diff --git a/doc/testssl.1 b/doc/testssl.1 index bc3eb55..1a5d26d 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -296,7 +296,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers) \fB\-4, \-\-rc4, \-\-appelbaum\fR Checks which RC4 stream ciphers are being offered\. . .P -\fB\-g, \-\-grease\fR test for server implementation bugs, see https://datatracker\.ietf\.org/doc/draft\-ietf\-tls\-grease +\fB\-g, \-\-grease\fR Checks several server implementation bugs like GREASE and size limitations,see https://www\.ietf\.org/archive/id/draft\-ietf\-tls\-grease\-00\.txt . .SS "OUTPUT OPTIONS" \fB\-\-warnings \fR The warnings parameter determines how testssl\.sh will deal with situations where user input will normally be necessary\. There are a couple of options here\. \fBbatch\fR doesn\'t wait for a confirming keypress\. This is automatically being chosen for mass testing (\fB\-\-file\fR)\. \fB\-false\fR just skips the warning AND the confirmation\. Please note that there are conflicts where testssl\.sh will still ask for confirmation\. Those are ones which would have a drastic impact on the results\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\. diff --git a/doc/testssl.1.md b/doc/testssl.1.md index 5c0d867..37eaa81 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -201,7 +201,7 @@ If the server provides no matching record in Subject Alternative Name (SAN) but `-4, --rc4, --appelbaum` Checks which RC4 stream ciphers are being offered. -`-g, --grease` test for server implementation bugs, see https://datatracker.ietf.org/doc/draft-ietf-tls-grease +`-g, --grease` Checks several server implementation bugs like GREASE and size limitations,see https://www.ietf.org/archive/id/draft-ietf-tls-grease-00.txt ### OUTPUT OPTIONS diff --git a/testssl.sh b/testssl.sh index 247e345..951a038 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11819,7 +11819,7 @@ help() { Alternatively: nmap output in greppable format (-oG) (1x port per line allowed) --mode Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter) -single check as ("$PROG_NAME URI" does everything except -E): +single check as ("$PROG_NAME URI" does everything except -E and -g): -e, --each-cipher checks each local cipher remotely -E, --cipher-per-proto checks those per protocol -s, --std, --standard tests certain lists of cipher suites by strength @@ -11848,7 +11848,7 @@ single check as ("$PROG_NAME URI" does everything except -E): -D, --drown tests for DROWN vulnerability -f, --pfs, --fs, --nsa checks (perfect) forward secrecy settings -4, --rc4, --appelbaum which RC4 ciphers are being offered? - -g, --grease test for server implementation bugs (see https://datatracker.ietf.org/doc/draft-ietf-tls-grease) + -g, --grease tests several server implementation bugs like GREASE and size limitations tuning / connect options (most also can be preset via environment variables): --fast omits some checks: using openssl for all ciphers (-e), show only first