Dirk Wetter
22d8cd3adf
Go client (1.17)
2022-05-06 10:06:03 +02:00
Dirk Wetter
cf79a19598
Add Android 11+12
2022-05-04 19:12:03 +02:00
Dirk Wetter
28e9ddeebd
Teating of FFDHE groups
...
* readded to the markdown
* readded to the clientsimulations for Java 12
2022-05-04 18:29:29 +02:00
Dirk Wetter
415043865a
Add Java 17 LTS
...
plus
* amend documentation
* remove TLS 1.3 ciphers in ch_ciphers for consistency reasons
2022-05-04 15:46:36 +02:00
Dirk Wetter
d84492a75e
Update openssl 3.0.3
2022-05-04 14:32:04 +02:00
Dirk Wetter
03803cf0c9
Add Safari for macOS
2022-05-03 22:11:31 +02:00
Christoph Settgast
82e939f2bd
Add wiresharked Android 7.0 (native)
...
After being bitten by https://stackoverflow.com/questions/39133437/sslhandshakeexception-handshake-failed-on-android-n-7-0
I add a wiresharked Android 7.0 to reflect that bug in Android 7.0.
2020-06-23 15:26:31 +02:00
David Cooper
46c05c6732
Fix client simulation
...
replace ciphers with ch_ciphers and sni with ch_sni in client simulation data file.
2020-01-31 10:52:50 -05:00
Dirk Wetter
eeb1acd749
Android 9 still has 2 signature hash algos: x0201 + x0203
2020-01-22 11:41:42 +01:00
Dirk Wetter
7c66ed47c0
All self retrieved Android handshakes modified to service ANY
2020-01-22 10:58:00 +01:00
Dirk Wetter
a50a660d6c
Add Android 10 client simulation
2020-01-22 10:54:50 +01:00
Dirk Wetter
86afeabf8f
Merge pull request #1438 from drwetter/update_clienthandshakes
...
Update clienthandshakes
2020-01-16 22:26:21 +01:00
Dirk Wetter
13aa6aa433
Readd TLS 1.0 and TLS 1.1 to openssl 1.1.1d (Debian)
...
... see previous commit
2020-01-14 18:17:44 +01:00
Dirk Wetter
09eda2aa97
Update openssl handshakes
...
to 1.1.0l and 1.1.1d. Seems that for the latter TLS 1.0 and 1.1
are disabled now, looking at the supported version extension.
However on the command line an s_client connect works. So
this commit need to be amended.
2020-01-14 18:02:43 +01:00
Dirk Wetter
56e6fa4bb7
Remove FTP as a "service" from Firefox' client simulation
...
... as firefox never supported FTP over TLS or SSL, see
https://bugzilla.mozilla.org/show_bug.cgi?id=85464
In general browsers tend to remove noaways cleartext FTP from
browsers.
2020-01-13 23:11:59 +01:00
Dirk Wetter
8cc3a5f514
Add firefox 71
...
... and
* deprecate openssl 1.0.1
* enable Chrome 74 instead of Chrome 65
2020-01-13 22:57:10 +01:00
David Cooper
420fa73f5a
Fix Safari 13.0 Client Simulation
...
The ciphersuites string for Safari 13.0 ends with a colon (':'). which causes OpenSSL to reject the command line when client simulation testing is performed in --ssl-native mode. This PR fixes the problem by removing the trailing colon.
2020-01-13 10:31:20 -05:00
Dirk Wetter
88ec92d622
Add recent Chrome and Opera handshakes
...
Chrome 78 and 79, Opera 65 and 66
Remove FTP from Chrome
2020-01-13 16:02:39 +01:00
Dirk Wetter
cf8cb541d5
Update Thunderbird simulation to v68.3
2020-01-13 11:35:58 +01:00
Christoph Settgast
23b845c11b
Update Safari to 13.0 and macOS to 10.14
...
manually wiresharked, now with TLS1.3 for macOS as well.
2019-10-16 20:36:08 +02:00
Dirk Wetter
7238a0167a
Change the platform for Java from Ubuntu to OpenJDK
2019-05-07 19:39:20 +02:00
Christoph Settgast
a17f45b563
Add Safari 12.1 on macOS 10.13.6
...
manually wiresharked
2019-05-06 21:19:46 +02:00
Christoph Settgast
8c8a626b49
Remove erroneous DES-CBC-MD5 from Java 11 and 12
...
