Merge branch 'master' into openss2rfc_rfc2openssl
This commit is contained in:
commit
c1624782d5
|
@ -13,12 +13,12 @@ via the argument (``--openssl=<here>``) or as an environment variable
|
||||||
(``OPENSSL=<here> testssl.sh <yourargs>``).
|
(``OPENSSL=<here> testssl.sh <yourargs>``).
|
||||||
|
|
||||||
The Linux binaries with the trailing ``-krb5`` come with Kerberos 5 support,
|
The Linux binaries with the trailing ``-krb5`` come with Kerberos 5 support,
|
||||||
they won't be automatically picked up as you need to make sure first they
|
they won't be picked up automatically as you need to make sure first they
|
||||||
run (see libraries below).
|
run (see libraries below).
|
||||||
|
|
||||||
All the precompiled binaries provided here have extended support for
|
All the precompiled binaries provided here have extended support for
|
||||||
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
|
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
|
||||||
export/ANON ciphers, weak DH ciphers, SSLv2 etc. -- all the dirty
|
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
|
||||||
features needed for testing. OTOH they also come with extended support
|
features needed for testing. OTOH they also come with extended support
|
||||||
for new / advanced cipher suites and/or features which are not in the
|
for new / advanced cipher suites and/or features which are not in the
|
||||||
official branch like CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
|
official branch like CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
|
||||||
|
@ -29,6 +29,9 @@ Peter!
|
||||||
|
|
||||||
Compiled Linux binaries so far come from Dirk, other contributors see ../CREDITS.md .
|
Compiled Linux binaries so far come from Dirk, other contributors see ../CREDITS.md .
|
||||||
|
|
||||||
|
**__New binaries inluding IPv6 support are @ https://testssl.sh__**. The ones here will be
|
||||||
|
updated soon.
|
||||||
|
|
||||||
|
|
||||||
Compiling and Usage Instructions
|
Compiling and Usage Instructions
|
||||||
================================
|
================================
|
||||||
|
@ -38,7 +41,7 @@ General
|
||||||
|
|
||||||
Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS. Likely you
|
Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS. Likely you
|
||||||
cannot use them for older distributions, younger worked in all my test environments.
|
cannot use them for older distributions, younger worked in all my test environments.
|
||||||
I provide for each distributions two sets of binaries:
|
I provide for each distributions two sets of binaries (no IPv6 here):
|
||||||
|
|
||||||
* completely statically linked binaries
|
* completely statically linked binaries
|
||||||
* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name).
|
* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name).
|
||||||
|
@ -94,7 +97,9 @@ If you want to compile OpenSSL yourself, here are the instructions:
|
||||||
-- this doesn't give you the option of an IPv6 enabled proxy -- yet.)
|
-- this doesn't give you the option of an IPv6 enabled proxy -- yet.)
|
||||||
|
|
||||||
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
|
||||||
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make problems under rare circumstances, so unless you desperately need those ciphers I would stay away from ``-DTEMP_GOST_TLS``.
|
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
|
||||||
|
problems under some circumstances, so unless you desperately need those ciphers I would stay away from
|
||||||
|
``-DTEMP_GOST_TLS``.
|
||||||
|
|
||||||
If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit "--with-krb5-flavor=MIT"
|
If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit "--with-krb5-flavor=MIT"
|
||||||
(see examples). If you have another Kerberos flavor you would need to figure out by yourself.
|
(see examples). If you have another Kerberos flavor you would need to figure out by yourself.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Value, IANA name,
|
# Value, IANA name, openssl serverhello
|
||||||
1, sect163k1, K-163
|
1, sect163k1, K-163
|
||||||
2, sect163r1,
|
2, sect163r1,
|
||||||
3, sect163r2, B-163
|
3, sect163r2, B-163
|
||||||
|
@ -27,5 +27,5 @@
|
||||||
26, brainpoolP256r1,
|
26, brainpoolP256r1,
|
||||||
27, brainpoolP384r1,
|
27, brainpoolP384r1,
|
||||||
28, brainpoolP512r1,
|
28, brainpoolP512r1,
|
||||||
unknown, curve448,
|
29, curve25519,
|
||||||
