mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-25 09:59:30 +01:00
Added some unit tests for client simulations. https://testssl.sh is giving me issues
it's too late now to do something about it
This commit is contained in:
parent
9527c3dbb5
commit
d8fb7dc680
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
.DS_Store
|
||||
tmp.json
|
||||
|
@ -973,6 +973,23 @@ maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Firefox 47 Win 7 ")
|
||||
short+=("firefox_47_win7")
|
||||
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100c0010000bc0303d6566247c62e11fa1426d88ff5069e8c438d8c0750348f913506d46c24e6204100001ac02bc02fcca9cca8c00ac009c013c01400330039002f0035000a0100007900000014001200000f6465762e73736c6c6162732e636f6d00170000ff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202")
|
||||
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Googlebot Oct 2013 ")
|
||||
short+=("googlebot_oct_2013")
|
||||
ciphers+=("ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:DES-CBC3-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA")
|
||||
@ -1228,6 +1245,23 @@ maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("IE 11 Win 7 ")
|
||||
short+=("ie_11_win7")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030300b7010000b30303576b1fad9e727d57d0e40cae894f1f8f4608151d627affc2f1e20c2df7fefe5d000038c028c027c014c013009f009e00390033009d009c003d003c0035002fc02cc02bc024c023c00ac009006a004000380032000a0013000500040100005200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d0014001206010603040105010201040305030203020200170000ff01000100")
|
||||
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(4096)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("IE 11 Win 10 Preview ")
|
||||
short+=("ie_11_win10preview")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
@ -1313,6 +1347,23 @@ maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("IE 11 Win 8.1 ")
|
||||
short+=("ie_11_win81")
|
||||
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030300d1010000cd0303576c36e03bf1afe8d81100c68adc72bd0c678a5162275a5569651875123a7bec000034c028c027c014c013009f009e00390033009d009c003d003c0035002fc02cc02bc024c023c00ac009006a004000380032000a00130100007000000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d001400120401050106010201040305030603020302020023000000100012001006737064792f3308687474702f312e313374000000170000ff01000100")
|
||||
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(4096)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("IE 10 Win Phone 8.0 ")
|
||||
short+=("ie_10_winphone80")
|
||||
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||
@ -1381,6 +1432,23 @@ maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("IE 11 Win 10 ")
|
||||
short+=("ie_11_win10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030300d7010000d30303576c3861086a497dbb46489b67a88ac2e541c4863147fd09634bd0c630b73e92000038c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130100007200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d00140012040105010201040305030203020206010603002300000010000e000c02683208687474702f312e310017000055000006000100020002ff01000100")
|
||||
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(4096)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Edge 12 Win 10 ")
|
||||
short+=("edge_12_win10")
|
||||
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
@ -1415,6 +1483,23 @@ maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Edge 13 Win 10 ")
|
||||
short+=("edge_13_win10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030300d7010000d30303576c36d45fdcc8fdee4c62a86ccb3c116eaf6ba23d0726162972e953b993a96a000038c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130100007200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d00140012040105010201040305030203020206010603002300000010000e000c02683208687474702f312e310017000055000006000100020002ff01000100")
|
||||
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(4096)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(16384)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Edge 13 Win Phone 10 ")
|
||||
short+=("edge_13_winphone10")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||
@ -1977,40 +2062,40 @@ minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
# --- testssl.sh maintained clients ---
|
||||
|
||||
names+=("Mail iOS 9.3.2 ")
|
||||
short+=("mail_ios_932")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
protos+=("-tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Mail OSX 10.11.15 ")
|
||||
short+=("mail_osx_101115")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
protos+=("-tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
#TODO: These clients do not pass the unit tests, yet.
