Commit Graph

4449 Commits

Author SHA1 Message Date
Dirk bf4dd76995 Merge branch 'master' of https://github.com/TKCERT/testssl.sh into TKCERT-master 2016-09-27 21:48:43 +02:00
Dirk Wetter 144e2c20cf Update Readme.md 2016-09-27 00:08:01 +02:00
Dirk Wetter 092badc55a Update Readme.md 2016-09-27 00:01:13 +02:00
Dirk Wetter e59efb0313 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-09-26 23:48:08 +02:00
Dirk Wetter 556d637069 updated 2016-09-26 23:47:39 +02:00
Dirk Wetter 76e9a58223 Delete openssl.Linux.armv7l 2016-09-26 23:31:21 +02:00
Dirk Wetter 9a4211e867 Delete openssl.Darwin.i386 2016-09-26 23:30:55 +02:00
David Cooper 6ded937b14 Merge branch 'master' into remove_sockread 2016-09-26 17:02:53 -04:00
David Cooper ee0279edd7 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-26 17:01:46 -04:00
Dirk Wetter 7e729d26cd Darwin 64bit binary, see https://gist.github.com/jpluimers/9257ba6e27afea1b98376d9d4411c88c 2016-09-26 22:52:26 +02:00
Dirk Wetter 2201c59ba3 FIX #477: check also for ALPN as TLS extension 2016-09-26 21:47:57 +02:00
David Cooper 98663b4c72 Merge branch 'master' into remove_sockread 2016-09-26 09:46:27 -04:00
David Cooper 1c3bf3e592 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-26 09:45:28 -04:00
Dirk Wetter fcdc15b24b no STARTTLS for NPN, preparing #477 2016-09-24 16:59:28 +02:00
Dirk Wetter 0cadeefb05 cleanup #473 2016-09-24 16:07:23 +02:00
Dirk Wetter 679d1b9c1f Merge pull request #473 from nachtgeist/issue-467
Fix handling of empty argument to "-nextprotoneg" parameter
2016-09-24 16:01:47 +02:00
Dirk Wetter f24770f6f4 Merge pull request #478 from wdhongtw/master
Remove duplicated do_rc4 in debug_globals()
2016-09-24 13:13:15 +02:00
Weida Hong 566623c4a9 Remove duplicated do_rc4 in debug_globals() 2016-09-24 15:10:10 +08:00
Daniel Reichelt 4f04820c76 Fix handling of empty argument to "-nextprotoneg" parameter
s_client's manpage states for -nextprotoneg:

"Empty list of protocols is treated specially and will cause the client
to advertise support for the TLS extension but disconnect just after
reciving ServerHello with a list of server supported protocols."

Consequently, the previous workaround of just quoting an empty variable
is insufficient and the "-nextprotoneg" parameter has to be removed
entirely from the command-line in case of an empty argument.

In other locations where "-nextprotoneg" is used
- its argument cannot be empty ($NPN_PROTOs is initialized to a non-
  empty value and set read-only) or
- its argument is intended to be empty (line 3724) or
- the command will not be invoked at all (for-loop parameter, line 3725)

This fixes #467 - again.

Additionally this patch prefers usage of -alpn over -nextprotoneg if the
openssl binary used supports it.
2016-09-22 16:53:54 +02:00
David Cooper b01f9c8132 Merge branch 'master' into remove_sockread 2016-09-21 16:12:39 -04:00
David Cooper 73d535ebb4 Merge branch 'master' into openss2rfc_rfc2openssl
Conflicts:
	testssl.sh
2016-09-21 16:11:55 -04:00
Dirk Wetter ddbf4caa46 FIX #476 2016-09-21 21:59:50 +02:00
Dirk Wetter 802a6da92c - centralized some HAS_* vars from s_client 2016-09-21 21:42:45 +02:00
Dirk Wetter 9afbba1e04 - 3DES removed from \'MEDIUM\'
- preparation to show cipher string in std_cipherlists
- global var for HTTP_STATUS_CODE, allowing a hint for web application wrt to e.g. cookies
2016-09-21 20:32:04 +02:00
David Cooper b7fbd13f1a Merge branch 'master' into remove_sockread 2016-09-14 14:37:14 -04:00
David Cooper 63fec45f3f Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-14 14:36:15 -04:00
Dirk Wetter 05fe064763 Merge pull request #472 from knweiss/referenced_but_not_assigned3
run_rp_banner(), run_application_banner(): Three issues
2016-09-14 16:33:47 +02:00
Karsten Weiss 42e9406ee1 run_rp_banner(): Fix indentation. 2016-09-14 12:24:54 +02:00
Karsten Weiss 6a6d4880d6 run_application_banner(): Fix modified in subshell bug.
Refactor the while loop so it doesn't use a subshell anymore. Also use
"read -r" to prevent backslash escaping.

```
In testssl.sh line 1193:
               app_banners="$app_bannersline"
               ^-- SC2030: Modification of app_banners is local (to subshell caused by pipeline).

In testssl.sh line 1195:
          fileout "app_banner" "WARN" "Application Banners found: $app_banners"
                                                                  ^-- SC2031: app_banners was modified in a subshell. That change might be lost.
```