unknown, curve25519
|
30, curve448
|
||||||
|
|
|
@ -0,0 +1,270 @@
|
||||||
|
xff03 GOST-GOST89STREAM RSA GOST89 256
|
||||||
|
xff02 GOST-GOST89MAC RSA GOST89 256
|
||||||
|
xff01 GOST-GOST94 RSA GOST89 256
|
||||||
|
xff00 GOST-MD5 RSA GOST89 256
|
||||||
|
xccae RSA-PSK-CHACHA20-POLY1305 RSAPSK CHACHA20 256 TLS_RSA_PSK_WITH_CHACHA20_POLY1305
|
||||||
|
xccad DHE-PSK-CHACHA20-POLY1305 DHEPSK CHACHA20 256 TLS_DHE_PSK_WITH_CHACHA20_POLY1305
|
||||||
|
xccac ECDHE-PSK-CHACHA20-POLY1305 ECDHEPSK CHACHA20 256 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305
|
||||||
|
xccab PSK-CHACHA20-POLY1305 PSK CHACHA20 256 TLS_PSK_WITH_CHACHA20_POLY1305
|
||||||
|
xccaa DHE-RSA-CHACHA20-POLY1305 DH CHACHA20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305
|
||||||
|
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH CHACHA20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||||
|
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH CHACHA20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||||
|
xcc15 DHE-RSA-CHACHA20-POLY1305_OLD DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
xcc14 ECDHE-ECDSA-CHACHA20-POLY1305_OLD ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
xcc13 ECDHE-RSA-CHACHA20-POLY1305_OLD ECDH ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
xc5 ADH-CAMELLIA256-SHA256 DH Camellia 256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc4 DHE-RSA-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc3 DHE-DSS-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc2 DH-RSA-CAMELLIA256-SHA256 DH/RSA Camellia 256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc1 DH-DSS-CAMELLIA256-SHA256 DH/DSS Camellia 256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
xc0af ECDHE-ECDSA-AES256-CCM8 ECDH AESCCM8 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||||
|
xc0ae ECDHE-ECDSA-AES128-CCM8 ECDH AESCCM8 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||||
|
xc0ad ECDHE-ECDSA-AES256-CCM ECDH AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||||
|
xc0ac ECDHE-ECDSA-AES128-CCM ECDH AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM
|
||||||
|
xc0ab DHE-PSK-AES256-CCM8 DHEPSK AESCCM8 256 TLS_PSK_DHE_WITH_AES_256_CCM_8
|
||||||
|
xc0aa DHE-PSK-AES128-CCM8 DHEPSK AESCCM8 128 TLS_PSK_DHE_WITH_AES_128_CCM_8
|
||||||
|
xc0a9 PSK-AES256-CCM8 PSK AESCCM8 256 TLS_PSK_WITH_AES_256_CCM_8
|
||||||
|
xc0a8 PSK-AES128-CCM8 PSK AESCCM8 128 TLS_PSK_WITH_AES_128_CCM_8
|
||||||
|
xc0a7 DHE-PSK-AES256-CCM DHEPSK AESCCM 256 TLS_DHE_PSK_WITH_AES_256_CCM
|
||||||
|
xc0a6 DHE-PSK-AES128-CCM DHEPSK AESCCM 128 TLS_DHE_PSK_WITH_AES_128_CCM
|
||||||
|
xc0a5 PSK-AES256-CCM PSK AESCCM 256 TLS_PSK_WITH_AES_256_CCM
|
||||||
|
xc0a4 PSK-AES128-CCM PSK AESCCM 128 TLS_PSK_WITH_AES_128_CCM
|
||||||
|
xc0a3 DHE-RSA-AES256-CCM8 DH AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8
|
||||||
|
xc0a2 DHE-RSA-AES128-CCM8 DH AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8
|
||||||
|
xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8
|
||||||
|
xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8
|
||||||
|
xc09f DHE-RSA-AES256-CCM DH AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM
|
||||||
|
xc09e DHE-RSA-AES128-CCM DH AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM
|
||||||
|
xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM
|
||||||
|
xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM
|
||||||
|
xc09b ECDHE-PSK-CAMELLIA256-SHA384 ECDHEPSK Camellia 256 TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc09a ECDHE-PSK-CAMELLIA128-SHA256 ECDHEPSK Camellia 128 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc099 RSA-PSK-CAMELLIA256-SHA384 RSAPSK Camellia 256 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc098 RSA-PSK-CAMELLIA128-SHA256 RSAPSK Camellia 128 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc097 DHE-PSK-CAMELLIA256-SHA384 DHEPSK Camellia 256 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc096 DHE-PSK-CAMELLIA128-SHA256 DHEPSK Camellia 128 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc095 PSK-CAMELLIA256-SHA384 PSK Camellia 256 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc094 PSK-CAMELLIA128-SHA256 PSK Camellia 128 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc079 ECDH-RSA-CAMELLIA256-SHA384 ECDH/RSA Camellia 256 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc078 ECDH-RSA-CAMELLIA128-SHA256 ECDH/RSA Camellia 128 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc075 ECDH-ECDSA-CAMELLIA256-SHA384 ECDH/ECDSA Camellia 256 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc074 ECDH-ECDSA-CAMELLIA128-SHA256 ECDH/ECDSA Camellia 128 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc073 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