|
||||
#names+=("Mail iOS 9.3.2 ")
|
||||
#short+=("mail_ios_932")
|
||||
#ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
#sni+=("$SNI")
|
||||
#warning+=("")
|
||||
#handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
#protos+=("#-tls1_1 -tls1")
|
||||
#lowest_protocol+=("0x0300")
|
||||
#highest_protocol+=("0x0301")
|
||||
#service+=("SMTP,POP,IMAP")
|
||||
#minDhBits+=(-1)
|
||||
#maxDhBits+=(-1)
|
||||
#minRsaBits+=(-1)
|
||||
#maxRsaBits+=(-1)
|
||||
#minEcdsaBits+=(-1)
|
||||
#requiresSha2+=(false)
|
||||
#
|
||||
#names+=("Mail OSX 10.11.15 ")
|
||||
#short+=("mail_osx_101115")
|
||||
#ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
#sni+=("$SNI")
|
||||
#warning+=("")
|
||||
#handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
#protos+=("-tls1")
|
||||
#lowest_protocol+=("0x0301")
|
||||
#highest_protocol+=("0x0301")
|
||||
#service+=("SMTP,POP,IMAP")
|
||||
#minDhBits+=(-1)
|
||||
#maxDhBits+=(-1)
|
||||
#minRsaBits+=(-1)
|
||||
#maxRsaBits+=(-1)
|
||||
#minEcdsaBits+=(-1)
|
||||
#requiresSha2+=(false)
|
||||
|
||||
names+=("Thunderbird 45.1.1 OSX 10.11 ")
|
||||
short+=("thudnerbird_45.1.1_osx_101115")
|
||||
|
39
t/02_client_sims_old.t
Executable file
39
t/02_client_sims_old.t
Executable file
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
pass("Running openssl based client simulations against mozilla-old.badssl.com"); $tests++;
|
||||
my $opensslout = `./testssl.sh -c --ssl-native --jsonfile tmp.json --color 0 mozilla-old.badssl.com`;
|
||||
my $openssl = json('tmp.json');
|
||||
unlike($opensslout, qr/Running browser simulations via sockets/, "Tests didn't run via sockets"); $tests++;
|
||||
|
||||
pass("Running socket based client simulations against mozilla-old.badssl.com"); $tests++;
|
||||
my $socketout = `./testssl.sh -c --jsonfile tmp.json --color 0 mozilla-old.badssl.com`;
|
||||
my $socket = json('tmp.json');
|
||||
like($socketout, qr/Running browser simulations via sockets/, "Tests ran via sockets"); $tests++;
|
||||
|
||||
my $i = 0;
|
||||
foreach my $o ( @$openssl ) {
|
||||
my $s = $$socket[$i];
|
||||
if ( $o->{id} =~ /^client_/ ) {
|
||||
pass("Comparing $o->{id}"); $tests++;
|
||||
cmp_ok($o->{id}, "eq", $s->{id}, "Id's match"); $tests++;
|
||||
cmp_ok($o->{severity}, "eq", $s->{severity}, "Severities match"); $tests++;
|
||||
cmp_ok($o->{finding}, "eq", $s->{finding}, "Findings match"); $tests++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
39
t/03_client_sims_intermediate.t
Executable file
39
t/03_client_sims_intermediate.t
Executable file
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
pass("Running openssl based client simulations against mozilla-intermediate.badssl.com"); $tests++;
|
||||
my $opensslout = `./testssl.sh -c --ssl-native --jsonfile tmp.json --color 0 mozilla-intermediate.badssl.com`;
|
||||
my $openssl = json('tmp.json');
|
||||
unlike($opensslout, qr/Running browser simulations via sockets/, "Tests didn't run via sockets"); $tests++;
|
||||
|
||||
pass("Running socket based client simulations against mozilla-intermediate.badssl.com"); $tests++;
|
||||
my $socketout = `./testssl.sh -c --jsonfile tmp.json --color 0 mozilla-intermediate.badssl.com`;
|
||||
my $socket = json('tmp.json');
|
||||
like($socketout, qr/Running browser simulations via sockets/, "Tests ran via sockets"); $tests++;
|
||||
|
||||
my $i = 0;
|
||||
foreach my $o ( @$openssl ) {
|
||||
my $s = $$socket[$i];
|
||||
if ( $o->{id} =~ /^client_/ ) {
|
||||
