David Cooper
2a2f2b2c3b
Merge branch '2.9dev' into rename_ephemeral_DH_ciphers
2017-01-30 09:01:40 -05:00
Dirk
a7dff83160
$NODE is fine, removing $MX_HOSTNAME, #603
2017-01-29 10:46:35 +01:00
Dirk Wetter
1e16ac8ad6
Merge pull request #603 from AlGreed/2.9dev
...
Better output for --MX in JSON-PRETTY
2017-01-29 10:40:23 +01:00
AlGreed
f07c723d59
added mx hostname for json-pretty output
2017-01-28 18:11:39 +01:00
AlGreed
80314f0602
Merge branch 'drwetter/2.9dev' into 2.9dev
2017-01-28 15:12:23 +01:00
Dirk Wetter
2ea3789b91
Merge pull request #602 from AlGreed/2.9dev
...
Support of multiple servers for JSON-PRETTY
2017-01-28 10:27:45 +01:00
AlGreed
fcd208b2c9
...
2017-01-28 08:09:02 +01:00
AlGreed
04c653646e
...
2017-01-28 07:54:58 +01:00
AlGreed
29d6cbc125
Added support of multiple servers to json-pretty format; added fileout for smtp
2017-01-28 07:17:58 +01:00
AlGreed
ae6462fe65
Merge branch 'drwetter/2.9dev' into 2.9dev
2017-01-28 00:13:22 +01:00
David Cooper
d47601f413
Print unsupported ciphers in light grey
...
This PR changes testssl.sh so that when ciphers are being listed in wide mode (i.e., using `neat_list()`) and the `--show-each` option is set, ciphers that are not available are printed in light grey, whereas ciphers that are available continue to be printed in black. This makes it easier to distinguish between ciphers that are available and those that are not (the "available/"not a/v" column remains).
This PR does not change the way that ciphers that are available are printed, but it includes a hook that would allow that to change. For example, for ciphers that are available, the name of the cipher suite could be printed in a different color depending on its quality (as is done for the "Negotiated cipher" in `run_server_preference()`). The same could be done for the "Encryption" and "Bits" columns.
2017-01-25 10:41:36 -05:00
David Cooper
324fb059b3
Merge branch '2.9dev' into rename_ephemeral_DH_ciphers
2017-01-25 09:11:55 -05:00
Dirk Wetter
0bb792225e
Merge pull request #599 from dcooper16/fix_tls_sockets_typo
...
Fix typo in tls_sockets()
2017-01-25 15:00:33 +01:00
David Cooper
1ee75689e0
Fix typo in tls_sockets()
...
This PR just fixes a minor bug in `tls_sockets()`, changing
```
debugme "stuck on sending: $ret"
```
to
```
debugme echo "stuck on sending: $ret"
```
2017-01-25 08:57:20 -05:00
David Cooper
597e87f330
Merge branch '2.9dev' into rename_ephemeral_DH_ciphers
2017-01-24 16:09:19 -05:00
Dirk Wetter
bc31639179
Merge pull request #545 from dcooper16/cipher_order_sockets
...
Use sockets to determine cipher order
2017-01-24 20:26:05 +01:00
David Cooper
c09a77006e
Rename cipher lists for run_logjam()
...
This PR renames the cipher lists for `run_logjam()` in generate_static_cipher_lists.sh to align with their names in testssl.sh, as requested in #590 .
I think these names are still open for misinterpretation, however, since its not clear whether "dh_cipher" refers to ciphers that use static DH keys, ephemeral DH keys, or both.
2017-01-24 10:49:59 -05:00
David Cooper
db4108cec5
Merge branch '2.9dev' into cipher_order_sockets
2017-01-24 08:46:40 -05:00
Dirk
2a5d56a9d6
help aviod misunderstanding, see #594 and some reordering
2017-01-24 08:37:19 +01:00
David Cooper
156787adec
Merge branch '2.9dev' into cipher_order_sockets
2017-01-23 11:22:42 -05:00
Dirk
4911aaf05b
Fix #593
2017-01-23 11:33:18 +01:00
Dirk Wetter
8988411fbc
Merge pull request #565 from dcooper16/run_server_preference_sockets
...
Use sockets in run_server_preference()
2017-01-21 19:55:37 +01:00
Dirk
f80e1ecfdb
- enable CAA per default ( #588 )
...
- hex2ascii() for converting strings
- swap quoted output in -S to italic (mostly)
2017-01-21 19:43:07 +01:00
Dirk
f2303a0d79
- poodle output polishing
...
