Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-09 04:02:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add 0-RTT

Browse Source 
also:
* fine tuning protocol section
* reference RFC 8470 (well..) and FIPS 203
* add a general linkto TLS related  RFCs
This commit is contained in:
Dirk Wetter
2025-10-08 10:31:48 +02:00
parent d637daefeb
commit da7c713b08
3 changed files with 727 additions and 738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1422
doc/testssl.1
View File

File diff suppressed because it is too large Load Diff

34
doc/testssl.1.html
View File

@ -470,11 +470,11 @@
encryption sucks. Also this section lists the available
elliptical curves and Diffie Hellman groups, as well as FFDHE
groups (TLS 1.2 and TLS 1.3).</p>
<p><code>-p, --protocols</code> checks TLS/SSL protocols SSLv2,
SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3),
SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and
several drafts (from 18 on) are tested. QUIC needs OpenSSL &gt;=
3.2 which can be automatically picked up when in
<p><code>-p, --protocols</code> checks every SSL/TLS protocols:
SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC
(HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final
version and several drafts (from 18 on) are tested. QUIC needs
OpenSSL &gt;= 3.2 which can be automatically picked up when in
<code>/usr/bin/openssl</code> (or when defined environment
variable OPENSSL2). If a TLS-1.3-only host is encountered and
the openssl-bad version is used testssl.sh will e.g. for HTTP
@ -493,6 +493,7 @@
<li>Available TLS extensions,</li>
<li>TLS ticket + session ID information/capabilities,</li>
<li>session resumption capabilities,</li>
<li>TLS 1.3 early data, a.k.a 0-RTT</li>
<li>Time skew relative to localhost (most server implementations
return random values).</li>
<li>Several certificate information
@ -927,11 +928,11 @@
and when this is set to true, it generates a separate text file
with epoch times in <code>/tmp/testssl-&lt;XX&gt;.time</code>.
They need to be concatenated by
<code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code> <!---
* FAST_SOCKET
* SHOW_SIGALGO
* FAST
--></li>
<code>paste /tmp/testssl-&lt;XX&gt;.{time,log}</code>
&lt;!—</li>
<li>FAST_SOCKET</li>
<li>SHOW_SIGALGO</li>
<li>FAST &gt;</li>
<li>EXPERIMENTAL=true is an option which is sometimes used in
the development process to make testing easier. In released
versions this has no effect.</li>
@ -969,10 +970,9 @@
may be made larger on systems with faster processors.</li>
<li>MAX_WAIT_TEST is the maximum time (in seconds) to wait for a
single test in parallel mass testing mode to complete. The
default is 1200. <!---
* USLEEP_SND
* USLEEP_REC
--></li>
default is 1200. &lt;!—</li>
<li>USLEEP_SND</li>
<li>USLEEP_REC &gt;</li>
<li>HSTS_MIN is preset to 179 (days). If you want warnings
sooner or later for HTTP Strict Transport Security you can
change this.</li>
@ -1194,6 +1194,7 @@
News Transfer Protocol (NNTP)</li>
<li>RFC 8446: The Transport Layer Security (TLS) Protocol
Version 1.3</li>
<li>RFC 8470: Using Early Data in HTTP</li>
<li>RFC 8701: Applying Generate Random Extensions And Sustain
Extensibility (GREASE) to TLS Extensibility</li>
<li>RFC 9000: QUIC: A UDP-Based Multiplexed and Secure
@ -1201,7 +1202,12 @@
<li>W3C CSP: Content Security Policy Level 1-3</li>
<li>TLSWG Draft: The Transport Layer Security (TLS) Protocol
Version 1.3</li>
<li>FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism
Standard</li>
</ul>
<p><a
href="ihttps://www.rfc-editor.org/search/rfc_search_detail.php?title=TLS&amp;page=All">More
RFCs</a> might be applicable.</p>
<h2 id="exit-status">EXIT STATUS</h2>
<ul>
<li>0 testssl.sh finished successfully without errors and

9
doc/testssl.1.md
View File

@ -178,7 +178,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
`-f, --fs, --nsa, --forward-secrecy` Checks robust forward secrecy key exchange. "Robust" means that ciphers having intrinsic severe weaknesses like Null Authentication or Encryption, 3DES and RC4 won't be considered here. There shouldn't be the wrong impression that a secure key exchange has been taking place and everything is fine when in reality the encryption sucks. Also this section lists the available elliptical curves and Diffie Hellman groups, as well as FFDHE groups (TLS 1.2 and TLS 1.3).
`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and several drafts (from 18 on) are tested. QUIC needs OpenSSL >= 3.2 which can be automatically picked up when in `/usr/bin/openssl` (or when defined environment variable OPENSSL2). If a TLS-1.3-only host is encountered and the openssl-bad version is used testssl.sh will e.g. for HTTP header checks switch to `/usr/bin/openssl` (or when defined via ENV to OPENSSL2). Also this will be tried for the QUIC check.
`-p, --protocols` checks every SSL/TLS protocols: SSLv2, SSLv3, TLS 1.0 through TLS 1.3. And for HTTP also QUIC (HTTP/3), SPDY (NPN) and ALPN (HTTP/2). For TLS 1.3 the final version and several drafts (from 18 on) are tested. QUIC needs OpenSSL >= 3.2 which can be automatically picked up when in `/usr/bin/openssl` (or when defined environment variable OPENSSL2). If a TLS-1.3-only host is encountered and the openssl-bad version is used testssl.sh will e.g. for HTTP header checks switch to `/usr/bin/openssl` (or when defined via ENV to OPENSSL2). Also this will be tried for the QUIC check.
`-P, --server-preference, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol.
@ -187,6 +187,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
* Available TLS extensions,
* TLS ticket + session ID information/capabilities,
* session resumption capabilities,
* TLS 1.3 early data, a.k.a 0-RTT
* Time skew relative to localhost (most server implementations return random values).
* Several certificate information
- signature algorithm,
@ -525,10 +526,14 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
* RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security
* RFC 8143: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
* RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
* RFC 8470: Using Early Data in HTTP
* RFC 8701: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
* RFC 9000: QUIC: A UDP-Based Multiplexed and Secure Transport
* W3C CSP: Content Security Policy Level 1-3
* TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3
* FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
[More RFCs](ihttps://www.rfc-editor.org/search/rfc_search_detail.php?title=TLS&page=All) might be applicable.
## EXIT STATUS
@ -549,7 +554,7 @@ Please note that for plain TLS-encrypted ports you must not specify the protocol
* 252 (ERR_FNAMEPARSE) Input file couldn't be parsed
* 253 (ERR_FCREATE) Output file couldn't be created
* 254 (ERR_CMDLINE) Cmd line couldn't be parsed
* 255 (ERR_BASH) Bash version incorrect
* 255 (ERR_BASH) Bash version incorrect
## FILES