Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-04 07:45:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

"eTLS" -> ETS

Browse Source 
Decription was added with the (future) ETSI name ETS [1]. Also
added as a comment MITRE's CVE data using ETS, amended with NIST's
entry in NVD

[1] EFF's interpretation: extra terrible security
   https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it
This commit is contained in:
Dirk
2019-06-17 10:01:05 +02:00
parent 6e4abbf33a
commit f1eb2b89b9
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
testssl.sh
View File

@@ -8505,10 +8505,13 @@ certificate_info() {
# https://certs.opera.com/03/ev-oids.xml # https://certs.opera.com/03/ev-oids.xml
# see #967 # see #967
out "$indent"; pr_bold " \"eTLS\"" out "$indent"; pr_bold " ETS/\"eTLS\""
out " (visibility info) " out ", visibility info "
jsonID="cert_eTLS" jsonID="cert_eTLS"
etsi_etls_visibility_info "$jsonID" "$spaces" "$HOSTCERT" "$cert_txt" etsi_etls_visibility_info "$jsonID" "$spaces" "$HOSTCERT" "$cert_txt"
# *Currently* this is even listed as a vulnerability (CWE-310, CVE-2019-919), see
# https://nvd.nist.gov/vuln/detail/CVE-2019-9191, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9191
# For now we leave this here. We may want to change that later or add infos to other sections (PFS & vulnerability)
out "$indent"; pr_bold " Certificate Validity (UTC) " out "$indent"; pr_bold " Certificate Validity (UTC) "