35743166cd
Clarify what Android handshake (best) is
2025-05-08 17:21:19 +02:00
55980c59c3
Add Android 15 handshake
2025-05-08 17:20:15 +02:00
d1440d646d
For better autoselction w mouse move comma
2025-04-17 18:50:48 +02:00
668b98c9ce
remove DST Root CA X3.txt
2025-04-17 18:41:44 +02:00
3dad99a93a
Update Java, Apple and MS store
...
- Java is from JDK 21
- Apple and MS from this week
2025-04-17 18:39:02 +02:00
41c3110c0e
Update Linux and Mozilla CA store
...
- Linux: Debian 12
- Mozilla from 2025-02-25
2025-04-17 18:03:50 +02:00
128d8b5997
Merge pull request #2731 from testssl/new_Handshakes
...
Update handshakes
2025-04-17 16:13:31 +02:00
81e4856b79
fix typo
2025-04-16 21:35:27 +02:00
4a2228f401
Updating Android handshakes
...
- Android 13 and 14 were added. They are the same, see ja3 + ja4 value
- as it turned out Android 11 and 12 have also the same ja3 + ja4 values (retrieved from old pcap files)
- so both will be labeled 11/12 an 13/14
- old pcaps from Android 11/12 showed no ALPN --> corrected
2025-04-16 21:28:08 +02:00
d1531cdf60
Support decrypting TLS 1.3 handshakes with PQ key exchange
...
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
2025-04-10 14:05:30 -07:00
5d9d5276e3
Firefox 137 (Win 11)
2025-04-09 20:28:31 +02:00
51fce5feb1
fix ja3/4 for Edge 133 Win 11 23H2
2025-04-09 20:18:24 +02:00
b18dd2aa28
Edge 133 Win 11 23H2
2025-04-09 20:14:42 +02:00
647aeae205
Update docu and (futile) perl script
2025-04-09 20:00:47 +02:00
f337f53e49
Reorder Java 8
2025-04-09 19:40:12 +02:00
85232b7bc5
Chromium 137 Win 11
2025-04-09 19:31:35 +02:00
84e77d2bb0
Java 21
2025-04-09 17:07:19 +02:00
31e2f43eec
LibreSSL update 3.3.6 (MacOS)
...
.. renaming that to macOS instead "Apple".
2025-04-09 16:51:26 +02:00
4f696f94df
Add openssl 3.0.15 (from Debian)
...
... and set OpenSSL 3.0.3 (git) as not to list
2025-04-09 16:39:05 +02:00
e4cdca9e63
Add Safari 18.4 @ MacOS 15.4
2025-04-09 15:53:11 +02:00
d601f33a37
Merge branch '3.2' into new_Handshakes
2025-04-09 10:59:40 +02:00
3a8038636d
OpenSSL 3.5.0 client simulation
...
Add OpenSSL 3.5.0 to etc/client-simulation.txt.
2025-04-08 15:26:41 -07:00
0d7c33ab7f
deprecate more
...
- Safari 12.1 (iOS 12.2)
- Firefox 66 (Win 8.1/10)
2025-04-08 16:14:37 +02:00
887653a033
Deprecate a few entries ...
...
- Android 5+6
- Chrome 79 Win 10
- IE 6 XP
- IE 8 XP
- Safari 13.0 (macOS 10.14.6)
- OpenSSL 1.1.0l (Debian)
... before new ones are added
2025-04-08 16:06:55 +02:00
7939144af1
Swap Android 6 for Android 5
...
... as it seems to habe more market share
2025-04-08 15:49:44 +02:00
58ddfd8a24
Add hint for JA3/4
...
+ minor corrections
2025-04-07 19:38:05 +02:00
45be26db7c
Add Java 8u442 handshake
...
Also the ja3 and ja4 values were added as retrieved from wireshark.
See also #2430 .
2025-04-07 19:36:34 +02:00
683f028164
Support draft-connolly-tls-mlkem-key-agreement
...
This commit adds support for the three code points in draft-connolly-tls-mlkem-key-agreement.
2025-03-06 11:42:00 -08:00
42f20b59b1
fix missing semicolon in docs
2025-01-30 10:23:12 +01:00
0042b6313e
s/drwetter/testssl
...
For the remaining occurences. Except dockerhub which needs to be solved.
2025-01-24 11:15:55 +01:00
11d7979f41
Support draft-kwiatkowski-tls-ecdhe-mlkem and draft-tls-westerbaan-xyber768d00
...
This commit adds support for the three code points in draft-kwiatkowski-tls-ecdhe-mlkem and the code point 0x6399 from draft-tls-westerbaan-xyber768d00. The group 0x6399 uses a pre-standard version of Kyber and is considered obsolete.
2025-01-21 09:00:21 -08:00
e17b1c17bb
Support RFC 9150 cipher suites
...
This commit adds support for the two cipher suites in RFC 9150, TLS_SHA256_SHA256 and TLS_SHA384_SHA384. These are authentication and integrity-only cipher suites.
2024-10-28 15:07:22 -07:00
76902af3b8
update hashes
2024-07-23 11:35:49 +02:00
69c1a2fcb8
need to update hashes needs to be earlier
2024-07-23 11:35:16 +02:00
778aab0241
dos2unix
2024-07-23 11:34:38 +02:00
95ed863ac0
update MS CA root store
2024-07-23 10:42:14 +02:00
472eff85b1
Update Apple CA store
...
...and modify readme to reflect that the certificates are better to retrieve from GH
2024-07-22 17:08:18 +02:00
3a9c0aa8ed
Update Truststores
...
- Mozilla: 2024-7-02
- Debian 12, ca-certificates from 20230311
- JDK 21.04
See also #2525
ToDo:
- Apple (https://opensource.apple.com/source/security_certificates/ doesnt exist anymore), github?
- MS
- Check old LE CA
- update hashes
- update Readme
2024-07-22 16:38:45 +02:00
23c2b24c3d
MUST update hashes
2023-12-24 14:00:34 +01:00
db175a8d51
Update of certificate stores
...
Mozilla: 2023-08-22
Debian 10
JDK 22
Windows 10 22H2, Patched until 2023-10
Apple: 2023-10
2023-10-09 22:08:48 +02:00
d0e1c4a8e7
Fix line endings in etc/curves-mapping.txt
...
The file etc/curves-mapping.txt currently has CRLF line endings and this seems to cause problems with git since .gitattributes now specifies LF line endings for .txt files. This commit changes the line endings for the file in order to (hopefully) prevent problems with git.
2023-07-03 08:50:23 -07:00
5002dd23b1
Add support for brainpool curves with TLS 1.3
...
This commit adds support for the curves brainpoolP256r1tls13, brainpoolP384r1tls13, and brainpoolP512r1tls13.
2023-03-28 08:53:20 -07:00
aac696b0a0
Updated root CA stores
2023-03-17 18:06:57 +01:00
6106887fdd
Update DST CA
2023-03-17 18:06:03 +01:00
419aae3c98
updates docu to reflekt actual status
2023-03-17 18:05:24 +01:00
12654b904b
Update README.md
2022-07-02 22:12:56 +02:00
e217af0324
Remove the expired DST Root CA X3 cert from ...
...
Apple / Linux / Microsoft stores
2022-07-02 16:02:30 +02:00
d79504ea8a
Reference to remove DST Root CA
2022-07-02 16:00:16 +02:00
9f4a3b359c
add new stores
2022-07-02 15:59:00 +02:00
fb2b4935ac
Java.pem from Oracle jdk-17.0.3.1
2022-07-01 22:01:36 +02:00
