120000000a000c000a3a3a11ec001d00170018fe0d00da00000100017b002072f7b873fdab02ad8a7e3ef3dd54613a0051821d29bfcde7f71af8ac49860c0500b0eb42e5082e1426108b1f5d6f67b5c35e26d985cdd337873c1ab77f3fcedc1cbf68cc86b20d82e5764fbadf86df30d44696184d7f73c5d2b67c3bc1955f7ce21900b7448b8ad575ce3533d8bfd9c6b6415a8c523454145c4c6306531fbe2bf0979002fd79fa707dea23d8bcd180662617c0a8b7a1dec7c63eeaf3156571c1e0f97f418b6d278dedf0d07fe027aea8f370d020503cdf7225ba8d0d1c1374c0580382f2880aaf82b7bab3a93f0bb40c91c6000d0012001004030804040105030805050108060601003304ef04ed3a3a00010011ec04c0fba42d89e82e616023e892af4a115a4bc5272dd77199ea670f927605acbd8607741e878836d92b9b35b9c3183b02621c5b6bca8ea93433dc4ad8abaabfc6a69e639d4ac391e9862609bc4ef0c1ba8b674f981cabe3f13007858a029b4d0ba12d170074ffb1468106cc91f9a394a947dbe32312b6936c26b0ad114d54c496e3233c5c53c9f86c35043ab012f9b658040df4614db746075e708657784eb22b1d5e63247b7820e4431ace5a82a85c83bcd686ed3a64ee2b4c55159da00744e0103c74b351a2956d6ba54c54696ad3d742f7d389c257143402254e0c7e7f292d08a7ad896c485fc362a33c73958836c32675d97c4e79c9a92ee00bfd3939ecd09be3fc58e1247ae468848455391cd7291a140103a34f4b054a7e148c9b672cc2f29c4c0482dba0cc3239b32dc6973da04b499c820159a2ec9bba37c6661794cdbbb5bf98d30c4d627ece6a883139a287799591059b5ca949f82234c1960cdd51278152bd39f2b734c187a70c478bcc8908d335a2848ff4b0aeddb4491860a269a74e6b5875c201004a51b72ae79096ec7b5c508a25fc04e2f3a1f3b15bfdc2673ce48a172b4faf175b9ae2750102a50b9893f93b06c2104b6ee73eed379713738d4090c80b30c3afc242a2e0022d8a9559d776069337c314c3ae346da1420465e3b8039635813185ae57ba77e6bc57f9c8afe0388ed228772caa7aaa5037a5234d7c4e7fe0372202add9e471248a87215c6c9a2838fdd0088e039405e62225580e326357c3a2a76f0b775ba07ad451934a916e79c537f0c0ad56e0c939d142809b2b44d0c446f554e52770f3e8cba997a59aa86429304c33161d9806a42c4c4777d7cab66290d26381953276e42a7990214b45989b9a979da1674861da4cea454412ba980842b4e8852f26db1d94416d388826b66a727bb26a51a55ac5dca267cb765a8c0999794e2a1b21048527a4366c5e670f5c36b769b030673b6dee187250f637aeebae1f01260293124bf289246813a345011e04a3e107a27a2b4ab9f4bced961fc7f570116322dab98986185ebce85f674c1bf0e4774d87055d1c2a239758eb20ae45588a294937a4a39361001863931e5d350ee0bc2950228631d49755d26988198cb6592a36e65710e1614f4608c5432138a3a7edca8520b9328aa3a3904028f7803a365194cbba86aeec8dec9711c7574baf0a8061b93762120b94923293c8cda3316f79509bdfe2328106714578130879c63270391508b29e984789067a1c59af71a807e6cb474e888773abb53ea87cced11a6ab6498c301630a65e9d37cd8e44abb18b9f97d2391eb22acc74c2f02633ae3649faf19efbe7b56ac6265b46354bba7197ecb8651c1dbeec4031a9cc3da48d8c6993905a8f0cf131a90a23af5b5b6bd2571dc15c3233a7f74ca3da76cc889a0eba3161790471da3542b4da57d9a1b2fc7c9a2693110828c405d19b8d6a0cec2a911c375c1d100671471401435cfc050b3039730de5ad30b78fd1fcb4ffa604d78ba6f72979db56008d903950e43385184b344b4ea2c0a331d8afb1954f567bb20ceb957bc72bb0c685a0f4176875107e47b59f2b4616901d0c9612e529204ea524222b39dad558deb07bda9919ae25635ff6b791e354b19f92175ed1635841072717a2e7bf8ea666d4ef0087ffe8ef74c50317c30c1406bb15e3a02606e2be51eea33beed8a3a6aef44a001d0020e3b270223362eb0f688b920f024370f2bcdc58f22ef5e7a32cbf318805e67113ff010001006a6a000100002901ca01a5019f02e416892a2f1f90b8c577cb046e05e5df038964982ae7b5b00f2450f97b2820b6a503d15f01fd0e8abe4ab5bfe3