David Cooper
2b4d10137a
Merge branch 'master' into fix_issue_276
2016-06-17 16:14:24 -04:00
Dirk Wetter
02e9f5cd23
fix colum spacing again for all alg chacha poly ciphers
2016-06-15 21:31:10 +02:00
Dirk Wetter
9b8fc2c6f0
rename old alg chacha/poly ciphers according to SSLlabs ( #379 / https://github.com/PeterMosmans/openssl/issues/43 )
2016-06-15 20:14:08 +02:00
Dirk Wetter
d10dd6d34c
align old chacha/poly ciphers output in OPENSSL name, see #379
2016-06-15 20:12:48 +02:00
David Cooper
5c0368c476
Merge branch 'master' into fix_issue_276
2016-06-13 16:04:10 -04:00
Dirk
1fae394b04
2013 --> OLD for CHACHA/POLY ciphers
2016-06-13 21:38:02 +02:00
David Cooper
5f120f8021
Merge branch 'fix_issue_276' of https://github.com/dcooper16/testssl.sh into fix_issue_276
2016-06-13 14:57:51 -04:00
David Cooper
3420c86e7f
Merge branch 'master' into fix_issue_276
2016-06-13 14:55:55 -04:00
Dirk Wetter
d4454d009b
Merge pull request #383 from dcooper16/printSAN
...
Printing of subjectAltName extension
2016-06-13 19:32:31 +02:00
David Cooper
1d0c8cb3f8
Printing of subjectAltName extension
...
Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
2016-06-13 12:52:19 -04:00
David Cooper
b264714fd9
Add check of IP address
...
compare_server_name_to_cert() now checks the DNS names and IP addresses in the subjectAltName extension for a match.
2016-06-13 11:09:15 -04:00
David Cooper
0a1c4d565c
Merge branch 'master' into fix_issue_276
2016-06-13 10:59:34 -04:00
Dirk Wetter
88fd5c4e19
Merge pull request #381 from PeterMosmans/chachanaming
...
Updated ChaCha20 cipher names
2016-06-13 08:27:28 +02:00
Peter Mosmans
a06c71d915
Updated ChaCha20 cipher names
...
See https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 (the latest version as of this writing is 04).
The previous version received the suffix _2013. See https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
2016-06-13 10:34:04 +10:00
Dirk Wetter
1b7653e438
Update Readme.md
2016-06-11 09:08:51 +02:00
David Cooper
f84ebd99b5
Merge branch 'master' into fix_issue_276
2016-06-10 15:27:46 -04:00
Dirk Wetter
61a049ccf9
Merge pull request #380 from dcooper16/runallciphers128limit
...
run_cipher_per_proto() 128-cipher limit
2016-06-10 20:30:47 +02:00
David Cooper
8c86049848
run_cipher_per_proto() 128-cipher limit
...
Ensure that neither run_allciphers() nor run_cipher_per_proto() sends a ClientHello with 128 or more cipher suites.
2016-06-10 13:45:25 -04:00
David Cooper
189fe662f5
Merge branch 'master' into fix_issue_276
2016-06-09 10:17:49 -04:00
Dirk
adbb1932eb
simplified cipher and protocol retrieval in 'Testing server preferences'
2016-06-09 15:56:53 +02:00
David Cooper
a46b6791db
Merge branch 'master' into fix_issue_276
2016-06-09 09:29:40 -04:00
Dirk
d561687554
initial commit
2016-06-09 15:06:42 +02:00
Dirk
6b07b89946
- added values to curve448 + 25519
2016-06-09 13:18:55 +02:00
Dirk
5ceace33e0
- FIX #189 with a smart check, introduced global var SERVER_SIZE_LIMIT_BUG
...
- introduced "has_server_protocol()" which can be used to check b4 connecting if protocol is a/v
2016-06-09 11:04:40 +02:00
Dirk
94d5a8df80
hint for new (etxernal) binaries
2016-06-09 00:06:11 +02:00
David Cooper
a224bb5068
Merge branch 'master' into fix_issue_276
2016-06-08 13:44:16 -04:00
Dirk Wetter
f754d67e74
Merge pull request #377 from dcooper16/curve25519
...