xc072 ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xc03b ECDHE-PSK-NULL-SHA384 ECDHEPSK None None TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||||
|
xc03a ECDHE-PSK-NULL-SHA256 ECDHEPSK None None TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||||
|
xc039 ECDHE-PSK-NULL-SHA ECDHEPSK None None TLS_ECDHE_PSK_WITH_NULL_SHA
|
||||||
|
xc038 ECDHE-PSK-AES256-CBC-SHA384 ECDHEPSK AES 256 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
xc037 ECDHE-PSK-AES128-CBC-SHA256 ECDHEPSK AES 128 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
xc036 ECDHE-PSK-AES256-CBC-SHA ECDHEPSK AES 256 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
xc035 ECDHE-PSK-AES128-CBC-SHA ECDHEPSK AES 128 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
xc034 ECDHE-PSK-3DES-EDE-CBC-SHA ECDHEPSK 3DES 168 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc032 ECDH-RSA-AES256-GCM-SHA384 ECDH/RSA AESGCM 256 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
xc031 ECDH-RSA-AES128-GCM-SHA256 ECDH/RSA AESGCM 128 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
xc02e ECDH-ECDSA-AES256-GCM-SHA384 ECDH/ECDSA AESGCM 256 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
xc02d ECDH-ECDSA-AES128-GCM-SHA256 ECDH/ECDSA AESGCM 128 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
xc02a ECDH-RSA-AES256-SHA384 ECDH/RSA AES 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
xc029 ECDH-RSA-AES128-SHA256 ECDH/RSA AES 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
xc028 ECDHE-RSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
xc027 ECDHE-RSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
xc026 ECDH-ECDSA-AES256-SHA384 ECDH/ECDSA AES 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||||
|
xc025 ECDH-ECDSA-AES128-SHA256 ECDH/ECDSA AES 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||||
|
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||||
|
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||||
|
xc022 SRP-DSS-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
|
||||||
|
xc021 SRP-RSA-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
xc020 SRP-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_WITH_AES_256_CBC_SHA
|
||||||
|
xc01f SRP-DSS-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
|
||||||
|
xc01e SRP-RSA-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
xc01d SRP-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_WITH_AES_128_CBC_SHA
|
||||||
|
xc01c SRP-DSS-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc01b SRP-RSA-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc01a SRP-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc019 AECDH-AES256-SHA ECDH AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
|
||||||
|
xc018 AECDH-AES128-SHA ECDH AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||||
|
xc017 AECDH-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc016 AECDH-RC4-SHA ECDH RC4 128 TLS_ECDH_anon_WITH_RC4_128_SHA
|
||||||
|
xc015 AECDH-NULL-SHA ECDH None None TLS_ECDH_anon_WITH_NULL_SHA
|
||||||
|
xc014 ECDHE-RSA-AES256-SHA ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
xc013 ECDHE-RSA-AES128-SHA ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc011 ECDHE-RSA-RC4-SHA ECDH RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||||
|
xc010 ECDHE-RSA-NULL-SHA ECDH None None TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||||
|
xc00f ECDH-RSA-AES256-SHA ECDH/RSA AES 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
xc00e ECDH-RSA-AES128-SHA ECDH/RSA AES 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
xc00d ECDH-RSA-DES-CBC3-SHA ECDH/RSA 3DES 168 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc00c ECDH-RSA-RC4-SHA ECDH/RSA RC4 128 TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||||
|
xc00b ECDH-RSA-NULL-SHA ECDH/RSA None None TLS_ECDH_RSA_WITH_NULL_SHA
|
||||||
|
xc00a ECDHE-ECDSA-AES256-SHA ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
xc009 ECDHE-ECDSA-AES128-SHA ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
|
xc008 ECDHE-ECDSA-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc007 ECDHE-ECDSA-RC4-SHA ECDH RC4 128 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||||
