Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,503 Commits 17 Branches 35 Tags
05d27ff1be056122471b01fa3c643c430dcb88f3
Commit Graph

1503 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
f95326cf21 * Liferay in header will be marked in yellow 
* more tries to find openssl binaries (also those in git)
 2015-07-12 18:46:27 +02:00
Dirk
3cf891bd5e * FIX #131 (EC certificate key size was critized) 
* FIX: if request w/o SNI didn't succeed it resulted in an ugly openssl error message
* FIX #51 (we try to initialize GOST engine before showing the banner)
 2015-07-10 10:23:10 +02:00
Dirk Wetter
f1d8471a3d * heartbleed and ccs check enabled per default for STARTTLS 
* performance improvements for sockets+STARTTLS (still only enabled via EXPERIMENTAL=yes)
 2015-07-08 21:30:31 +02:00
Dirk Wetter
ba09b84648 reflect progress on STARTTLS+sockets 2015-07-08 11:35:29 +02:00
Dirk Wetter
d3b8f8e0a2 cosmetic corrections (output) 2015-07-08 11:34:45 +02:00
Dirk Wetter
5944c35075 * EXPERIMETAL=yes is used, testssl.sh uses for protocols, heartbleed, ccs sockets also for STARTTLS! 
* it's slow though (to be improved)
* renamed vars for proxy
* cleanups
 2015-07-07 22:59:31 +02:00
Dirk Wetter
fef9afe288 * protocol checks work now! 
* generic jabber support now!
* jabber domain support
 2015-07-06 22:04:07 +02:00
Dirk Wetter
d1442d8ca9 don't need it 2015-07-06 22:03:41 +02:00
Dirk Wetter
1983658f9c Update Readme.md 2015-07-06 20:49:58 +02:00
Dirk Wetter
179d8700d1 * NEW: xmpphost support 
* FIX for regression (80e26a75ef), config file GOST
 2015-07-06 20:42:43 +02:00
Dirk Wetter
016b488ae3 New set of binaries with a built date and "my" patch https://github.com/PeterMosmans/openssl/pull/23 2015-07-06 20:37:57 +02:00
Dirk Wetter
e614887cb8 renamed files 2015-07-06 20:33:43 +02:00
Dirk Wetter
942ceb04d9 FIX "built on: reproducible build, date unspecified" problem 2015-07-06 20:33:05 +02:00
Dirk Wetter
0e1a7002b9 FIX "built on: reproducible build, date unspecified" problem 2015-07-06 20:22:45 +02:00
Dirk Wetter
c08baa94b3 * CHANGE: some tuning variable are now booleans (see help) 
* help() to reflect this
* cleanups
 2015-07-06 10:10:46 +02:00
Dirk
80e26a75ef * Warning if LibreSSL is used #126 
* FIX for screwed up output for fixed ciphers (FREAK, LOGJAM), see also #126
* GOST support now doesn't complain if MY confif file aleady exists (minor fix)
 2015-07-02 16:39:41 +02:00
Dirk
1186bf4229 - try to interpret server protocol (SMTP, FTP,...) handshake 2015-07-01 19:50:38 +02:00
Dirk
39a0da31e5 - echo host:port 2015-07-01 19:48:33 +02:00
Dirk
d44cff9a81 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-07-01 18:51:18 +02:00
Dirk Wetter
c2f8e23441 Rename ccs-injection.sh to ccs-injection.bash 2015-07-01 18:50:45 +02:00
Dirk
21119d6d01 works also for nntp,ftp,imap,pop,xmpp +starttls now 2015-07-01 13:01:16 +02:00
Dirk
83dc3f707f - works now also for SMTP+STARTTLS 2015-07-01 10:16:01 +02:00
Dirk Wetter
bfdc95f3dc Rename bash-heartbleed.changelog.txt to heartbleed.bash.changelog.txt 2015-07-01 10:12:03 +02:00
Dirk Wetter
4363229a01 Rename bash-heartbleed.sh to heartbleed.bash 2015-07-01 10:11:20 +02:00
Dirk Wetter
0bd46058a1 Update Readme.md 2015-06-29 23:46:39 +02:00
Dirk Wetter
31431a62cf Update Readme.md 2015-06-29 23:37:18 +02:00
Dirk
b797ebaba2 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-29 23:35:05 +02:00
Dirk
24cdfded56 see #124 (John more to the top though) 2015-06-29 23:31:51 +02:00
Dirk
5acfc93d79 * couple of checks for new proxy option from John Newbigin #124 
* minor cleanups for #124
