mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Update documentation
* remove hint that LDAP only works with STARTTLS * Add the relevant LDAP RFC for STARTTLS * Amend with sieve RFC * Correct numbering order of RFC section
This commit is contained in:
parent
4639e996db
commit
da3520f8b2
@ -82,7 +82,7 @@ A typical internal conversion to testssl\.sh file format from nmap's grep(p)able
|
||||
.P
|
||||
\fB\-\-reqheader <header>\fR This can be used to add additional HTTP request headers in the correct format \fBHeadername: headercontent\fR\. This parameter can be called multiple times if required\. For example: \fB\-\-reqheader 'Proxy\-Authorization: Basic dGVzdHNzbDpydWxlcw==' \-\-reqheader 'ClientID: 0xDEADBEAF'\fR\. REQHEADER is the corresponding environment variable\.
|
||||
.SS "SPECIAL INVOCATIONS"
|
||||
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR is WIP\.
|
||||
\fB\-t <protocol>, \-\-starttls <protocol>\fR does a default run against a STARTTLS enabled \fBprotocol\fR\. \fBprotocol\fR must be one of \fBftp\fR, \fBsmtp\fR, \fBpop3\fR, \fBimap\fR, \fBxmpp\fR, \fBsieve\fR, \fBxmpp\-server\fR, \fBtelnet\fR, \fBldap\fR, \fBirc\fR, \fBlmtp\fR, \fBnntp\fR, \fBpostgres\fR, \fBmysql\fR\. For the latter four you need e\.g\. the supplied OpenSSL or OpenSSL version 1\.1\.1\. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with \fB\-\-ssl\-native\fR\. \fBtelnet\fR and \fBirc\fR are WIP\.
|
||||
.P
|
||||
\fB\-\-xmpphost <jabber_domain>\fR is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter\. This is only needed if the domain is different from the URI supplied\.
|
||||
.P
|
||||
@ -478,9 +478,11 @@ Please note that for plain TLS\-encrypted ports you must not specify the protoco
|
||||
.IP "\[ci]" 4
|
||||
RFC 2246: The TLS Protocol Version 1\.0
|
||||
.IP "\[ci]" 4
|
||||
RFC 2595: Using TLS with IMAP, POP3 and ACAP
|
||||
.IP "\[ci]" 4
|
||||
RFC 2818: HTTP Over TLS
|
||||
.IP "\[ci]" 4
|
||||
RFC 2595: Using TLS with IMAP, POP3 and ACAP
|
||||
RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
|
||||
.IP "\[ci]" 4
|
||||
RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
|
||||
.IP "\[ci]" 4
|
||||
@ -502,6 +504,8 @@ RFC 5321: Simple Mail Transfer Protocol
|
||||
.IP "\[ci]" 4
|
||||
RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
|
||||
.IP "\[ci]" 4
|
||||
RFC 5804: A Protocol for Remotely Managing Sieve Scripts
|
||||
.IP "\[ci]" 4
|
||||
RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
|
||||
.IP "\[ci]" 4
|
||||
RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3\.0
|
||||
|
@ -194,7 +194,7 @@ The same can be achieved by setting the environment variable <code>WARNINGS</cod
|
||||
|
||||
<h3 id="SPECIAL-INVOCATIONS">SPECIAL INVOCATIONS</h3>
|
||||
|
||||
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> is WIP.</p>
|
||||
<p><code>-t <protocol>, --starttls <protocol></code> does a default run against a STARTTLS enabled <code>protocol</code>. <code>protocol</code> must be one of <code>ftp</code>, <code>smtp</code>, <code>pop3</code>, <code>imap</code>, <code>xmpp</code>, <code>sieve</code>, <code>xmpp-server</code>, <code>telnet</code>, <code>ldap</code>, <code>irc</code>, <code>lmtp</code>, <code>nntp</code>, <code>postgres</code>, <code>mysql</code>. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with <code>--ssl-native</code>. <code>telnet</code> and <code>irc</code> are WIP.</p>
|
||||
|
||||
<p><code>--xmpphost <jabber_domain></code> is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.</p>
|
||||
|
||||
@ -580,8 +580,9 @@ This is to prevent giving out a misleading or wrong grade.</p>
|
||||
|
||||
<ul>
|
||||
<li>RFC 2246: The TLS Protocol Version 1.0</li>
|
||||
<li>RFC 2818: HTTP Over TLS</li>
|
||||
<li>RFC 2595: Using TLS with IMAP, POP3 and ACAP</li>
|
||||
<li>RFC 2818: HTTP Over TLS</li>
|
||||
<li>RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security</li>
|
||||
<li>RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security</li>
|
||||
<li>RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</li>
|
||||
<li>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</li>
|
||||
@ -592,6 +593,7 @@ This is to prevent giving out a misleading or wrong grade.</p>
|
||||
<li>RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</li>
|
||||
<li>RFC 5321: Simple Mail Transfer Protocol</li>
|
||||
<li>RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension</li>
|
||||
<li>RFC 5804: A Protocol for Remotely Managing Sieve Scripts</li>
|
||||
<li>RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions</li>
|
||||
<li>RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0</li>
|
||||
<li>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core</li>
|
||||
|
@ -115,7 +115,7 @@ The same can be achieved by setting the environment variable `WARNINGS`.
|
||||
|
||||
### SPECIAL INVOCATIONS
|
||||
|
||||
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, LDAP currently only works with `--ssl-native`. `telnet` and `irc` is WIP.
|
||||
`-t <protocol>, --starttls <protocol>` does a default run against a STARTTLS enabled `protocol`. `protocol` must be one of `ftp`, `smtp`, `pop3`, `imap`, `xmpp`, `sieve`, `xmpp-server`, `telnet`, `ldap`, `irc`, `lmtp`, `nntp`, `postgres`, `mysql`. For the latter four you need e.g. the supplied OpenSSL or OpenSSL version 1.1.1. Please note: MongoDB doesn't offer a STARTTLS connection, IRC currently only works with `--ssl-native`. `telnet` and `irc` are WIP.
|
||||
|
||||
`--xmpphost <jabber_domain>` is an additional option for STARTTLS enabled XMPP: It expects the jabber domain as a parameter. This is only needed if the domain is different from the URI supplied.
|
||||
|
||||
@ -473,8 +473,9 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
|
||||
## RFCs and other standards
|
||||
|
||||
* RFC 2246: The TLS Protocol Version 1.0
|
||||
* RFC 2818: HTTP Over TLS
|
||||
* RFC 2595: Using TLS with IMAP, POP3 and ACAP
|
||||
* RFC 2818: HTTP Over TLS
|
||||
* RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
|
||||
* RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
|
||||
* RFC 3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1
|
||||
* RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
|
||||
@ -485,6 +486,7 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
|
||||
* RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
|
||||
* RFC 5321: Simple Mail Transfer Protocol
|
||||
* RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
|
||||
* RFC 5804: A Protocol for Remotely Managing Sieve Scripts
|
||||
* RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
|
||||
* RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0
|
||||
* RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core
|
||||
|
Loading…
Reference in New Issue
Block a user