Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 22:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,189 Commits 17 Branches 35 Tags
08ed5521a92de84a715bdf87e62894542b37f78b
Commit Graph

5189 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
08ed5521a9 Merge pull request #2922 from testssl/shellcheck1 
Squash some shellcheck *errors*
 2025-10-13 22:10:44 +02:00
Dirk Wetter
c53e7a3955 Fix more shellcheck complaints (high severity) 
... and fine tune some comments in the beginning
 2025-10-13 21:06:02 +02:00
Dirk Wetter
8bc2185a72 Merge pull request #2923 from testssl/drwetter-patch-1 
Minor fine tuning
 2025-10-12 11:49:26 +02:00
Dirk Wetter
2cfa23e7f7 Minor fine tuning 
* version 3.2 was removed from links
* badges updated
* minor language improvements
 2025-10-12 11:34:56 +02:00
Dirk Wetter
672493ebe7 Fix check for /bin/sh 2025-10-11 18:59:51 +02:00
Dirk Wetter
7090d5fbdd Saving everything before commit/push is supposed to be better ;-) 2025-10-11 18:00:48 +02:00
Dirk Wetter
8392a4aed5 Squash some shellcheck *errors* 
and some warnings.

Five errors of type [SC2145](https://www.shellcheck.net/wiki/SC2145) are left as I am not sure whether
it'll be safe to follow the recommendation
 2025-10-11 13:19:28 +02:00
Dirk Wetter
ae69789ecb Merge pull request #2916 from testssl/update_Linux_CA_store 
Update Linux CA store
 2025-10-09 22:12:09 +02:00
Dirk Wetter
07a0aa4bef Merge pull request #2919 from testssl/update_GHAs 
Update GHAs
 2025-10-09 21:27:38 +02:00
Dirk
9ff79c472f Remove workflows/docker-3.2.yml for 3.3dev 2025-10-09 21:25:30 +02:00
Dirk
d732088923 Roff pages won't trigger a unit test anymore 2025-10-09 21:24:45 +02:00
Dirk Wetter
0a7810ea47 Update Linux CA store 
from Debian 13. Fixes #2915
 2025-10-09 20:42:21 +02:00
Dirk Wetter
df100d986b Merge pull request #2913 from testssl/fix_2909 
Fix date for Ubuntu >= 25.10
 2025-10-09 20:30:15 +02:00
Dirk Wetter
80d05c0831 Merge pull request #2912 from testssl/early_data 
TLS 1.3 early data / 0-RTT
 2025-10-09 18:55:14 +02:00
Dirk Wetter
aacde5dadb Merge branch '3.3dev' into early_data 2025-10-09 15:50:12 +02:00
Dirk
3353627373 Fix unit test for Mac and Ubuntu Linux 2025-10-09 15:44:53 +02:00
Dirk Wetter
32defa1864 Ignore MLKEMs for TLS 1.3 2025-10-09 15:44:53 +02:00
Dirk Wetter
eb915110c9 Update baseline 2025-10-09 15:44:53 +02:00
Dirk
e226a56486 Update basline scan for unit test 
This PR updates the baseline after switching to the new server.
 2025-10-09 15:44:53 +02:00
Dirk Wetter
8534e72dc3 Merge pull request #2914 from testssl/unittest_new_baseline 
Update baseline scan for unit test
 2025-10-09 15:38:37 +02:00
Dirk
6201627298 Fix unit test for Mac and Ubuntu Linux 2025-10-09 13:29:36 +02:00
Dirk Wetter
accd1f20cd Rearrange order of date checks 
works for all "older" Linux systems, MacOS, OpenBSD and according to #teki69
also Ubuntu 25.10 .
 2025-10-08 23:26:48 +02:00
Dirk Wetter
6af5377507 Ignore MLKEMs for TLS 1.3 2025-10-08 23:15:49 +02:00
Dirk Wetter
f081db83e1 Update baseline 2025-10-08 23:14:54 +02:00
Dirk Wetter
da7c713b08 Add 0-RTT 
also:
* fine tuning protocol section
* reference RFC 8470 (well..) and FIPS 203
* add a general linkto TLS related  RFCs
 2025-10-08 10:31:48 +02:00
Dirk Wetter
d637daefeb Add 0-RTT 2025-10-08 10:15:14 +02:00
Dirk
a4b6ded123 Update basline scan for unit test 
This PR updates the baseline after switching to the new server.
 2025-10-08 10:03:19 +02:00
Dirk Wetter
36bc08ce18 Fix date for Ubuntu >= 25.10 
works for
- ubuntu 24.04
- Debian 13
- openbsd 6.6 / 7.x
- macos 15.7.1

Fixes #2909
 2025-10-07 23:23:09 +02:00
Dirk Wetter
e0401b6207 TLS 1.3 early data / 0-RTT 
This PR implements a check for TLS early data. It needs a compatible OpenSSL or
LibreSSL version. For modern OS versionis it should automagically pick the right,
modern binary for the check.

