Update documentation

* remove hint that LDAP only works with STARTTLS
* Add the relevant LDAP RFC for STARTTLS
* Amend with sieve RFC
* Correct numbering order of RFC section
This commit is contained in:
Dirk Wetter 2022-01-31 11:05:52 +01:00
parent 4639e996db
commit da3520f8b2
3 changed files with 14 additions and 6 deletions

View File

@ -82,7 +82,7 @@ A typical internal conversion to testssl\.sh file format from nmap's grep(p)able
.P .P
\fB\-\-reqheader <header>\fR This can be used to add additional HTTP request headers in the correct format \fBHeadername: headercontent\fR\. This parameter can be called multiple times if required\. For example: \fB\-\-reqheader 'Proxy\-Authorization: Basic dGVzdHNzbDpydWxlcw==' \-\-reqheader 'ClientID: 0xDEADBEAF'\fR\. REQHEADER is the corresponding environment variable\. \fB\-\-reqheader <header>\fR This can be used to add additional HTTP request headers in the correct format \fBHeadername: headercontent\fR\. This parameter can be called multiple times if required\. For example: \fB\-\-reqheader 'Proxy\-Authorization: Basic dGVzdHNzbDpydWxlcw==' \-\-reqheader 'ClientID: 0xDEADBEAF'\fR\. REQHEADER is the corresponding environment variable\.
.SS "SPECIAL INVOCATIONS" .SS "SPECIAL INVOCATIONS"
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\. \fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR are WIP\.
.P .P
\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\. \fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
.P .P
@ -478,9 +478,11 @@ Please note that for plain TLS\-encrypted ports you must not specify the protoco
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 2246: The TLS Protocol Version 1\.0 RFC 2246: The TLS Protocol Version 1\.0
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 2595: Using TLS with IMAP, POP3 and ACAP
.IP "\[ci]" 4
RFC 2818: HTTP Over TLS RFC 2818: HTTP Over TLS
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 2595: Using TLS with IMAP, POP3 and ACAP RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
.IP "\[ci]" 4 .IP "\[ci]" 4
@ -502,6 +504,8 @@ RFC 5321: Simple Mail Transfer Protocol
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 5804: A Protocol for Remotely Managing Sieve Scripts
.IP "\[ci]" 4
RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
.IP "\[ci]" 4 .IP "\[ci]" 4
RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3\.0 RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3\.0

View File

@ -194,7 +194,7 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3> <h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
<p><code>-t &lt;protocol&gt;, --starttls &lt;protocol&gt;</code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p> <p><code>-t &lt;protocol&gt;, --starttls &lt;protocol&gt;</code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> are WIP.</p>
<p><code>--xmpphost &lt;jabber_domain&gt;</code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p> <p><code>--xmpphost &lt;jabber_domain&gt;</code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
@ -580,8 +580,9 @@ This is to prevent giving out a misleading or wrong grade.</p>
<ul> <ul>
<li>RFC 2246: The TLS Protocol Version 1.0</li> <li>RFC 2246: The TLS Protocol Version 1.0</li>
<li>RFC 2818: HTTP Over TLS</li>
<li>RFC 2595: Using TLS with IMAP, POP3 and ACAP</li> <li>RFC 2595: Using TLS with IMAP, POP3 and ACAP</li>
<li>RFC 2818: HTTP Over TLS</li>
<li>RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security</li>
<li>RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security</li> <li>RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security</li>
<li>RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</li> <li>RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</li>
<li>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</li> <li>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</li>
@ -592,6 +593,7 @@ This is to prevent giving out a misleading or wrong grade.</p>
<li>RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</li> <li>RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</li>
<li>RFC 5321: Simple Mail Transfer Protocol</li> <li>RFC 5321: Simple Mail Transfer Protocol</li>
<li>RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension</li> <li>RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension</li>
<li>RFC 5804: A Protocol for Remotely Managing Sieve Scripts</li>
<li>RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions</li> <li>RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions</li>
<li>RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0</li> <li>RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0</li>
<li>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core</li> <li>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core</li>

View File

@ -115,7 +115,7 @@ The same can be achieved by setting the environment variable `WARNINGS`.
### SPECIAL INVOCATIONS ### SPECIAL INVOCATIONS
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP. `-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with `--ssl-native`. `telnet` and `irc` are WIP.
`--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied. `--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
@ -473,8 +473,9 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
## RFCs and other standards ## RFCs and other standards
* RFC 2246: The TLS Protocol Version 1.0 * RFC 2246: The TLS Protocol Version 1.0
* RFC 2818: HTTP Over TLS
* RFC 2595: Using TLS with IMAP, POP3 and ACAP * RFC 2595: Using TLS with IMAP, POP3 and ACAP
* RFC 2818: HTTP Over TLS
* RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
* RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security * RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
* RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 * RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1
* RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1 * RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
@ -485,6 +486,7 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
* RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
* RFC 5321: Simple Mail Transfer Protocol * RFC 5321: Simple Mail Transfer Protocol
* RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension * RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
* RFC 5804: A Protocol for Remotely Managing Sieve Scripts
* RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
* RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0 * RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0
* RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core * RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core