383af1fed6b5efd49450f1b773050ed43c8d4623b7d61b9ba793ed8ac81530bf3630efc169e883047220d8b7cc3290375cf03a69217648b952c2c3635f8c1f713d175e0032846f1e8887e75485561dcf7cff2555ed833a4fa236df7cdf971eb6e186213d0779c6eeae1777582a0300a2668cfc948881278534c2e3c102667c8c84325e3d5e31efbae0fdcf31347540e03d8f3c3cbb94a113df6dbf9ae2bc54d14e27dd92cf0eb708e7c5ce73aec09c0f1e006110af1c9ffe2f41cca0982db2d0e329fe6296f65b1d3d9c9bf55d88cd97fb1361c5c86a71f704b56819a5d0266d4214379df7ce093297ab2eddb69c3275c4cb98f25e4ba1849e81d7eccc52294c6aba5f750e5c5c1d41be5f42008870780b86d340108e6ef3c29362a678896d376245418ac27de83e8de2ea309bd294d510a032ff47b5651bf2a8f53fd0bdf5b569576ef6b1ea249e3f2f4a88fdd99d54ce5b53d6935f1dcb4bb6ffeac2ad08f1d8882d54240048414d6a2b7a3e8a0e04cc81ca531600212096370dc60f1571e843667259d4e4eccda96828a23587ecde81ad55262c4c5968") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2") + lowest_protocol+=("0x0303") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("ANY") + minDhBits+=(-1) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1") + requiresSha2+=(true) + ja3+=("78c89591bc3fffbc6aa884cc7ebbbdb5") + ja4+=("t13d1517h2_8daaf6152771_b6f405a00624") + current+=(true) + +names+=("Chrome 27 Win 7") short+=("chrome_27_win7") ch_ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-RC4-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA") ciphersuites+=("") diff --git a/etc/client-simulation.wiresharked.md b/etc/client-simulation.wiresharked.md index c7a2c34..8d8e11c 100644 --- a/etc/client-simulation.wiresharked.md +++ b/etc/client-simulation.wiresharked.md @@ -6,7 +6,7 @@ testssl.sh uses the file `client-simulation.txt`. Previously we queried the SSLl * Start wireshark / tcpdump at a client or router. If it's too noisy better filter for the target of your choice. * Make sure you create a bit of encrypted traffic to your target. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI). -* Make sure the client traffic is specific: For just "Android" do not use an Android browser! Be also careful with factory installed Google Apps, especially on older devices as they might come with a different TLS stack. +* Make sure the client traffic is specific: For just "Android" do not use an Android browser! Be also careful with factory installed Google Apps, especially on older devices as they might come with a different TLS stack. The play store or e.g. f-droid works. * Stop recording. * If needed sort for ClientHello. * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure it's the right traffic. diff --git a/etc/client-simulation.wiresharked.txt b/etc/client-simulation.wiresharked.txt index 2e53483..aa3fde6 100644 --- a/etc/client-simulation.wiresharked.txt +++ b/etc/client-simulation.wiresharked.txt @@ -193,6 +193,30 @@ ja4+=("t13d1713h1_5b57614c22b0_352634941f3a") current+=(true) + names+=("Android 15 (native)") + short+=("android_15") + ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + