Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-12-16 20:22:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,263 Commits 18 Branches 35 Tags
28baa6be446c71cd810740ce8b26b597d63906c7
Commit Graph

5263 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
28baa6be44 Merge pull request #2968 from testssl/fix_missing_vulnHeadline 
ROBOT is also a vulnerability
 2025-12-15 13:12:56 +01:00
Dirk Wetter
51a35b0344 ROBOT is also a vulnerability 
We missed somehow to add in the big while loop to add the fact that
ROBOT is a vulnerability which become apparent with #2967.

This PR adds that.
 2025-12-15 11:44:42 +01:00
Dirk Wetter
08398b3ac2 Merge pull request #2967 from testssl/address_2943 
Remove underlined headline for each vulnerability
 2025-12-15 11:07:17 +01:00
Dirk Wetter
26e90d44c3 Remove underlined headline for each vulnerability 
This PR removes this legacy feature. There's a single
headline for vulnerabilties instead.

Fixes #2943.
 2025-12-14 21:24:30 +01:00
Dirk Wetter
3430bd97d2 Merge pull request #2965 from testssl/fix_2944 
Add missing LF after pwnkeys DB check
 2025-12-14 21:03:51 +01:00
Dirk Wetter
eeb8e7dbf1 Add missing LF after pwnkeys DB check 
This fixes #2940 .
 2025-12-14 17:43:44 +01:00
Dirk Wetter
651ddc1876 Merge pull request #2963 from dcooper16/fix2959 
Fix #2959
 2025-12-13 15:37:16 +01:00
David
2b93c9e6bb Fix #2959 
This commit fixes #2959 by modifying TLS12_CIPHER, TLS12_CIPHER_2ND_TRY, and TLS12_CIPHER_3RD_TRY so that they each have 118 ciphers (including "00,ff"). It also modifies run_cipherlists(), run_server_defaults(), and run_beast() so that, when $SERVER_SIZE_LIMIT_BUG is true, no more than 125 ciphers are sent.
 2025-12-11 08:00:32 -08:00
Dirk Wetter
7a0b62e689 Merge pull request #2961 from testssl/fix_2960 
Label missing KEMs as LOW severity
 2025-12-09 12:43:05 +01:00
Dirk Wetter
03f43ecd68 Label missing KEMs as LOW severity 2025-12-09 10:15:50 +01:00
Dirk Wetter
1250d6f853 Merge pull request #2958 from testssl/fix_early_data_empty 
Fix error when early data empty
 2025-11-29 22:38:18 +01:00
Dirk
ece7bce138 Merge branch '3.3dev' into fix_early_data_empty 2025-11-29 20:55:56 +01:00
Dirk Wetter
2b73544efc Merge pull request #2954 from testssl/address_2952 
Address 2952
 2025-11-29 20:53:43 +01:00
Dirk Wetter
8ed4b4218c this may fix it 2025-11-29 18:43:00 +01:00
Dirk Wetter
d92769d15c trying again to make Mac work 2025-11-29 13:45:00 +01:00
Dirk
17896a44a5 move unlink 2025-11-28 17:23:50 +01:00
Dirk
4bc0a5ccba Change back to google.com, avoid 0-RTT for Mac 
... as we can't make it to get proper results unless
on the laptop
 2025-11-28 16:26:25 +01:00
Dirk Wetter
d3c33867d7 Rather try cloudflare... 
instead of google.com. Maybe google's edge server to github has
different configuration and thus has not 0-RTT.

On my Mac it worked fine before.
 2025-11-28 13:28:58 +01:00
Dirk
2b06c97f19 Add 0-RTT, more in line with other files 
... and simplyfied
 2025-11-28 03:20:10 +01:00
Dirk Wetter
d648a0851d Fix error when early data empty 
This PR fixes an error when early data was empty
which caused testssl.sh to exit instead of marking
that there was no file returned.

Also it changes HEAD to GET as the latter is probably
more often supported.