|
xc006 ECDHE-ECDSA-NULL-SHA ECDH None None TLS_ECDHE_ECDSA_WITH_NULL_SHA
|
||||||
|
xc005 ECDH-ECDSA-AES256-SHA ECDH/ECDSA AES 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
xc004 ECDH-ECDSA-AES128-SHA ECDH/ECDSA AES 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
|
xc003 ECDH-ECDSA-DES-CBC3-SHA ECDH/ECDSA 3DES 168 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
xc002 ECDH-ECDSA-RC4-SHA ECDH/ECDSA RC4 128 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||||
|
xc001 ECDH-ECDSA-NULL-SHA ECDH/ECDSA None None TLS_ECDH_ECDSA_WITH_NULL_SHA
|
||||||
|
xbf ADH-CAMELLIA128-SHA256 DH Camellia 128 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xbe DHE-RSA-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xbd DHE-DSS-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xbc DH-RSA-CAMELLIA128-SHA256 DH/RSA Camellia 128 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xbb DH-DSS-CAMELLIA128-SHA256 DH/DSS Camellia 128 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
xb9 RSA-PSK-NULL-SHA384 RSAPSK None None TLS_RSA_PSK_WITH_NULL_SHA384
|
||||||
|
xb8 RSA-PSK-NULL-SHA256 RSAPSK None None TLS_RSA_PSK_WITH_NULL_SHA256
|
||||||
|
xb7 RSA-PSK-AES256-CBC-SHA384 RSAPSK AES 256 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
xb6 RSA-PSK-AES128-CBC-SHA256 RSAPSK AES 128 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
xb5 DHE-PSK-NULL-SHA384 DHEPSK None None TLS_DHE_PSK_WITH_NULL_SHA384
|
||||||
|
xb4 DHE-PSK-NULL-SHA256 DHEPSK None None TLS_DHE_PSK_WITH_NULL_SHA256
|
||||||
|
xb3 DHE-PSK-AES256-CBC-SHA384 DHEPSK AES 256 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
xb2 DHE-PSK-AES128-CBC-SHA256 DHEPSK AES 128 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
xb1 PSK-NULL-SHA384 PSK None None TLS_PSK_WITH_NULL_SHA384
|
||||||
|
xb0 PSK-NULL-SHA256 PSK None None TLS_PSK_WITH_NULL_SHA256
|
||||||
|
xaf PSK-AES256-CBC-SHA384 PSK AES 256 TLS_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
xae PSK-AES128-CBC-SHA256 PSK AES 128 TLS_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
xad RSA-PSK-AES256-GCM-SHA384 RSAPSK AESGCM 256 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
xac RSA-PSK-AES128-GCM-SHA256 RSAPSK AESGCM 128 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
xab DHE-PSK-AES256-GCM-SHA384 DHEPSK AESGCM 256 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
xaa DHE-PSK-AES128-GCM-SHA256 DHEPSK AESGCM 128 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
xa9 PSK-AES256-GCM-SHA384 PSK AESGCM 256 TLS_PSK_WITH_AES_256_GCM_SHA384
|
||||||
|
xa8 PSK-AES128-GCM-SHA256 PSK AESGCM 128 TLS_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
xa7 ADH-AES256-GCM-SHA384 DH AESGCM 256 TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||||
|
xa6 ADH-AES128-GCM-SHA256 DH AESGCM 128 TLS_DH_anon_WITH_AES_128_GCM_SHA256
|
||||||
|
xa5 DH-DSS-AES256-GCM-SHA384 DH/DSS AESGCM 256 TLS_DH_DSS_WITH_AES_256_GCM_SHA384
|
||||||
|
xa4 DH-DSS-AES128-GCM-SHA256 DH/DSS AESGCM 128 TLS_DH_DSS_WITH_AES_128_GCM_SHA256
|
||||||
|
xa3 DHE-DSS-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
|
||||||
|
xa2 DHE-DSS-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
|
||||||
|
xa1 DH-RSA-AES256-GCM-SHA384 DH/RSA AESGCM 256 TLS_DH_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
xa0 DH-RSA-AES128-GCM-SHA256 DH/RSA AESGCM 128 TLS_DH_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
x9b ADH-SEED-SHA DH SEED 128 TLS_DH_anon_WITH_SEED_CBC_SHA
|
||||||
|
x9a DHE-RSA-SEED-SHA DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA
|
||||||
|
x99 DHE-DSS-SEED-SHA DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA
|
||||||
|
x98 DH-RSA-SEED-SHA DH/RSA SEED 128 TLS_DH_RSA_WITH_SEED_CBC_SHA
|
||||||
|
x97 DH-DSS-SEED-SHA DH/DSS SEED 128 TLS_DH_DSS_WITH_SEED_CBC_SHA
|
||||||
|
x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA
|
||||||
|
x95 RSA-PSK-AES256-CBC-SHA RSAPSK AES 256 TLS_RSA_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
x94 RSA-PSK-AES128-CBC-SHA RSAPSK AES 128 TLS_RSA_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
x93 RSA-PSK-3DES-EDE-CBC-SHA RSAPSK 3DES 168 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x92 RSA-PSK-RC4-SHA RSAPSK RC4 128 TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||||
|
x91 DHE-PSK-AES256-CBC-SHA DHEPSK AES 256 TLS_DHE_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