Adding x25519 and x448 to ClientHello
2016-06-08 17:32:28 +02:00
David Cooper
4750c3f0d5
Adding x25519 and x448 to ClientHello
...
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
2016-06-08 11:25:47 -04:00
David Cooper
eaad4c7dd8
Merge branch 'master' into fix_issue_276
2016-06-08 09:46:25 -04:00
Dirk Wetter
c929fba206
Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions
...
More extensions in socksend_tls_clienthello()
2016-06-08 10:39:17 +02:00
Dirk
022dbc687a
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-06-07 23:07:17 +02:00
Dirk
d858edca1b
- filled PROTOS_OFFERED w sense
...
- minor fixes for fileout
- introduced "fixme()"
2016-06-07 23:06:58 +02:00
Dirk Wetter
1d051a24e0
Merge pull request #374 from dcooper16/CREDITS
...
Update CREDITS.md
2016-06-07 22:40:56 +02:00
David Cooper
fa866f6458
Update CREDITS.md
2016-06-07 14:23:33 -04:00
David Cooper
c13ae4a001
Merge branch 'master' into socksend_tls_clienthello_extensions
2016-06-07 10:35:32 -04:00
David Cooper
a6d59b5380
Merge branch 'master' into fix_issue_276
2016-06-07 10:24:56 -04:00
Dirk
8ed6214b6f
preliminary fix for #189 (SIZELMT_W_ARND=true needed)
2016-06-07 13:02:58 +02:00
Dirk
29072315e5
output correction for IPv6 and --ip=<addr
2016-06-07 09:08:48 +02:00
Dirk
6f4ba5bda7
- corrected handling of shortened warning periods for LE certs (dual certs were wrong)
...
- (kind of) readded cert_key_algo in output
- smaller output fixes e.g. for GOST certificates
2016-06-06 13:42:17 +02:00
Dirk Wetter
4668b9879a
Update Readme.md
2016-06-04 19:17:10 +02:00
Dirk Wetter
efdcd805a9
Update Readme.md
2016-06-04 19:14:38 +02:00
Dirk Wetter
561cfa16fc
- FIX #367
2016-06-02 21:31:24 +02:00
David Cooper
e8cc32af54
Merge branch 'master' into socksend_tls_clienthello_extensions
2016-06-02 09:16:45 -04:00
David Cooper
fc6b5070af
Merge branch 'master' into fix_issue_276
2016-06-02 09:08:24 -04:00
Dirk Wetter
6a9b0e01fc
- polishing #366 and IPv6-related
2016-06-02 09:59:52 +02:00
Dirk Wetter
51f4c9ac9e
Merge pull request #366 from typingArtist/365_fix_ipv6_handling
...
drwetter#365 fix ipv6 handling
2016-06-02 09:27:14 +02:00
David Cooper
6825c0b363
Allow for certificates with no subjectAltName extension
...
While it seems that almost all certificates include a subjectAltName extension, need to allow for the possibility that the two certificates being compared don't have subjectAltName extensions.
2016-06-01 16:20:10 -04:00
David Cooper
3bc0d6b45c
Fix issue #276
...
Here is my proposed change to fix issue #276 .
2016-06-01 15:57:40 -04:00
typingArtist
2c69e83f5b
https://github.com/drwetter/testssl.sh/issues/365 add UNBRACKETED_IPV6 quirks option
...
Since some OpenSSL binaries, namely Gentoo’s, don’t support bracketed
IPv6 addresses but unbracketed ones, specified as the -connect option,
the UNBRACKETED_IPV6 environment variable can be set to true for
disabling the automatic addition of brackets around IPv6 addresses on
such platforms.
2016-05-27 20:11:47 +02:00
typingArtist
cf62353fc6
https://github.com/drwetter/testssl.sh/issues/365 ensure DNS PTR lookups use un-bracketed IPv6 address
...
While standard OpenSSL requires the literal IPv6 address enclosed
in [brackets], standard DNS lookup tools don’t support the additional
characters. Before making reverse PTR lookups, these brackets have to
be removed from the IPv6 addresses.
2016-05-27 19:54:23 +02:00