- minor polish of #552
2017-01-21 18:08:31 +01:00
Dirk Wetter
d448ebbc77
Merge pull request #552 from dcooper16/run_beast_sockets
...
run_beast() speedup + sockets
2017-01-21 18:01:55 +01:00
Dirk
2b440f15ea
- polishing #570
...
- run_logjam() terminates if no local DH export ciphers are configured
2017-01-21 16:52:02 +01:00
Dirk Wetter
20cc3bc435
Merge pull request #570 from dcooper16/run_ssl_poodle_sockets
...
Use sockets for run_ssl_poodle()
2017-01-21 14:37:36 +01:00
Dirk
f3666a13c5
- add crypotsense prefined DH groups
...
- final FIX #589
2017-01-20 18:14:48 +01:00
Dirk
e083fab130
- run_logjam(): run_logjam(0 fixed error where logjam couldn't parse "ServerKeyExchange" message using SSL_NATIVE -- if TLS != 1.2 was returned
...
- run_logjam(): determine dh bit size and based on this mark the common primes as more or less vulnerable
- run_logjam(): renamed remaining dhe variable to dh
- further house keeping in run_logjam()
2017-01-19 14:45:19 +01:00
Dirk Wetter
9c3ab427b6
Merge pull request #590 from dcooper16/dhe_cipher_list
...
Generate list of all DHE ciphers
2017-01-18 22:08:43 +01:00
Dirk
e3d183e909
-output correction run_logjam
...
- rename dhe to dh
2017-01-18 22:05:27 +01:00
David Cooper
dcd37729f4
Generate list of all DHE ciphers
...
This PR adds a function that generates a list of all DHE ciphers for `run_logjam()`.
2017-01-18 15:16:13 -05:00
David Cooper
211ce0b3fd
Merge branch '2.9dev' into run_ssl_poodle_sockets
2017-01-18 15:00:32 -05:00
David Cooper
0cdbe95302
Merge branch '2.9dev' into run_beast_sockets
2017-01-18 14:59:53 -05:00
David Cooper
a016b946fd
Merge branch '2.9dev' into run_server_preference_sockets
2017-01-18 14:59:07 -05:00
David Cooper
86ac32cd0d
Merge branch '2.9dev' into cipher_order_sockets
2017-01-18 14:57:59 -05:00
Dirk
05d27ff1be
- FIX for the last mess submitted ;-)
2017-01-18 18:09:39 +01:00
Dirk
61b16a078a
- file etc/common-primes was not edited correctly!
2017-01-18 16:38:09 +01:00
Dirk
8bf7b6b31b
forgot to save work, followup to 4433345b16
, #120 , #589
2017-01-18 16:23:18 +01:00
Dirk
4433345b16
- first implementation (draft) of LOGJAM common primes, see #589 , #120
...
- output polishing of run_drown()
- polishing of run_logjam()
- decrease severity to high for LOGJAM, see CVE rating
2017-01-18 15:53:01 +01:00
Dirk
b1c80512e6
first bunch of common primes, see #589 + #576 + #120 . License of nmap is also GPLv2: no conflicts
2017-01-18 12:44:15 +01:00
David Cooper
643b80c541
Merge branch '2.9dev' into run_ssl_poodle_sockets
2017-01-17 09:07:21 -05:00
David Cooper
149c822f38
Merge branch '2.9dev' into run_beast_sockets
2017-01-17 09:05:52 -05:00
David Cooper
b8953fa31f
Merge branch '2.9dev' into run_server_preference_sockets
2017-01-17 09:04:40 -05:00
David Cooper
76f1cb18d0
Merge branch '2.9dev' into cipher_order_sockets
2017-01-17 09:03:13 -05:00
Dirk
e9916dd1f4
- FIX #566
...
- reorder get_<DNS>_record() for better overview
- move CMDLINE__IP away from main into determine_ip_addresses() where it belongs to
2017-01-17 13:57:14 +01:00
Dirk
e7a35934ae
add lf before -E
2017-01-17 12:00:18 +01:00
Dirk Wetter
5ea5ae5a53
Merge pull request #571 from dcooper16/run_freak_sockets
...
Use sockets for run_freak()
2017-01-17 11:41:50 +01:00
Dirk
a3a30c7fa5
- CAA RR (expertimental)
...
- replace some sed+grep by awk in get_mx_record()
2017-01-17 11:19:57 +01:00
Dirk
cdbdc51f5d
fix #587
2017-01-16 14:06:32 +01:00