Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,915 Commits 20 Branches 35 Tags
1ccc8bdcb81a1359fa2bcb7e930025dd43e5cb81
Commit Graph

2915 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
1ccc8bdcb8 Merge pull request #1263 from csett86/java 
Add Java 11 and 12 client simulations
 2019-05-06 19:40:33 +02:00
Dirk Wetter
4cae781d98 Merge pull request #1267 from drwetter/hexstream2cipher_fix 
Don't include SSLv2 ciphers in hexstream2cipher.sh
 2019-05-06 19:37:44 +02:00
Dirk
13d3b7329b Don't include SSLv2 ciphers in hexstream2cipher.sh 2019-05-06 19:35:12 +02:00
Christoph Settgast
8c8a626b49 Remove erroneous DES-CBC-MD5 from Java 11 and 12 
DES-CBC-MD5 was included by utils/hexstream2cipher.sh,
heres the relevant snippet, line 160:

148: c025 --> 0xc0,0x25 --> ECDH-ECDSA-AES128-SHA256
152: c029 --> 0xc0,0x29 --> ECDH-RSA-AES128-SHA256
156: 0067 --> 0x00,0x67 --> DHE-RSA-AES128-SHA256
160: 0040 --> 0x00,0x40 --> DHE-DSS-AES128-SHA256 DES-CBC-MD5
164: c009 --> 0xc0,0x09 --> ECDHE-ECDSA-AES128-SHA
168: c013 --> 0xc0,0x13 --> ECDHE-RSA-AES128-SHA
172: 002f --> 0x00,0x2f --> AES128-SHA
176: c004 --> 0xc0,0x04 --> ECDH-ECDSA-AES128-SHA

Unfortunately I don't know how to fix utils/hexstream2cipher.sh,
but I have manually removed the erroneous cipher and space from
the client-sim.
 2019-05-06 18:07:43 +02:00
Dirk Wetter
29a74713ee Merge pull request #1266 from drwetter/more_unittests1 
t/25_baseline_starttls in line with the new scheme now
 2019-05-06 14:08:54 +02:00
Dirk Wetter
33ece6858d In line with the new scheme now 2019-05-06 14:07:08 +02:00
Dirk Wetter
c5d76fec27 Merge pull request #1265 from drwetter/more_unittests1 
Another (minor) step forwad for unit tests
 2019-05-06 11:22:42 +02:00
Dirk Wetter
51e8373efb Update to newest template 
* die statement if testssl.sh cannot be found from the current path
* comment everything out for JSON
* don't repeat the pattern, use a variable
* use "speaking" variable names
 2019-05-06 11:20:28 +02:00
Dirk Wetter
802d0defe7 Better phrased and provide examples 2019-05-06 11:13:37 +02:00
Dirk Wetter
cf7c1ba4ae Merge pull request #1262 from drwetter/more_unittests1 
More unit / integration tests + Fix client simulation with OpenSSL, LDAP
 2019-05-05 18:43:13 +02:00
Dirk Wetter
710017ba57 Merge branch 'more_unittests1' of github.com:drwetter/testssl.sh into more_unittests1 2019-05-05 15:08:18 +02:00
Dirk Wetter
15df3316c1 Formatting fixed 2019-05-05 15:07:55 +02:00
Dirk Wetter
62bd23a632 add headline+note 2019-05-05 13:54:56 +02:00
Dirk Wetter
3785e9d622 Proper formatting 2019-05-05 13:45:23 +02:00
Dirk Wetter
c3ff9e85f9 Rename file according to new scheme 
... Readme.md
 2019-05-05 13:44:02 +02:00
Dirk Wetter
666e897623 renamed 2019-05-05 13:42:48 +02:00
Dirk Wetter
b63c389b54 Renamed 2019-05-05 12:58:49 +02:00
Dirk Wetter
b9aee02978 Split IPv6 + IPv4 
... and disable IPv6 test as it is NOT supported by Travis CI,
see https://docs.travis-ci.com/user/reference/overview/#virtualisation-environment-vs-operating-system