Found by ShellCheck.
2016-09-14 12:24:44 +02:00
Karsten Weiss beae0ce195 run_{rp,application}_banner(): Fix unassigned variables.
This commit fixes the following two instances of referenced but not assigned
variables:

```
In testssl.sh line 1159:
               rp_banners="$rp_bannersline"
                           ^-- SC2154: rp_bannersline is referenced but not assigned.

In testssl.sh line 1193:
               app_banners="$app_bannersline"
                            ^-- SC2154: app_bannersline is referenced but not assigned.
```

Found by ShellCheck.
2016-09-14 12:24:28 +02:00
Dirk Wetter 10b3e7db55 Merge pull request #471 from nachtgeist/issue-467
quote argument for s_client's -nextprotoneg parameter
2016-09-14 07:24:29 +02:00
Daniel Reichelt 2a926609ca quote argument for s_client's -nextprotoneg parameter
The argument to -nextprotoneg is provided in sometimes empty an unquoted
variables. Because of the missing quotes, the next word on the line "-status"
gets parsed as "-nextprotoneg"'s argument instead of enabling the OCSP status
check.

This fixes #467.
2016-09-13 21:22:35 +02:00
Dirk cca1b49890 - fixing wrong cipher order for URL=ipaddress 2016-09-12 21:54:51 +02:00
Dirk Wetter 4158372ab7 Merge pull request #468 from knweiss/referenced_but_not_assigned
compare_server_name_to_cert(): Fix unassigned vars.
2016-09-12 16:51:34 +02:00
Dirk Wetter 93c240278a Merge pull request #469 from knweiss/referenced_but_not_assigned2
certificate_info(): Fix unassigned variable.
2016-09-12 16:49:33 +02:00
Karsten Weiss b9d9a909b1 certificate_info(): Fix unassigned variable.
Fix referenced but not assigned variable 'sign_algo'.

In testssl.sh line 4309:
               fileout "${json_prefix}algorithm" "DEBUG" "Signature Algorithm: $sign_algo"
                                                                               ^-- SC2154: sign_algo is referenced but not assigned.

Found by ShellCheck.
2016-09-12 16:20:05 +02:00
Karsten Weiss 7dbbe42ea0 compare_server_name_to_cert(): Fix unassigned vars.
Two instances of referenced but not assigned variables ('req' instead of
'ret').

In testssl.sh line 4130:
     if [[ $req -eq 0 ]]; then
           ^-- SC2154: req is referenced but not assigned.

Found by ShellCheck.
2016-09-12 16:12:18 +02:00
Dirk f0132dcb7f stringer usabiliy warning for SHA1 + HTTP 2016-09-07 21:34:27 +02:00
David Cooper 7932d34fda Updates to cipher suite table
Changed `Enc=CHACHA20/POLY1305(256)` to `Enc=ChaCha20(256)` and `Enc=GOST-28178-89-CNT(256)` to `Enc=GOST(256)` in order to shorten the names that are printed, so that they fit in the allocated column.

Added the four experimental post-quantum cipher suites mentioned in #462.
2016-09-06 14:47:20 -04:00
David Cooper 3b3d16849d Merge branch 'master' into remove_sockread
Conflicts:
	testssl.sh
2016-09-06 11:38:54 -04:00
David Cooper 950b39122e Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-06 10:34:53 -04:00
Dirk d1cc7b3755 FIX #426 2016-09-06 08:32:05 +02:00
Dirk c00c98caa2 warning for SHA1 sig algo and web servers 2016-09-05 10:01:46 +02:00
David Cooper 44c37e3177 Merge branch 'master' into remove_sockread 2016-09-02 10:50:28 -04:00
David Cooper f17a09e1d9 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-02 10:47:36 -04:00
Dirk Wetter 228296e175 Merge pull request #290 from andreild/issue-289-domain-resolution-etc-hosts
Fix #289 - the grep that decides whether a domain is a local address …
2016-09-02 15:38:28 +02:00
Dirk Wetter fdcdad3faa Merge pull request #345 from dcooper16/more_sslv2_sslv3_fixes
More SSLv2 (and SSLv3) related fixes
2016-09-02 09:06:52 +02:00
Dirk Wetter caec8029f2 Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI
Fix tls_sockets() when SNI empty
2016-09-02 08:50:35 +02:00
David Cooper a9002ba6e6 Fix tls_sockets() when SNI empty
`socksend_tls_clienthello()` always includes a server name extension in the ClientHello (for TLS 1.0 and above), even if `$SNI` is empty. If `$NODE` is an IP address, then the IP address is placed in the extension, even though RFC 6066 says that only DNS names are supported in the extension.

This PR changes `socksend_tls_clienthello()` so that the server name extension is only included in the ClientHello is `$SNI` is not empty.
2016-09-01 13:22:39 -04:00
Dirk 2313aee22d fix for previously borken HPKP_MIN value 2016-09-01 19:09:12 +02:00