x90 DHE-PSK-AES128-CBC-SHA DHEPSK AES 128 TLS_DHE_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
x8f DHE-PSK-3DES-EDE-CBC-SHA DHEPSK 3DES 168 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x8d PSK-AES256-CBC-SHA PSK AES 256 TLS_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
x8c PSK-AES128-CBC-SHA PSK AES 128 TLS_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
x8b PSK-3DES-EDE-CBC-SHA PSK 3DES 168 TLS_PSK_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x8a PSK-RC4-SHA PSK RC4 128 TLS_PSK_WITH_RC4_128_SHA
|
||||||
|
x89 ADH-CAMELLIA256-SHA DH Camellia 256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x87 DHE-DSS-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x86 DH-RSA-CAMELLIA256-SHA DH/RSA Camellia 256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x85 DH-DSS-CAMELLIA256-SHA DH/DSS Camellia 256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
x83 GOST2001-NULL-GOST94 GOST None None TLS_GOSTR341001_WITH_NULL_GOSTR3411
|
||||||
|
x82 GOST94-NULL-GOST94 GOST None None TLS_GOSTR341094_WITH_NULL_GOSTR3411
|
||||||
|
x81 GOST2001-GOST89-GOST89 GOST GOST89 256 TLS_GOSTR341001_WITH_28147_CNT_IMIT
|
||||||
|
x80 GOST94-GOST89-GOST89 GOST GOST89 256 TLS_GOSTR341094_WITH_28147_CNT_IMIT
|
||||||
|
x6d ADH-AES256-SHA256 DH AES 256 TLS_DH_anon_WITH_AES_256_CBC_SHA256
|
||||||
|
x6c ADH-AES128-SHA256 DH AES 128 TLS_DH_anon_WITH_AES_128_CBC_SHA256
|
||||||
|
x6b DHE-RSA-AES256-SHA256 DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
x6a DHE-DSS-AES256-SHA256 DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
|
||||||
|
x69 DH-RSA-AES256-SHA256 DH/RSA AES 256 TLS_DH_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
x68 DH-DSS-AES256-SHA256 DH/DSS AES 256 TLS_DH_DSS_WITH_AES_256_CBC_SHA256
|
||||||
|
x67 DHE-RSA-AES128-SHA256 DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
x66 DHE-DSS-RC4-SHA DH RC4 128 TLS_DHE_DSS_WITH_RC4_128_SHA
|
||||||
|
x65 EXP1024-DHE-DSS-RC4-SHA DH(1024) RC4 56,export TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
|
||||||
|
x64 EXP1024-RC4-SHA RSA(1024) RC4 56,export TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
|
||||||
|
x63 EXP1024-DHE-DSS-DES-CBC-SHA DH(1024) DES 56,export TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
|
||||||
|
x62 EXP1024-DES-CBC-SHA RSA(1024) DES 56,export TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
|
||||||
|
x61 EXP1024-RC2-CBC-MD5 RSA(1024) RC2 56,export TLS_RSA_EXPORT1024_WITH_RC2_56_MD5
|
||||||
|
x60 EXP1024-RC4-MD5 RSA(1024) RC4 56,export TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
|
||||||
|
x46 ADH-CAMELLIA128-SHA DH Camellia 128 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x44 DHE-DSS-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x43 DH-RSA-CAMELLIA128-SHA DH/RSA Camellia 128 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x42 DH-DSS-CAMELLIA128-SHA DH/DSS Camellia 128 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
x40 DHE-DSS-AES128-SHA256 DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
|
||||||
|
x3f DH-RSA-AES128-SHA256 DH/RSA AES 128 TLS_DH_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
x3e DH-DSS-AES128-SHA256 DH/DSS AES 128 TLS_DH_DSS_WITH_AES_128_CBC_SHA256
|
||||||
|
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
x3b NULL-SHA256 RSA None None TLS_RSA_WITH_NULL_SHA256
|
||||||
|
x3a ADH-AES256-SHA DH AES 256 TLS_DH_anon_WITH_AES_256_CBC_SHA
|
||||||
|
x39 DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
x38 DHE-DSS-AES256-SHA DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
||||||
|
x37 DH-RSA-AES256-SHA DH/RSA AES 256 TLS_DH_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
x36 DH-DSS-AES256-SHA DH/DSS AES 256 TLS_DH_DSS_WITH_AES_256_CBC_SHA
|
||||||
|
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
x34 ADH-AES128-SHA DH AES 128 TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||||
|
x33 DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
x32 DHE-DSS-AES128-SHA DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
||||||
|
x31 DH-RSA-AES128-SHA DH/RSA AES 128 TLS_DH_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
x30 DH-DSS-AES128-SHA DH/DSS AES 128 TLS_DH_DSS_WITH_AES_128_CBC_SHA
|
||||||
|
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
x2e RSA-PSK-NULL-SHA RSAPSK None None TLS_RSA_PSK_WITH_NULL_SHA
|
||||||
|
x2d DHE-PSK-NULL-SHA DHEPSK None None TLS_DHE_PSK_WITH_NULL_SHA
|
||||||
|