pass("Comparing $o->{id}"); $tests++;
|
||||
cmp_ok($o->{id}, "eq", $s->{id}, "Id's match"); $tests++;
|
||||
cmp_ok($o->{severity}, "eq", $s->{severity}, "Severities match"); $tests++;
|
||||
cmp_ok($o->{finding}, "eq", $s->{finding}, "Findings match"); $tests++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
39
t/04_client_sims_modern.t
Executable file
39
t/04_client_sims_modern.t
Executable file
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
pass("Running openssl based client simulations against mozilla-modern.badssl.com"); $tests++;
|
||||
my $opensslout = `./testssl.sh -c --ssl-native --jsonfile tmp.json --color 0 mozilla-modern.badssl.com`;
|
||||
my $openssl = json('tmp.json');
|
||||
unlike($opensslout, qr/Running browser simulations via sockets/, "Tests didn't run via sockets"); $tests++;
|
||||
|
||||
pass("Running socket based client simulations against mozilla-modern.badssl.com"); $tests++;
|
||||
my $socketout = `./testssl.sh -c --jsonfile tmp.json --color 0 mozilla-modern.badssl.com`;
|
||||
my $socket = json('tmp.json');
|
||||
like($socketout, qr/Running browser simulations via sockets/, "Tests ran via sockets"); $tests++;
|
||||
|
||||
my $i = 0;
|
||||
foreach my $o ( @$openssl ) {
|
||||
my $s = $$socket[$i];
|
||||
if ( $o->{id} =~ /^client_/ ) {
|
||||
pass("Comparing $o->{id}"); $tests++;
|
||||
cmp_ok($o->{id}, "eq", $s->{id}, "Id's match"); $tests++;
|
||||
cmp_ok($o->{severity}, "eq", $s->{severity}, "Severities match"); $tests++;
|
||||
cmp_ok($o->{finding}, "eq", $s->{finding}, "Findings match"); $tests++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
52
t/05_client_sims_testssl.sh.t
Executable file
52
t/05_client_sims_testssl.sh.t
Executable file
@ -0,0 +1,52 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
pass("This test was intentionally left blank"); $tests++;
|
||||
#pass("Running openssl based client simulations against testssl.sh"); $tests++;
|
||||
#my $opensslout = `./testssl.sh -c --ssl-native --jsonfile tmp.json --color 0 testssl.sh`;
|
||||
#my $openssl = json('tmp.json');
|
||||
#unlike($opensslout, qr/Running browser simulations via sockets/, "Tests didn't run via sockets"); $tests++;
|
||||
|
||||
#pass("Running socket based client simulations against testssl.sh"); $tests++;
|
||||
#my $socketout = `./testssl.sh -c --jsonfile tmp.json --color 0 testssl.sh`;
|
||||
#my $socket = json('tmp.json');
|
||||
#like($socketout, qr/Running browser simulations via sockets/, "Tests ran via sockets"); $tests++;
|
||||
|
||||
|
||||
#my $i = 0;
|
||||
#foreach my $o ( @$openssl ) {
|
||||
# my $s = $$socket[$i];
|
||||
# if ( $o->{id} =~ /^client_/ ) {
|
||||
# pass("Comparing $o->{id}"); $tests++;
|
||||
# cmp_ok($o->{id}, "eq", $s->{id}, "Id's match"); $tests++;
|
||||
# cmp_ok($o->{severity}, "eq", $s->{severity}, "Severities match"); $tests++;
|
||||
# if ( $o->{finding} eq $s->{finding} ) {
|
||||
# pass("Findings match"); $tests++;
|
||||
# } elsif (
|
||||
# # TODO: The no connection thing is weird, need to look at it, but not now
|
||||
# $o->{finding}=~/(TLSv1\.[012] EC|No Connection)/ &&
|
||||
# $s->{finding}=~/TLSv1\.[012] (DH|RSA|AES)/ &&
|
||||
# $o->{id} =~/^client_(chrome_[456789]|ie_[891]|edge_1|yahoo|android_[6789])/
|
||||
# ) {
|
||||
# pass("Findings differ, most likely due to curve differences.\nSockets: $s->{finding}\nOpenSSL: $o->{finding}"); $tests++
|
||||
# } else {
|
||||
# cmp_ok($o->{finding}, "eq", $s->{finding}, "Findings match"); $tests++;
|