DES-CBC-MD5 was included by utils/hexstream2cipher.sh,
heres the relevant snippet, line 160:
148: c025 --> 0xc0,0x25 --> ECDH-ECDSA-AES128-SHA256
152: c029 --> 0xc0,0x29 --> ECDH-RSA-AES128-SHA256
156: 0067 --> 0x00,0x67 --> DHE-RSA-AES128-SHA256
160: 0040 --> 0x00,0x40 --> DHE-DSS-AES128-SHA256 DES-CBC-MD5
164: c009 --> 0xc0,0x09 --> ECDHE-ECDSA-AES128-SHA
168: c013 --> 0xc0,0x13 --> ECDHE-RSA-AES128-SHA
172: 002f --> 0x00,0x2f --> AES128-SHA
176: c004 --> 0xc0,0x04 --> ECDH-ECDSA-AES128-SHA
Unfortunately I don't know how to fix utils/hexstream2cipher.sh,
but I have manually removed the erroneous cipher and space from
the client-sim.
2019-05-06 18:07:43 +02:00
Christoph Settgast
11416790cd
Add Java 12 from Ubuntu 19.04
...
manually wiresharked, detailed version info:
$ java -version
openjdk version "12.0.1" 2019-04-16
OpenJDK Runtime Environment (build 12.0.1+12-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 12.0.1+12-Ubuntu-1, mixed mode, sharing)
2019-05-04 22:30:46 +02:00
Christoph Settgast
c4b5f33532
Add Java 11 from Ubuntu 18.04
...
manually wiresharked, detailed version info:
$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode)
2019-05-04 22:20:53 +02:00
Dirk Wetter
bfd6caa624
Fix error + round brackets
...
PR #1260 missed a 'current' line which caused an output problem.
I'd like to add round brackets to the displayed name so that we remember
what comes from wireshark and waht from SSLlabs
2019-05-04 11:05:57 +02:00
Christoph Settgast
67c0dd106e
Add Safari 12.1 from iOS 12.2
...
Manually Wiresharked
2019-05-04 00:58:31 +02:00
Dirk Wetter
79a0345213
Fix typo in handshake simulation with openssl 1.1x
...
"protos" contained "-no-ssl3" instead of "-no_ssl3"
which lead to an error message "Oops: openssl s_client connect problem"
-- which wasn't caught by the STARTTLS unit test either :-(
2019-05-02 09:53:51 +02:00
Dirk
955265afa0
Update to chrome 74
2019-04-25 09:17:23 +02:00
Dirk Wetter
64c2bcc949
Add Thunderbird 60.6.1 to client simulation
2019-04-23 13:37:50 +02:00
Dirk Wetter
3f99c2d2c8
Add Opera 60 + Chrome 73
...
Chrome 74 update pending
2019-04-23 11:33:47 +02:00
Dirk Wetter
d2f5c2633c
Add a few MS client hellos
...
* Edge 17 Win 10
* Firefox 66 Win 10
Disable 'Edge 13 Win Phone 10' per default and 'Firefox 62 Win 7'.
2019-04-23 10:32:17 +02:00
Dirk
c183c213e5
Add client simulations
...
.. for Android 8.1 and Firefox 66.
Add ciphersuites to the existing handshakes and update
the documentation accordingly.
2019-04-20 20:21:25 +02:00
Dirk
5f047db92f
Add client simlation data and provide howto
...
While we are thankful that Ivan Ristic permitted to use the client
data from SSLlabs, it became of bit outdated now (see #1158 ). Also
as sslhaf [1] was used, the data comes from HTTP traffic only.
This is a start to address it. It provides data from Android 9
(connecting to the play store, so that it is sure we don't capture
a ClientHello from an application having an own TLS stack.
Also it provides documentation how to grab data yourself, and
provide it back to testssl.sh.
Aim is at least for testssl.sh 3.0 to add Android 8 and OpenSSL 1.1.1 (@drwetter).
My hope others can assist with Safari on OSX 11 and 12. Java 10 and 11,
and a recent Opera and Edge version. (Firefox and Chrome are out of
date too)
Mail clients to follow later.
[1] https://github.com/ssllabs/sslhaf
2019-04-18 10:06:01 +02:00