There needs to be a unit test for 0-RTT / early data!
 2025-11-28 01:46:16 +01:00
Dirk
b1d79b6d72 change style to be in line w others 2025-11-28 01:21:19 +01:00
Dirk
3a0a6eaf88 re-add $ 2025-11-27 22:17:54 +01:00
Dirk
7823699982 json and html unit tests more seamless 
- html_file / json_file
- file name comes in command, not earlier
- Both a title
- avoid fixed string for file names over and over
 2025-11-27 20:38:12 +01:00
Dirk
964e8924a4 define file var before using it 2025-11-27 19:45:39 +01:00
Dirk Wetter
a4b6d1fca0 spellcheck 2025-11-27 18:49:12 +01:00
Dirk Wetter
f3ebf0e971 Add autoflush thingy for MAcOS 2025-11-27 18:46:19 +01:00
Dirk Wetter
853da2a9de term pattern seems better than the "colorized list" 2025-11-27 18:39:52 +01:00
Dirk Wetter
3591f70a17 reorder lines 2025-11-27 18:31:43 +01:00
Dirk Wetter
8103a0e24d Make this work undeer MacOS 
- URI is now example.com bc Akamai doesn't block too many checks
  (MacOS runner was delayed and often hiccuped here)
- failed to flush message --prevention
- term pattern seems better than the "colorized list"
 2025-11-27 18:24:15 +01:00
Dirk Wetter
7e97fef030 remove LFs and comment 2025-11-27 18:22:48 +01:00
Dirk Wetter
fc499cb67f Akamai keeps connection open (opossum check problem) 2025-11-27 18:21:26 +01:00
Dirk Wetter
0ef742a17a Just add comments, reorder lines 2025-11-27 17:44:31 +01:00
Dirk Wetter
4582bd8d73 Merge branch '3.3dev' into address_2952 2025-11-27 16:37:16 +01:00
Dirk Wetter
86700dbd7a Merge pull request #2957 from testssl/flush 
Try to remove the "failed to flush stdout" messages
 2025-11-27 16:34:40 +01:00
Dirk Wetter
de6e92826a Add stdout flush 2025-11-27 14:23:27 +01:00
Dirk Wetter
5111804b75 Try to remove the "failed to flush stdout" messages 2025-11-25 00:23:13 +01:00
Dirk Wetter
e8098fc1d2 fix remainder from old os definition 2025-11-24 12:03:03 +01:00
Dirk Wetter
dd696bb871 Merge pull request #2955 from testssl/shellcheck_path_improvement 
No shellcheck in ./t/
 2025-11-24 11:20:18 +01:00
Dirk Wetter
92e0195118 No shellcheck in ./t/ 2025-11-24 11:19:13 +01:00
Dirk Wetter
d359e1108d proper definition of os variable 2025-11-24 11:07:16 +01:00
Dirk Wetter
7ba99cd1e9 For MacOS we rather use homebrew's OpenSSL 2025-11-24 11:04:59 +01:00
Dirk Wetter
7b2804df41 remove STARTTLS 2025-11-24 10:48:41 +01:00
Dirk Wetter
4ad81cea9b Merge pull request #2953 from testssl/dependabot/github_actions/actions/checkout-6 
Bump actions/checkout from 5 to 6
 2025-11-21 15:12:34 +01:00
Dirk Wetter
7423aa8add Merge pull request #2951 from testssl/fixAndImprove_opossum_check_2950 
Fix and improve Opossum check
 2025-11-21 15:11:07 +01:00
dependabot[bot]
ba4855026f Bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-21 00:02:35 +00:00
Dirk
76824b5762 Fix and improve Opossum 
Under some circumstances the opossum vulnerability check got stuck
because the cat commdn was waiting for reading from the descriptor.
In some case like #2950 this happened when the HTTP head command
was incorrectly send in the first place.

This PR makes sure that the HTTP head is correct and it replaces
cat by read in a loop so that the HTTP response is read without
being blocked.

Also for http_head_printf() the argumensats passed were cleaned up.
 2025-11-19 20:55:20 +01:00
Dirk Wetter
718c6fe4ed Merge pull request #2947 from 24icewolf42/fix-mtls-client-pem-check 
Add support for EC private key in mTLS check
 2025-11-17 11:19:09 +01:00
Andreas Landgraf
91caad69c5 Improve regex for private key check in mTLS 2025-11-17 08:26:15 +01:00
Dirk Wetter
1394cc8d7d Merge pull request #2949 from testssl/shellcheck_ignore_files 
Ignore files types for shellcheck
 2025-11-15 14:43:59 +01:00
Dirk Wetter
fd97a75241 Add comments for paths_ignore 2025-11-15 14:05:08 +01:00