||||
# }
|
||||
# }
|
||||
# $i++;
|
||||
#}
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
39
t/06_client_sims_starttls.t
Executable file
39
t/06_client_sims_starttls.t
Executable file
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
pass("Running openssl based client simulations against smtp-relay.gmail.com:587"); $tests++;
|
||||
my $opensslout = `./testssl.sh -c --ssl-native -t smtp --jsonfile tmp.json --color 0 smtp-relay.gmail.com:587`;
|
||||
my $openssl = json('tmp.json');
|
||||
unlike($opensslout, qr/Running client simulations via sockets/, "Tests didn't run via sockets"); $tests++;
|
||||
|
||||
pass("Running socket based client simulations against smtp-relay.gmail.com:587"); $tests++;
|
||||
my $socketout = `./testssl.sh -c -t smtp --jsonfile tmp.json --color 0 smtp-relay.gmail.com:587`;
|
||||
my $socket = json('tmp.json');
|
||||
like($socketout, qr/Running client simulations via sockets/, "Tests ran via sockets"); $tests++;
|
||||
|
||||
my $i = 0;
|
||||
foreach my $o ( @$openssl ) {
|
||||
my $s = $$socket[$i];
|
||||
if ( $o->{id} =~ /^client_/ ) {
|
||||
pass("Comparing $o->{id}"); $tests++;
|
||||
cmp_ok($o->{id}, "eq", $s->{id}, "Id's match"); $tests++;
|
||||
cmp_ok($o->{severity}, "eq", $s->{severity}, "Severities match"); $tests++;
|
||||
cmp_ok($o->{finding}, "eq", $s->{finding}, "Findings match"); $tests++;
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
@ -2010,7 +2010,7 @@ run_client_simulation() {
|
||||
local using_sockets=true
|
||||
local client_service
|
||||
|
||||
if [[ $SSL_NATIVE || ! $EXPERIMENTAL ]]; then
|
||||
if $SSL_NATIVE; then
|
||||
using_sockets=false
|
||||
fi
|
||||
|
||||
|
@ -136,40 +136,40 @@ foreach my $client ( @$ssllabs ) {
|
||||
|
||||
print OUT
|
||||
'# --- testssl.sh maintained clients ---
|
||||
|
||||
names+=("Mail iOS 9.3.2 ")
|
||||
short+=("mail_ios_932")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
protos+=("-tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
|
||||
names+=("Mail OSX 10.11.15 ")
|
||||
short+=("mail_osx_101115")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
protos+=("-tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
requiresSha2+=(false)
|
||||
#TODO: These clients do not pass the unit tests, yet.
|
||||
#names+=("Mail iOS 9.3.2 ")
|
||||
#short+=("mail_ios_932")
|
||||
#ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
#sni+=("$SNI")
|
||||
#warning+=("")
|
||||
#handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
#protos+=("#-tls1_1 -tls1")
|
||||
#lowest_protocol+=("0x0300")
|
||||
#highest_protocol+=("0x0301")
|
||||
#service+=("SMTP,POP,IMAP")
|
||||
#minDhBits+=(-1)
|
||||
#maxDhBits+=(-1)
|
||||
#minRsaBits+=(-1)
|
||||
#maxRsaBits+=(-1)
|
||||
#minEcdsaBits+=(-1)
|
||||
#requiresSha2+=(false)
|
||||
#
|
||||
#names+=("Mail OSX 10.11.15 ")
|
||||
#short+=("mail_osx_101115")
|
||||
#ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||
#sni+=("$SNI")
|
||||
#warning+=("")
|
||||
#handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
|
||||
#protos+=("-tls1")
|
||||
#lowest_protocol+=("0x0301")
|
||||
#highest_protocol+=("0x0301")
|
||||
#service+=("SMTP,POP,IMAP")
|
||||
#minDhBits+=(-1)
|
||||
#maxDhBits+=(-1)
|
||||
#minRsaBits+=(-1)
|
||||
#maxRsaBits+=(-1)
|
||||
#minEcdsaBits+=(-1)
|
||||
#requiresSha2+=(false)
|
||||
|
||||
names+=("Thunderbird 45.1.1 OSX 10.11 ")
|
||||
short+=("thudnerbird_45.1.1_osx_101115")
|
||||
|
Loading…
Reference in New Issue
Block a user