ch_sni+=("$SNI") + warning+=("") + handshakebytes+=("16030108ad010008a9030391072cb3571b43dc4a8cc1ad1c53edf47f89a855e5e52a701befa485fdcc847d201e6800efce12bdb7a96cdb1d7b6c3d451f1e7275ef468a873b746fe29fa89e2200201a1a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035010008409a9a0000000500050100000000000b0002010044cd0005000302683200170000002b000706eaea03040303002d000201010000001b0019000016706c61792d66652e676f6f676c65617069732e636f6d001b0003020002002300000010000e000c02683208687474702f312e3100120000000a000c000a3a3a11ec001d00170018fe0d00da00000100017b002072f7b873fdab02ad8a7e3ef3dd54613a0051821d29bfcde7f71af8ac49860c0500b0eb42e5082e1426108b1f5d6f67b5c35e26d985cdd337873c1ab77f3fcedc1cbf68cc86b20d82e5764fbadf86df30d44696184d7f73c5d2b67c3bc1955f7ce21900b7448b8ad575ce3533d8bfd9c6b6415a8c523454145c4c6306531fbe2bf0979002fd79fa707dea23d8bcd180662617c0a8b7a1dec7c63eeaf3156571c1e0f97f418b6d278dedf0d07fe027aea8f370d020503cdf7225ba8d0d1c1374c0580382f2880aaf82b7bab3a93f0bb40c91c6000d0012001004030804040105030805050108060601003304ef04ed3a3a00010011ec04c0fba42d89e82e616023e892af4a115a4bc5272dd77199ea670f927605acbd8607741e878836d92b9b35b9c3183b02621c5b6bca8ea93433dc4ad8abaabfc6a69e639d4ac391e9862609bc4ef0c1ba8b674f981cabe3f13007858a029b4d0ba12d170074ffb1468106cc91f9a394a947dbe32312b6936c26b0ad114d54c496e3233c5c53c9f86c35043ab012f9b658040df4614db746075e708657784eb22b1d5e63247b7820e4431ace5a82a85c83bcd686ed3a64ee2b4c55159da00744e0103c74b351a2956d6ba54c54696ad3d742f7d389c257143402254e0c7e7f292d08a7ad896c485fc362a33c73958836c32675d97c4e79c9a92ee00bfd3939ecd09be3fc58e1247ae468848455391cd7291a140103a34f4b054a7e148c9b672cc2f29c4c0482dba0cc3239b32dc6973da04b499c820159a2ec9bba37c6661794cdbbb5bf98d30c4d627ece6a883139a287799591059b5ca949f82234c1960cdd51278152bd39f2b734c187a70c478bcc8908d335a2848ff4b0aeddb4491860a269a74e6b5875c201004a51b72ae79096ec7b5c508a25fc04e2f3a1f3b15bfdc2673ce48a172b4faf175b9ae2750102a50b9893f93b06c2104b6ee73eed379713738d4090c80b30c3afc242a2e0022d8a9559d776069337c314c3ae346da1420465e3b8039635813185ae57ba77e6bc57f9c8afe0388ed228772caa7aaa5037a5234d7c4e7fe0372202add9e471248a87215c6c9a2838fdd0088e039405e62225580e326357c3a2a76f0b775ba07ad451934a916e79c537f0c0ad56e0c939d142809b2b44d0c446f554e52770f3e8cba997a59aa86429304c33161d9806a42c4c4777d7cab66290d26381953276e42a7990214b45989b9a979da1674861da4cea454412ba980842b4e8852f26db1d94416d388826b66a727bb26a51a55ac5dca267cb765a8c0999794e2a1b21048527a4366c5e670f5c36b769b030673b6dee187250f637aeebae1f01260293124bf289246813a345011e04a3e107a27a2b4ab9f4bced961fc7f570116322dab98986185ebce85f674c1bf0e4774d87055d1c2a239758eb20ae45588a294937a4a39361001863931e5d350ee0bc2950228631d49755d26988198cb6592a36e65710e1614f4608c5432138a3a7edca8520b9328aa3a3904028f7803a365194cbba86aeec8dec9711c7574baf0a8061b93762120b94923293c8cda3316f79509bdfe2328106714578130879c63270391508b29e984789067a1c59af71a807e6cb474e888773abb53ea87cced11a6ab6498c301630a65e9d37cd8e44abb18b9f97d2391eb22acc74c2f02633ae3649faf19efbe7b56ac6265b46354bba7197ecb8651c1dbeec4031a9cc3da48d8c6993905a8f0cf131a90a23af5b5b6bd2571dc15c3233a7f74ca3da76cc889a0eba3161790471da3542b4da57d9a1b2fc7c9a2693110828c405d19b8d6a0cec2a911c375c1d100671471401435cfc050b3039730de5ad30b78fd1fcb4ffa604d78ba6f72979db56008d903950e43385184b344b4ea2c0a331d8afb1954f567bb20ceb957bc72bb0c685a0f4176875107e47b59f2b4616901d0c9612e529204ea524222b39dad558deb07bda9919ae25635ff6b791e354b19f92175ed1635841072717a2e7bf8ea666d4ef0087ffe8ef74c50317c30c1406bb15