The *.disabled file should provide a start if it'll be available
at some time or one can manage this in travis with a docker container,
see https://github.com/travis-ci/travis-ci/issues/8891
 2019-05-05 12:53:07 +02:00
Dirk Wetter
50a83235fe Renamed + testssl.net (IPv6) 2019-05-05 12:08:13 +02:00
Christoph Settgast
11416790cd Add Java 12 from Ubuntu 19.04 
manually wiresharked, detailed version info:

$ java -version
openjdk version "12.0.1" 2019-04-16
OpenJDK Runtime Environment (build 12.0.1+12-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 12.0.1+12-Ubuntu-1, mixed mode, sharing)
 2019-05-04 22:30:46 +02:00
Christoph Settgast
c4b5f33532 Add Java 11 from Ubuntu 18.04 
manually wiresharked, detailed version info:

$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode)
 2019-05-04 22:20:53 +02:00
Dirk Wetter
df88577ec4 Add basline test for IPv4 and IPv6 
... client simulations come later. One pattern for
failed output added
 2019-05-04 13:51:20 +02:00
Dirk Wetter
19e9137f79 Add --vulnerabilities and LDAP constraints to documentation 2019-05-04 11:57:03 +02:00
Dirk Wetter
9c0a1459c0 Merge pull request #1261 from drwetter/safari-fix 
Fix error + round brackets
 2019-05-04 11:09:10 +02:00
Dirk Wetter
bfd6caa624 Fix error + round brackets 
PR #1260 missed a 'current' line which caused an output problem.

I'd like to add round brackets to the displayed name so that we remember
what comes from wireshark and waht from SSLlabs
 2019-05-04 11:05:57 +02:00
Dirk Wetter
d15fbedaa1 Merge pull request #1260 from csett86/safari121-ios122 
Add Safari 12.1 from iOS 12.2
 2019-05-04 10:53:48 +02:00
Christoph Settgast
67c0dd106e Add Safari 12.1 from iOS 12.2 
Manually Wiresharked
 2019-05-04 00:58:31 +02:00
Dirk Wetter
dc64753085 Add error catcher also for --ssl-native + FTP 2019-05-03 20:46:06 +02:00
Dirk Wetter
de45440279 better use the right protocol when checking ldap 2019-05-03 20:26:59 +02:00
Dirk Wetter
9257654522 fix wrong variable 2019-05-03 20:11:42 +02:00
Dirk Wetter
b60dbc0fa6 Code + Fix 
- Removed doubled declaration (my)
- hopefully fix error in FTPs (should maybe think about changing
  the line in testssl.sh or filter here always)
 2019-05-03 20:08:31 +02:00
Dirk Wetter
72136437bb Proper file naming 2019-05-03 19:32:59 +02:00
Dirk Wetter
1825a8ca33 Fix output for POP (STARTTLS unit test) 2019-05-03 19:32:25 +02:00
Dirk Wetter
2996d24176 Add several unit tests for STARTTLS protocols 
- SMTP via sockets+OpenSSL
- POP3 via sockets+OpenSSL
- IMAP via sockets+OpenSSL
- XMPP via sockets+OpenSSL
- FTP via sockets+OpenSSL
- LDAP via OpenSSL
- NNTPS via sockets+OpenSSL

Open: IRC, LTMP, mysql, postgres

This PR fixes #923. Partly it addresses #1254
 2019-05-03 19:27:31 +02:00
Dirk Wetter
2d719e5ebe Add cmdlines 
* t / --starttls irc/ircs (which will fail later for now)
* --vulnerabilities : not yet the moment for renaming
 2019-05-03 19:25:37 +02:00
Dirk Wetter
bb5450e3f5 Make STARTTLS + LDAP work again (via sockets) 
A couple of checks required sockets but e.g. LDAP via STARTTLS
throwed an error (FIXME: LDAP+STARTTLS over sockets not supported yet)
in fd_sockets().

