diff --git a/doc/testssl.1 b/doc/testssl.1 index 1a5d26d..0d2efe7 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -222,24 +222,27 @@ Server banner HTTP date+time . .IP "\(bu" 4 +Server banner like Linux or other Unix vendor headers +. +.IP "\(bu" 4 Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc) . .IP "\(bu" 4 Reverse proxy headers . .IP "\(bu" 4 -Linux or other Unix vendor headers +Web server modules . .IP "\(bu" 4 -Web server module -. -.IP "\(bu" 4 -IPv4 address +IPv4 address in header . .IP "\(bu" 4 Cookie (including Secure/HTTPOnly flags) . .IP "\(bu" 4 +Decodes BIG IP F5 cookies +. +.IP "\(bu" 4 Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers) . .IP "" 0 @@ -543,7 +546,7 @@ implicitly does a STARTTLS handshake on the plain text port, then check the IPs .IP "" 0 . .P -does the same on the plain text IMAP port\. Please note that for plain TLS\-encrypted ports you must not specify the protocol option: \fBtestssl\.sh smtp\.gmail\.com:465\fR tests the encryption on the SMTPS port, \fBtestssl\.sh imap\.gmx\.net:993\fR on the IMAPS port\. +does the same on the plain text IMAP port\. Please note that for plain TLS\-encrypted ports you must not specify the protocol option: \fBtestssl\.sh smtp\.gmail\.com:465\fR tests the encryption on the SMTPS port, \fBtestssl\.sh imap\.gmx\.net:993\fR on the IMAPS port\. Also MongoDB which provides TLS support can be tested\. . .SH "RFCs and other standards" . diff --git a/doc/testssl.1.md b/doc/testssl.1.md index 37eaa81..c45915e 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -156,12 +156,13 @@ If the server provides no matching record in Subject Alternative Name (SAN) but * HTTP Public Key Pinning (HPKP) * Server banner * HTTP date+time +* Server banner like Linux or other Unix vendor headers * Application banner (PHP, RoR, OWA, SharePoint, Wordpress, etc) * Reverse proxy headers -* Linux or other Unix vendor headers -* Web server module -* IPv4 address +* Web server modules +* IPv4 address in header * Cookie (including Secure/HTTPOnly flags) +* Decodes BIG IP F5 cookies * Security headers (X-Frame-Options, X-XSS-Protection, ..., CSP headers) @@ -349,7 +350,7 @@ implicitly does a STARTTLS handshake on the plain text port, then check the IPs testssl.sh --starttls=imap imap.gmx.net:143 -does the same on the plain text IMAP port. Please note that for plain TLS-encrypted ports you must not specify the protocol option: `testssl.sh smtp.gmail.com:465` tests the encryption on the SMTPS port, `testssl.sh imap.gmx.net:993` on the IMAPS port. +does the same on the plain text IMAP port. Please note that for plain TLS-encrypted ports you must not specify the protocol option: `testssl.sh smtp.gmail.com:465` tests the encryption on the SMTPS port, `testssl.sh imap.gmx.net:993` on the IMAPS port. Also MongoDB which provides TLS support can be tested. ## RFCs and other standards