e3a02606e2be51eea33beed8a3a6aef44a001d0020e3b270223362eb0f688b920f024370f2bcdc58f22ef5e7a32cbf318805e67113ff010001006a6a000100002901ca01a5019f02e416892a2f1f90b8c577cb046e05e5df038964982ae7b5b00f2450f97b2820b6a503d15f01fd0e8abe4ab5bfe3383af1fed6b5efd49450f1b773050ed43c8d4623b7d61b9ba793ed8ac81530bf3630efc169e883047220d8b7cc3290375cf03a69217648b952c2c3635f8c1f713d175e0032846f1e8887e75485561dcf7cff2555ed833a4fa236df7cdf971eb6e186213d0779c6eeae1777582a0300a2668cfc948881278534c2e3c102667c8c84325e3d5e31efbae0fdcf31347540e03d8f3c3cbb94a113df6dbf9ae2bc54d14e27dd92cf0eb708e7c5ce73aec09c0f1e006110af1c9ffe2f41cca0982db2d0e329fe6296f65b1d3d9c9bf55d88cd97fb1361c5c86a71f704b56819a5d0266d4214379df7ce093297ab2eddb69c3275c4cb98f25e4ba1849e81d7eccc52294c6aba5f750e5c5c1d41be5f42008870780b86d340108e6ef3c29362a678896d376245418ac27de83e8de2ea309bd294d510a032ff47b5651bf2a8f53fd0bdf5b569576ef6b1ea249e3f2f4a88fdd99d54ce5b53d6935f1dcb4bb6ffeac2ad08f1d8882d54240048414d6a2b7a3e8a0e04cc81ca531600212096370dc60f1571e843667259d4e4eccda96828a23587ecde81ad55262c4c5968") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2") + lowest_protocol+=("0x0303") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("ANY") + minDhBits+=(-1) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1") + requiresSha2+=(true) + ja3+=("78c89591bc3fffbc6aa884cc7ebbbdb5") + ja4+=("t13d1517h2_8daaf6152771_b6f405a00624") + current+=(true) + names+=("Edge 17 Win 10") short+=("edge_17_win10") ch_ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA") diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile index 6b52cfa..fd59d67 100644 --- a/t/baseline_data/default_testssl.csvfile +++ b/t/baseline_data/default_testssl.csvfile @@ -112,6 +112,7 @@ "clientsimulation-android_X","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" "clientsimulation-android_11_12","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" "clientsimulation-android_13_14","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" +"clientsimulation-android_15","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" "clientsimulation-chrome_101_win10","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" "clientsimulation-chromium_137_win11","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" "clientsimulation-firefox_100_win10","testssl.sh/81.169.166.184","443","INFO","TLSv1.3 TLS_AES_256_GCM_SHA384","","" diff --git a/testssl.sh b/testssl.sh index 741a2bb..e963fb5 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17980,11 +17980,11 @@ run_breach() { # warn_empty / warn_stalled if [[ ${has_compression[@]} =~ warn_empty ]]; then pr_warning "At least 1/4 checks failed (HTTP header request was empty, debug: ${has_compression[@]}" - out ", debug: ${has_compression[@]})" + outln ", debug: ${has_compression[@]})" fileout "$jsonID" "WARN" "Test failed as HTTP response was empty, debug: ${has_compression[@]}" "$cve" "$cwe" else # warn_stalled pr_warning "At least 1/4 checks failed (HTTP header request stalled and was terminated" - out ", debug: ${has_compression[@]})" + outln ", debug: ${has_compression[@]})" fileout "$jsonID" "WARN" "Test failed as HTTP request stalled and was terminated" "$cve" "$cwe" fi else