This adds a temporary workaround so that those functions are bypassed
and LDAP via STARTTLS can be used again.

See also #1258
 2019-05-03 18:55:28 +02:00
Dirk Wetter
bdbc194491 Beautify and simplify the code 2019-05-03 16:38:44 +02:00
Dirk Wetter
c38a1e6896 Major imporvement to unit test for client simulations 
- we don't check the head line only but errors
- don't use "pass" if you didn't run a test
- add simulation for http too
 2019-05-03 16:24:57 +02:00
Dirk Wetter
2176f29104 Fix bug due to different naming scheme for curves 
... which led to a false output in OpenSSL based handshake simulations.

secp256r1 is prime256v1
secp192r1 is prime192v1

Also a few varaiables were added in debug output (environment.txt)
 2019-05-03 16:16:30 +02:00
Dirk Wetter
0c45720f6c Merge pull request #1256 from drwetter/no-ssl3-fix 
Fix typo in handshake simulation with openssl 1.1.x
 2019-05-02 18:10:09 +02:00
Dirk Wetter
79a0345213 Fix typo in handshake simulation with openssl 1.1x 
"protos" contained "-no-ssl3" instead of "-no_ssl3"
which lead to an error message "Oops: openssl s_client connect problem"
-- which wasn't caught by the STARTTLS unit test either :-(
 2019-05-02 09:53:51 +02:00
Dirk Wetter
77c3bca646 Merge pull request #1253 from drwetter/rDNS_chars 
Remove " " ";" in rDnS
 2019-05-01 11:31:27 +02:00
Dirk Wetter
9d84308e3e Remove " " ";" in rDnS 
... as occasionally they showed up when using dig which
made the rDNS output look like it's not supposed to be
 2019-05-01 11:26:39 +02:00
Dirk Wetter
29e69d1156 Merge pull request #1252 from dcooper16/tls13_rating 
Mark only TLSv1.3 final as pr_svrty_best
 2019-05-01 10:42:40 +02:00
David Cooper
b081f5fffc Mark only TLSv1.3 final as pr_svrty_best 
This PR changes run_protocols() so that, when using tls_sockets(), support for TLSv1.3 is only marked as pr_svrty_best() if the final (RFC 8446) version is supported. It also changed run_protocols() so that support for TLSv1.3 is marked as pr_svrty_best() if OpenSSL is used (i.e., if the --ssl-native option is specified).

One potential issue is that the --ssl-native version assumes that if OpenSSL supports TLSv1.3 it supports the final (RFC 8446) version of the protocol. If the tester is using a development version of OpenSSL 1.1.1 rather than the final version, then the protocol test will actually be indicating whether the server supports the same draft version of OpenSSL as the $OPENSSL being used to perform the tests.
 2019-04-29 15:28:46 -04:00
Dirk Wetter
040976ab49 Merge pull request #1247 from drwetter/outfile_man 
Add documentation to  #1245
 2019-04-25 22:43:07 +02:00
Dirk
c9ec73bce8 Add documentation to #1245 
it accepts a directory.

This PR adds documenation for it.
 2019-04-25 22:40:32 +02:00
Dirk Wetter
6bd5897c82 Merge pull request #1245 from dcooper16/outfile_directory 
The -outfile, -oa, -outFile, and -oA options should accept a directory
 2019-04-25 22:29:31 +02:00
Dirk Wetter
682537b9f8 Merge pull request #1244 from dcooper16/fix1243 
Fix #1243
 2019-04-25 22:26:43 +02:00
David Cooper
a1289d1ec3 The -outfile, -oa, -outFile, and -oA options should accept a directory 
Currently the -outfile, -oa, -outFile, and -oA assume that <fname> being provided is to be used as a filename, unless it is "auto." However, all of the individual options (e.g., --logfile) allow for a directory name to be provided instead of a file name.

This PR changes the handling of the -outfile, -oa, -outFile, and -oA options so that if a directory name is provided, the files are created in that directory.
 2019-04-25 14:55:13 -04:00