testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00

Author	SHA1	Message	Date
Emmanuel Fusté	2bdbdec5d9	Do not wait on pid you are not a parent. The zombi fix did too much modifications breaking the global time-out function. As the wait $pid failed, we no longer create the watchdog file. Fix by reverting unnecessary changes.	2024-03-01 17:40:43 +01:00
Dirk Wetter	a2fdfb011e	Merge pull request #2474 from drwetter/mtls_beta Polish PR2461 (mTLS) + label as beta	2024-02-28 10:22:11 +01:00
Dirk	55ae9bf248	Polish PR2461 (mTLS) + label as beta also revert #1383	2024-02-27 15:59:16 +01:00
Dirk Wetter	94ef475255	Merge pull request #2461 from akabe1/3.2 Add mTLS new feature to support scans with client authentication	2024-02-27 15:47:03 +01:00
Dirk Wetter	f84e8c05f5	Merge pull request #2470 from Tazmaniac/renego_timing_fix Correct client_renego timing bug.	2024-02-21 17:17:51 +01:00
Dirk Wetter	32a279730f	Merge pull request #2472 from Tazmaniac/zombies-fix-3.2 Fix subshell killing to avoid zombies	2024-02-20 10:03:19 +01:00
Emmanuel Fusté	af20952b86	Fix subshell killing to avoid zombies Learned from the rest of the code ...	2024-02-19 16:19:23 +01:00
Dirk Wetter	19607d7c2c	Merge pull request #2467 from Tazmaniac/mongodb-detection-fix MongoDB identification fix	2024-02-13 17:15:01 +01:00
Emmanuel Fusté	6277613906	Usual spell fixes.	2024-02-13 15:41:35 +01:00
Emmanuel Fusté	4066766de5	MongoDB identification fix The actual code grep for "MongoDB" keyword in the head of the HTTP session. In case of "compressed" HTML, a big page is on one line. On a IT page, we could encounter the "MongoDB" keyword and miss-identify the application protocol. Fixed by matching on a longuer string taken from a live MogoDB server.	2024-02-13 15:00:19 +01:00
Emmanuel Fusté	faae91edbc	Correct client_renego timing bug. OpenSSL will buffer only the first command till the establishment of the session. In case of slow session establishment, we could: * loose some renego trys missing proper mitigation implementation * loose some renego trys missing a real vulnerable host if 2/3 of the tries are lost during session establishment (very slow startup). Wait for the session to be fully establised before starting the renego loop.	2024-02-13 14:40:53 +01:00
Dirk Wetter	62b5859d52	Merge pull request #2465 from Odinmylord/3.2 Add SNI to ticketbleed check	2024-02-09 09:56:58 +01:00
Odinmylord	eb661dadb8	Add SNI to ticketbleed check	2024-02-08 15:01:12 +01:00
Dirk Wetter	c30e541658	Merge pull request #2463 from janbrasna/fix-docker-md-quotes Fix Dockerfile.md formatting	2024-02-02 20:25:46 +01:00
Jan Brasna	1db2df333f	Fix Dockerfile.md formatting	2024-02-02 19:33:08 +01:00
Dirk Wetter	7ec7f8cf32	Merge pull request #2460 from Tazmaniac/client-renego-regression Fixed regression in printing results	2024-01-22 09:51:11 +01:00
Maurizio S	51ab05e651	Update testssl.1.html	2024-01-20 11:49:56 +01:00
Maurizio S	55ef4c09fe	Update testssl.1.md	2024-01-20 11:49:50 +01:00
Maurizio S	83fb9b5b3a	Update CHANGELOG.md	2024-01-20 11:49:41 +01:00
Maurizio S	bdab5f665c	Update CREDITS.md	2024-01-20 11:49:32 +01:00
Maurizio S	ec4ceb2c20	Add mTLS feature Added new feature to support mutual TLS via client certificate and private key, when a remote server requires client authentication.	2024-01-20 11:49:05 +01:00
Emmanuel Fusté	4cc02a63ef	One more spell fix...	2024-01-19 17:09:44 +01:00
Emmanuel Fusté	02a3c2cc14	Fixed regression in printing results And improve it with the effective number of renego before disconnection as it is now tracked.	2024-01-19 16:22:50 +01:00
Dirk Wetter	ad04a90b2a	Merge pull request #2459 from Tazmaniac/client-renego-fix Secure Client-Initiated Renegotiation : fixes/enhancements	2024-01-18 18:37:58 +01:00
Emmanuel Fusté	67c362c89a	One more spell fix	2024-01-15 10:07:09 +01:00