Mitigations like Defer processing or HTTP 425 are not yet tested.

To clarify is
* whether to penalize SSLlabs rating (@magnuslarsen). testssl.net has it
   enabled but the Web UI claims it's not a/v, see
  https://www.ssllabs.com/ssltest/analyze.html?d=testssl.net&s=172.67.205.231&hideResults=on&latest
* Man pages

To be in line with other HAS2_* global vars (HAS2_QUIC, HAS2_UDS), the following
vars were renamed from their OPENSSL2_HAS_* counter parts:

- HAS2_TLS13
- HAS2_CHACHA20=false
- HAS2_AES128_GCM=false
- HAS2_AES256_GCM=false
 2025-10-06 17:03:56 +02:00
Dirk Wetter
3ece1e4b11 Merge pull request #2911 from testssl/early_data_preparation 
Define vars for early data
 2025-10-05 21:34:53 +02:00
Dirk Wetter
ffa1ffdbb3 fix syntax 2025-10-05 20:16:39 +02:00
Dirk Wetter
5b0b771c52 Define vars for early data 
It seems needed to introduce two variables for upcoming early data tests,
see #1186. This is not needed for OpenSSL as it introduced that
together with TLS 1.3. For LibreSSL it is though.
 2025-10-05 18:19:41 +02:00
Dirk Wetter
637ad03a36 Merge pull request #2904 from testssl/jdvorak001-fix_file_naming 
Jdvorak001 fix file naming
 2025-09-30 17:31:33 +02:00
Dirk Wetter
d6decc7f79 Merge pull request #2905 from testssl/fix_2884 
Consistency for function ciphers_by_strength()
 2025-09-30 15:53:34 +02:00
Dirk
78ecf53b67 Consistency for function ciphers_by_strength() 
* keys now always with v, like supportedciphers_TLSv1_2 and also
  ciphers (e.g. TLSv1.2   x35     AES256-SHA)
* add word "server" to file output so that it reads "NOT a server cipher order configured"

Fixes #2884
 2025-09-30 14:30:52 +02:00
Dirk
123684f554 make spellchecker and myself happy ;-) 2025-09-30 13:58:28 +02:00
Dirk
e8ab2c74e6 straighten global definitions in the very bottom 2025-09-30 13:56:25 +02:00
Dirk
1d6ddfb352 rename datetime_started 
.. to fname_date as it's more consitent with fname_prefix
 2025-09-30 13:35:08 +02:00
Jan Dvorak
e0009cf0cb Adapt variable naming (datetime_started now) 2025-09-26 12:18:44 +02:00
Jan Dvorak
67aba03a41 Use common datetime part when naming output files across all formats 
- the datetime is fetched just once
- it is then passed to the functions that start the output files, always as arg1
 2025-09-25 23:26:33 +02:00
Dirk Wetter
d66b67befe Merge pull request #2897 from dcooper16/fix2896 
Fix #2896
 2025-09-21 23:49:10 +02:00
David Cooper
41db430c46 Fix #2896 
This commit fixes #2896. This commit avoids modifying the ADDTL_CA_FILES environment variable, and instead substitutes spaces for commas whenever the variable is used.
 2025-09-21 13:23:55 -07:00
Dirk Wetter
97faadf425 Merge pull request #2894 from testssl/faq_update 
Restructure, load balancer issue, STARTTLS SMTP better explained
 2025-09-18 10:59:25 +02:00
Dirk Wetter
8dec13ba62 Update FAQ.md 2025-09-18 10:57:35 +02:00
Dirk Wetter
94f03a1f1f Merge pull request #2891 from testssl/fix_indentation_3.3dev 
Fix indentation @ Intermediate cert validity
 2025-09-16 19:52:42 +02:00
Dirk Wetter
75feb05a0c Fix indentation @ Intermediate cert validity 
... when there were two server and >1 intermediate CA certificates.
 2025-09-16 13:03:48 +02:00
Dirk Wetter
a90b2cfd4e Merge pull request #2886 from testssl/fix_http_age 
Fix garbled screen when HTTP Age is not a non-negative int
 2025-09-15 17:37:20 +02:00
Dirk Wetter
d08b54b5e1 Merge pull request #2882 from testssl/update_faq 
Additions to FAQ
 2025-09-15 17:37:07 +02:00
Dirk
52d24925e0 > was a problem 
trying to get it right in GiHub MD and retext
 2025-09-15 17:35:37 +02:00
Dirk
f36462b14a fix spell checking 2025-09-15 17:26:06 +02:00