x2c PSK-NULL-SHA PSK None None TLS_PSK_WITH_NULL_SHA
|
||||||
|
x2b EXP-KRB5-RC4-MD5 KRB5 RC4 40,export TLS_KRB5_EXPORT_WITH_RC4_40_MD5
|
||||||
|
x2a EXP-KRB5-RC2-CBC-MD5 KRB5 RC2 40,export TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
|
||||||
|
x29 EXP-KRB5-DES-CBC-MD5 KRB5 DES 40,export TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
|
||||||
|
x28 EXP-KRB5-RC4-SHA KRB5 RC4 40,export TLS_KRB5_EXPORT_WITH_RC4_40_SHA
|
||||||
|
x27 EXP-KRB5-RC2-CBC-SHA KRB5 RC2 40,export TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
|
||||||
|
x26 EXP-KRB5-DES-CBC-SHA KRB5 DES 40,export TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
|
||||||
|
x25 KRB5-IDEA-CBC-MD5 KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_MD5
|
||||||
|
x24 KRB5-RC4-MD5 KRB5 RC4 128 TLS_KRB5_WITH_RC4_128_MD5
|
||||||
|
x23 KRB5-DES-CBC3-MD5 KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_MD5
|
||||||
|
x22 KRB5-DES-CBC-MD5 KRB5 DES 56 TLS_KRB5_WITH_DES_CBC_MD5
|
||||||
|
x21 KRB5-IDEA-CBC-SHA KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_SHA
|
||||||
|
x20 KRB5-RC4-SHA KRB5 RC4 128 TLS_KRB5_WITH_RC4_128_SHA
|
||||||
|
x1f KRB5-DES-CBC3-SHA KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x1e KRB5-DES-CBC-SHA KRB5 DES 56 TLS_KRB5_WITH_DES_CBC_SHA
|
||||||
|
x1b ADH-DES-CBC3-SHA DH 3DES 168 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x1a ADH-DES-CBC-SHA DH DES 56 TLS_DH_anon_WITH_DES_CBC_SHA
|
||||||
|
x19 EXP-ADH-DES-CBC-SHA DH(512) DES 40,export TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x18 ADH-RC4-MD5 DH RC4 128 TLS_DH_anon_WITH_RC4_128_MD5
|
||||||
|
x17 EXP-ADH-RC4-MD5 DH(512) RC4 40,export TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
|
||||||
|
x16 EDH-RSA-DES-CBC3-SHA DH 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x16 DHE-RSA-DES-CBC3-SHA DH 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x15 EDH-RSA-DES-CBC-SHA DH DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||||
|
x14 EXP-EDH-RSA-DES-CBC-SHA DH(512) DES 40,export TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x13 EDH-DSS-DES-CBC3-SHA DH 3DES 168 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x13 DHE-DSS-DES-CBC3-SHA DH 3DES 168 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x12 EDH-DSS-DES-CBC-SHA DH DES 56 TLS_DHE_DSS_WITH_DES_CBC_SHA
|
||||||
|
x11 EXP-EDH-DSS-DES-CBC-SHA DH(512) DES 40,export TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x10 DH-RSA-DES-CBC3-SHA DH/RSA 3DES 168 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x0f DH-RSA-DES-CBC-SHA DH/RSA DES 56 TLS_DH_RSA_WITH_DES_CBC_SHA
|
||||||
|
x0e EXP-DH-RSA-DES-CBC-SHA DH/RSA DES 40,export TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x0d DH-DSS-DES-CBC3-SHA DH/DSS 3DES 168 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x0c DH-DSS-DES-CBC-SHA DH/DSS DES 56 TLS_DH_DSS_WITH_DES_CBC_SHA
|
||||||
|
x0b EXP-DH-DSS-DES-CBC-SHA DH/DSS DES 40,export TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA
|
||||||
|
x08 EXP-DES-CBC-SHA RSA(512) DES 40,export TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||||
|
x080080 RC4-64-MD5 RSA RC4 64 SSL_CK_RC4_64_WITH_MD5
|
||||||
|
x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA
|
||||||
|
x0700c0 DES-CBC3-MD5 RSA 3DES 168 SSL_CK_DES_192_EDE3_CBC_WITH_MD5
|
||||||
|
x06 EXP-RC2-CBC-MD5 RSA(512) RC2 40,export TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
||||||
|
x060040 DES-CBC-MD5 RSA DES 56 SSL_CK_DES_64_CBC_WITH_MD5
|
||||||
|
x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
|
||||||
|
x050080 IDEA-CBC-MD5 RSA IDEA 128 SSL_CK_IDEA_128_CBC_WITH_MD5
|
||||||
|
x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
|
||||||
|
x040080 EXP-RC2-CBC-MD5 RSA(512) RC2 40,export SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
|
||||||
|
x03 EXP-RC4-MD5 RSA(512) RC4 40,export TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
||||||
|
x030080 RC2-CBC-MD5 RSA RC2 128 SSL_CK_RC2_128_CBC_WITH_MD5
|
||||||
|
x02 NULL-SHA RSA None None TLS_RSA_WITH_NULL_SHA
|
||||||
|
x020080 EXP-RC4-MD5 RSA(512) RC4 40,export SSL_CK_RC4_128_EXPORT40_WITH_MD5
|
||||||
|
x01 NULL-MD5 RSA None None TLS_RSA_WITH_NULL_MD5
|
||||||
|
x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5
|
||||||
|
x00 NULL-MD5 RSA(512) None None,export TLS_NULL_WITH_NULL_NULL
|
56
testssl.sh
56
testssl.sh
|
@ -151,7 +151,7 @@ JSONFILE=${JSONFILE:-""} # jsonfile if used
|
||||||
CSVFILE=${CSVFILE:-""} # csvfile if used
|