 2015-06-29 23:28:37 +02:00
Dirk
ddd680ac93 * merge #124 from jnewbigin 
* fix my run time error
 2015-06-29 22:29:15 +02:00
Dirk
15a672b521 * assertion vs. condition fixed 2015-06-29 10:41:56 +02:00
Dirk Wetter
b2ebd7640d Update Readme.md 2015-06-28 14:05:25 +02:00
Dirk
93f5b8216d * FIX #125 
* beautified some code / function names
 2015-06-28 13:52:42 +02:00
Dirk
5d78c9421f * first tls_low_byte is now always 01 in TLS 1.0 --> TLS 1.2 (see openssl) 
* removing TLS 1.2 check from sockets as IIS has a problem with it
 2015-06-24 11:08:09 +02:00
Dirk
e121f944e9 * FIX: added missed downgrade (ret=2) in socket protcol check 
* resorted helper functions to top
* cleanups (ok, renamed some functions)
 2015-06-23 21:54:47 +02:00
Dirk
b575710634 * FIX in --ip=one 
* straighthen help()
* FIX ret value for no response in parse_tls_serverhello
 2015-06-23 12:58:40 +02:00
Dirk
ae8f998f8f * help corrected, -e is standard 2015-06-23 07:56:56 +02:00
Dirk
a6c5a2af0d * handshake works now with SNI 2015-06-22 23:19:08 +02:00
Dirk
d3c793e6bc * help without <> now and | 
* socket SNI issue: As it turns out Apache 2.2/2.4 is not behaving according to https://tools.ietf.org/html/rfc6066#section-3
   .
 2015-06-22 18:32:40 +02:00
Dirk
58a6f501b5 - better addressed no clear fallback repsonses, see #121 2015-06-20 19:36:11 +02:00
Dirk
633cdc209b - NEW: IP address detection now in HTTP header 
- NEW: Varnish and Squid header detected
- NEW: option --ip=one is a shortcut and means just test the first ip
- CSP Report-Only in security headers
- New: Varnish and Squid header detected, OWA header
- all single tests in bold now
- no support for TLS 1.2 spits out "NOT ok" as it is not ok
- Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings
- http-date is now in http header(), tls_time in server_defaults()
- http header reply is indented to same row as server defaults
- http status code is displayed clearly now
- BUGFIX: IPv6 address wasn't displayed
- cleanup
- application banner now in two lines if needed
- try a second time to get a http header if first one fails
- fix: case where % sign in ip address made prinf hiccup (sanitized)
- fix: $url was in some functions empty
- fixed bug where some headers were displayed twice
 2015-06-19 20:36:32 +02:00
Dirk
59299ce9e1 - FIX #119 (sed -E fails for old sed versions) 
- std_cipherlists tuned
- fix for selfsigned certs (missed sometimes because of trailing space)
 2015-06-17 11:33:29 +02:00
Dirk
06899f3cbf - introduced Reverse Proxy header 
- FIX for OWA header
- beautfied some header funcs
- fixed GET_REQ1?/HEAD_REQ1?
 2015-06-16 23:00:47 +02:00
Dirk
478b8afac7 FIX: bail out better if $NODE doesn't resolve 
cipher lists now wth plural ending
added Liferay-Portal + X-OWA-Version for application banner
new http_header (still leaving old one in)
readability improvements
 2015-06-16 19:53:40 +02:00
Dirk
e16ccd06b6 - testing all IP addresses of a node works now (refactoring of parse_hn_port into three functions) FIX #96 
- SNI is unset if STARTTLS is set
- some BSD fixes (sed)
 2015-06-16 14:04:44 +02:00
Dirk
ac92ffb3c2 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-15 12:13:45 +02:00
Dirk
4432faf497 "--ip" works now (see help) 
little cleanups
 2015-06-15 12:13:16 +02:00
Dirk Wetter
3ca2b4d8a1 Update Readme.md 2015-06-15 11:29:05 +02:00
Dirk
46c43ee53f Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-11 21:41:53 +02:00
Dirk
a98b67013a FIX #116 
CRIME is lightred/litegreen as it is not that bad as ccs or heartbleed
 resorted some functions
 2015-06-11 21:41:25 +02:00