Emmanuel Fusté	de364b0c84	Introduce SSL_REGEG_WAIT and reduce wait to 0.25s Reduce wait between reneg test to 0.25s. Still robust and accelerates the test as now we do up to 10 renego tests. With the global loop timeout, the backoff identification seem unneeded. But if we switch to 0.25s, we no longuer trigger the global timeout so it is still valuable. Adjust write out messages as bash do not support floating point number arithmetic.	2024-01-12 11:30:35 +01:00
Emmanuel Fusté	9b79e3917a	Bump SSL_RENEG_ATTEMPTS=10 for Stormshield Stormshield allows 9x and then blocks. So then 10x should be tested. Example: https://ems.ocapiat.fr	2024-01-11 18:34:47 +01:00
Emmanuel Fusté	b793f54c3e	Add timeout for the client initiated renego loop Some site hang/block the connection after some renego reties Example: https://feedback.amadeus.com Hand written timeout logic because: - we want to get the result of the command in case of normal exit - we want to have working log fd redirection - we want to known the timeout condition	2024-01-11 18:30:44 +01:00
Dirk Wetter	b6fdfb1986	Merge pull request #2458 from drwetter/drwetter-patch-1 Create pull_request_template.md	2024-01-10 19:28:22 +01:00
Dirk Wetter	6e84f5f139	Fill pull_request_template.md	2024-01-10 19:27:24 +01:00
Dirk Wetter	9a494b135c	Create pull_request_template.md	2024-01-10 19:03:23 +01:00
Emmanuel Fusté	d30d8e09f2	tab/space corrections and "grep -ac" in place of "grep -a \| wc -l"	2024-01-10 18:31:41 +01:00
Dirk Wetter	7c0c06641c	Merge pull request #2437 from drwetter/disclaimer Disclaimer	2024-01-10 12:22:34 +01:00
Dirk Wetter	810e870d16	Merge pull request #2454 from Odinmylord/3.2 Make cert_keysize output consistent	2024-01-10 12:21:42 +01:00
Dirk Wetter	69664cbabf	Merge pull request #2455 from Odinmylord/fix_intermediate_cert add utf8 support to intermediate cert names	2024-01-06 20:38:32 +01:00
Odinmylord	e404cf8bdb	add utf8 support to intermediate cert names	2024-01-03 14:27:11 +01:00
Odinmylord	f4b1bb28a0	Update certificate_info function to include key algorithm in error messages	2024-01-02 14:06:18 +01:00
Dirk Wetter	3f9cc7b6a5	Merge pull request #1871 from dcooper16/quit_on_cmd_line_errors Quit testssl.sh on all command line errors	2023-12-24 15:34:00 +01:00
Dirk Wetter	bbf770ac7f	Merge pull request #2447 from Odinmylord/3.2 Add Brainpool signature algorithms to output	2023-12-24 14:00:42 +01:00
Dirk	23c2b24c3d	MUST update hashes	2023-12-24 14:00:34 +01:00
Dirk Wetter	3d63b62c24	Merge pull request #2450 from drwetter/fix_stupid_umaskerror Bail out if user error bc of umask	2023-12-23 15:02:20 +01:00
Dirk Wetter	c5265e33b7	fix wrong temp file var	2023-12-23 13:13:16 +01:00
Dirk Wetter	3b5f2022b3	fix typo	2023-12-23 13:03:57 +01:00
Dirk Wetter	8e517e0a70	Bail out if user error bc of umask If a user chose a broken umask testssl.sh will start but emits subsequent errors. This patch adds two sanity checks whether it is allowed to create and read files in the temp directory. Fixes #2449	2023-12-23 12:58:05 +01:00
Odinmylord	90272f1d12	Add Brainpool signature algorithms to output	2023-12-13 14:23:28 +01:00
Dirk Wetter	7829821010	Merge pull request #2441 from drwetter/dependabot/github_actions/docker/build-push-action-5.1.0 Bump docker/build-push-action from 5.0.0 to 5.1.0	2023-12-09 18:13:24 +01:00
Emmanuel Fusté	2c84a525cc	Fix mitigation detection with debug level 0	2023-12-07 18:58:58 +01:00
Emmanuel Fusté	52c6ac7fec	Spell fix.	2023-11-28 15:22:01 +01:00
Emmanuel Fusté	429db592e2	Crudely detect exponential backoff as a mitigation	2023-11-28 14:41:25 +01:00
dependabot[bot]	30129b59f3	Bump docker/build-push-action from 5.0.0 to 5.1.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-20 00:50:39 +00:00

1 2 3 4 5 ...

4502 Commits