CSVFILE=${CSVFILE:-""} # csvfile if used
|
||||||
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
|
HAS_IPv6=${HAS_IPv6:-false} # if you have OpenSSL with IPv6 support AND IPv6 networking set it to yes
|
||||||
UNBRACKTD_IPV6=${UNBRACKTD_IPV6:-false} # some versions of OpenSSL (like Gentoo) don't support [bracketed] IPv6 addresses
|
UNBRACKTD_IPV6=${UNBRACKTD_IPV6:-false} # some versions of OpenSSL (like Gentoo) don't support [bracketed] IPv6 addresses
|
||||||
SIZELMT_W_ARND=${SIZELMT_W_ARND:-false} # workaround for servers which have either a ClientHello total size limit or cipher limit of ~128 ciphers (e.g. old ASAs)
|
SERVER_SIZE_LIMIT_BUG=false # Some servers have either a ClientHello total size limit or cipher limit of ~128 ciphers (e.g. old ASAs)
|
||||||
|
|
||||||
# tuning vars, can not be set by a cmd line switch
|
# tuning vars, can not be set by a cmd line switch
|
||||||
EXPERIMENTAL=${EXPERIMENTAL:-false}
|
EXPERIMENTAL=${EXPERIMENTAL:-false}
|
||||||
|
@ -2247,6 +2247,15 @@ add_tls_offered() {
|
||||||
grep -w "$1" <<< "$PROTOS_OFFERED" || PROTOS_OFFERED+="$1 "
|
grep -w "$1" <<< "$PROTOS_OFFERED" || PROTOS_OFFERED+="$1 "
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# function which checks whether SSLv2 - TLS 1.2 is being offereed
|
||||||
|
has_server_protocol() {
|
||||||
|
[[ -z "$PROTOS_OFFERED" ]] && return 0 # if empty we rather return 0, means check at additional cost=connect will be done
|
||||||
|
if grep -w "$1" <<< "$PROTOS_OFFERED"; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# the protocol check needs to be revamped. It sucks, see above
|
# the protocol check needs to be revamped. It sucks, see above
|
||||||
run_protocols() {
|
run_protocols() {
|
||||||
|
@ -2258,8 +2267,6 @@ run_protocols() {
|
||||||
outln; pr_headline " Testing protocols "
|
outln; pr_headline " Testing protocols "
|
||||||
via="Protocol tested "
|
via="Protocol tested "
|
||||||
|
|
||||||
#FIXME: use PROTOS_OFFERED here
|
|
||||||
|
|
||||||
if $SSL_NATIVE; then
|
if $SSL_NATIVE; then
|
||||||
using_sockets=false
|
using_sockets=false
|
||||||
pr_headlineln "(via native openssl)"
|
pr_headlineln "(via native openssl)"
|
||||||
|
@ -2279,7 +2286,7 @@ run_protocols() {
|
||||||
|
|
||||||
pr_bold " SSLv2 ";
|
pr_bold " SSLv2 ";
|
||||||
if ! $SSL_NATIVE; then
|
if ! $SSL_NATIVE; then
|
||||||
sslv2_sockets #FIXME: messages need to be moved to this higher level
|
sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level
|
||||||
else
|
else
|
||||||
run_prototest_openssl "-ssl2"
|
run_prototest_openssl "-ssl2"
|
||||||
case $? in
|
case $? in
|
||||||
|
@ -2741,7 +2748,7 @@ check_tls12_pref() {
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "ALL:$tested_cipher:$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "ALL:$tested_cipher:$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
else
|
else
|
||||||
|
@ -2756,7 +2763,7 @@ check_tls12_pref() {
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$batchremoved" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
batchremoved_success=true # signals that we have some of those ciphers and need to put everything together later on
|
batchremoved_success=true # signals that we have some of those ciphers and need to put everything together later on
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
batchremoved="$batchremoved:-$cipher"
|
batchremoved="$batchremoved:-$cipher"
|
||||||
debugme outln "B1: $batchremoved"
|
debugme outln "B1: $batchremoved"
|
||||||
|
@ -2773,7 +2780,7 @@ check_tls12_pref() {
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
# first cipher
|
# first cipher
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
order="$cipher"
|
order="$cipher"
|
||||||
tested_cipher="-$cipher"
|
tested_cipher="-$cipher"
|
||||||
else
|
else
|
||||||
|
@ -2783,7 +2790,7 @@ check_tls12_pref() {
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$combined_ciphers:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE ; then
|
if sclient_connect_successful $? $TMPFILE ; then
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
else
|
else
|
||||||
|
@ -2806,6 +2813,7 @@ check_tls12_pref() {
|
||||||
cipher_pref_check() {
|
cipher_pref_check() {
|
||||||
local p proto protos npn_protos
|
local p proto protos npn_protos
|
||||||
local tested_cipher cipher order
|
local tested_cipher cipher order
|
||||||
|
local overflow_probe_cipherlist="ALL:-ECDHE-RSA-AES256-GCM-SHA384:-AES128-SHA:-DES-CBC3-SHA"
