Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-23 08:47:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Auto-generate docs from testssl.1.md [skip ci]

Browse Source
This commit is contained in:
github-actions[bot]
2026-06-22 14:38:35 +00:00
parent 859d24df20
commit f284366aee
2 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
doc/testssl.1
+14 -5
View File
@@ -50,9 +50,11 @@ of appearance):
.IP " 0)" 4
displays a banner (see below), does a DNS lookup also for further IP
addresses and does for the returned IP address a reverse lookup.
Also the so called DNS HTTPS record is being queried and displayed (for
the first IP only).
Last but not least a service check is being done.
.IP " 1)" 4
SSL/TLS protocol check
SSL/TLS protocol check plus QUIC and ALPN check
.IP " 2)" 4
standard cipher categories
.IP " 3)" 4
@@ -329,10 +331,11 @@ If you don\(cqt want this behavior, you need to supply \f[CR]\-4.\f[R]
of the target won\(cqt be scanned.
.PP
\f[CR]\-\-ssl\-native\f[R] Instead of using a mixture of bash sockets
and a few openssl s_client connects, testssl.sh uses the latter (almost)
only.
This is faster but provides less accurate results, especially for the
client simulation and for cipher support.
and a few \f[CR]openssl s_client connect\f[R]s, testssl.sh uses the
latter (almost) only.
This is faster but doesn\(cqt provides accurate results, especially for
the client simulation and for cipher support.
Thus this is not recommended anymore.
For all checks you will see a warning if testssl.sh cannot tell if a
particular check cannot be performed.
For some checks however you might end up getting false negatives without
@@ -519,6 +522,9 @@ If a TLS\-1.3\-only host is encountered and the openssl\-bad version is
used testssl.sh will e.g.\ for HTTP header checks switch to
\f[CR]/usr/bin/openssl\f[R] (or when defined via ENV to OPENSSL2).
Also this will be tried for the QUIC check.
You will get an additional message if the DNS HTTPS Resource Record
matches the QUIC finding.
Also if there are negative consequences (h3 advertised but not offered).
.PP
\f[CR]\-P, \-\-server\-preference, \-\-preference\f[R] displays the
servers preferences: cipher order, with used openssl client: negotiated
@@ -1422,6 +1428,9 @@ RFC 8701: Applying Generate Random Extensions And Sustain Extensibility
.IP \(bu 2
RFC 9000: QUIC: A UDP\-Based Multiplexed and Secure Transport
.IP \(bu 2
RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB
and HTTPS Resource Records)
.IP \(bu 2
W3C CSP: Content Security Policy Level 1\-3
.IP \(bu 2
TLSWG Draft: The Transport Layer Security (TLS) Protocol Version 1.3