|
||||||
|
|
||||||
pr_bold " Cipher order"
|
pr_bold " Cipher order"
|
||||||
|
|
||||||
|
@ -2819,28 +2827,37 @@ cipher_pref_check() {
|
||||||
out "\n SSLv3: "; local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
out "\n SSLv3: "; local_problem "$OPENSSL doesn't support \"s_client -ssl3\"";
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
# with the supplied binaries SNI works also for SSLv2 (+ SSLv3)
|
||||||
$OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -"$p" $BUGS -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>$ERRFILE >$TMPFILE
|
||||||
if sclient_connect_successful $? $TMPFILE; then
|
if sclient_connect_successful $? $TMPFILE; then
|
||||||
tested_cipher=""
|
tested_cipher=""
|
||||||
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
proto=$(awk '/Protocol/ { print $3 }' $TMPFILE)
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
[[ -z "$proto" ]] && continue # for early openssl versions sometimes needed
|
[[ -z "$proto" ]] && continue # for early openssl versions sometimes needed
|
||||||
outln
|
outln
|
||||||
printf " %-10s" "$proto: "
|
printf " %-10s" "$proto: "
|
||||||
tested_cipher="-"$cipher
|
tested_cipher="-"$cipher
|
||||||
order="$cipher"
|
order="$cipher"
|
||||||
if [[ $p == tls1_2 ]] && "$SIZELMT_W_ARND"; then
|
if [[ $p == tls1_2 ]]; then
|
||||||
# for some servers the ServerHello is limited to 128 ciphers or the ServerHello itself has a length restriction
|
# for some servers the ClientHello is limited to 128 ciphers or the ClientHello itself has a length restriction.
|
||||||
# thus we reduce the number of ciphers we throw at the server and put later everything together
|
# So far, this was only observed in TLS 1.2, affected are e.g. old Cisco LBs or ASAs, see issue #189
|
||||||
# see #189
|
# To check whether a workaround is needed we send a laaarge list of ciphers/big client hello. If connect fails,
|
||||||
# so far, this was only observed in TLS 1.2
|
# we hit the bug and automagically do the workround. Cost: this is for all servers only 1x more connect
|
||||||
|
$OPENSSL s_client $STARTTLS -tls1_2 $BUGS -cipher "$overflow_probe_cipherlist" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
|
if ! sclient_connect_successful $? $TMPFILE; then
|
||||||
|
#FIXME this needs to be handled differently. We need 2 status: BUG={true,false,not tested yet}
|
||||||
|
SERVER_SIZE_LIMIT_BUG=true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [[ $p == tls1_2 ]] && "$SERVER_SIZE_LIMIT_BUG"; then
|
||||||
order=$(check_tls12_pref "$cipher")
|
order=$(check_tls12_pref "$cipher")
|
||||||
|
out "$order"
|
||||||
else
|
else
|
||||||
out " $cipher" # this is the first cipher for protocol
|
out " $cipher" # this is the first cipher for protocol
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $SNI </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
out " $cipher"
|
out " $cipher"
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
|
@ -2858,14 +2875,14 @@ cipher_pref_check() {
|
||||||
for p in $npn_protos; do
|
for p in $npn_protos; do
|
||||||
order=""
|
order=""
|
||||||
$OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
printf " %-10s %s " "$p:" "$cipher"
|
printf " %-10s %s " "$p:" "$cipher"
|
||||||
tested_cipher="-"$cipher
|
tested_cipher="-"$cipher
|
||||||
order="$cipher"
|
order="$cipher"
|
||||||
while true; do
|
while true; do
|
||||||
$OPENSSL s_client -cipher "ALL:$tested_cipher" -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE
|
$OPENSSL s_client -cipher "ALL:$tested_cipher" -host $NODE -port $PORT $BUGS -nextprotoneg "$p" $PROXY </dev/null 2>>$ERRFILE >$TMPFILE
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
cipher=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE)
|
||||||
out "$cipher "
|
out "$cipher "
|
||||||
tested_cipher="$tested_cipher:-$cipher"
|
tested_cipher="$tested_cipher:-$cipher"
|
||||||
order+=" $cipher"
|
order+=" $cipher"
|
||||||
|
@ -7335,6 +7352,7 @@ reset_hostdepended_vars() {
|
||||||
TLS_EXTENSIONS=""
|
TLS_EXTENSIONS=""
|
||||||
PROTOS_OFFERED=""
|
PROTOS_OFFERED=""
|
||||||
OPTIMAL_PROTO=""
|
OPTIMAL_PROTO=""
|
||||||
|
SERVER_SIZE_LIMIT_BUG=false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -7474,4 +7492,4 @@ fi
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.496 2016/06/07 21:06:57 dirkw Exp $
|
# $Id: testssl.sh,v 1.499 2016/06/09 13:56:51 dirkw Exp $
|
||||||
|
|
Loading…
Reference in New Issue