Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,183 Commits 17 Branches 35 Tags
2cfa23e7f74e033e3a40c1cdca981277ec8904a0
Commit Graph

209 Commits

Author SHA1 Message Date
Dirk Wetter
0a7810ea47 Update Linux CA store 
from Debian 13. Fixes #2915
 2025-10-09 20:42:21 +02:00
Dirk Wetter
b4f9e51865 Add lf so that gh action doesn't complain 2025-06-23 18:21:44 +02:00
Dirk Wetter
1403503077 Add Sectigo x46 CAs from recent Debian update 2025-06-23 18:20:14 +02:00
Dirk Wetter
c109cafa17 Merge branch '3.2' into mac_runner 2025-05-16 18:16:58 +02:00
Dirk
35743166cd Clarify what Android handshake (best) is 2025-05-08 17:21:19 +02:00
Dirk
55980c59c3 Add Android 15 handshake 2025-05-08 17:20:15 +02:00
Dirk Wetter
e91b8c7339 reran ~/utils/create_ca_hashes.sh 2025-05-08 14:30:42 +02:00
Dirk
d1440d646d For better autoselction w mouse move comma 2025-04-17 18:50:48 +02:00
Dirk
668b98c9ce remove DST Root CA X3.txt 2025-04-17 18:41:44 +02:00
Dirk
3dad99a93a Update Java, Apple and MS store 
- Java is from JDK 21
- Apple and MS from this week
 2025-04-17 18:39:02 +02:00
Dirk
41c3110c0e Update Linux and Mozilla CA store 
- Linux: Debian 12
- Mozilla from 2025-02-25
 2025-04-17 18:03:50 +02:00
Dirk Wetter
128d8b5997 Merge pull request #2731 from testssl/new_Handshakes 
Update handshakes
 2025-04-17 16:13:31 +02:00
Dirk
81e4856b79 fix typo 2025-04-16 21:35:27 +02:00
Dirk
4a2228f401 Updating Android handshakes 
- Android 13 and 14 were added. They are the same, see ja3 + ja4 value
- as it turned out Android 11 and 12 have also the same ja3 + ja4 values (retrieved from old pcap files)
- so both will be labeled 11/12 an 13/14
- old pcaps from Android 11/12 showed no ALPN --> corrected
 2025-04-16 21:28:08 +02:00
David Cooper
d1531cdf60 Support decrypting TLS 1.3 handshakes with PQ key exchange 
This commit modifies testssl.sh so that TLS 1.3 handshakes that use post-quantum algorithms for key exchange can be decrypted, if $OPENSSL supports the algorithms.
 2025-04-10 14:05:30 -07:00
Dirk
5d9d5276e3 Firefox 137 (Win 11) 2025-04-09 20:28:31 +02:00
Dirk
51fce5feb1 fix ja3/4 for Edge 133 Win 11 23H2 2025-04-09 20:18:24 +02:00
Dirk
b18dd2aa28 Edge 133 Win 11 23H2 2025-04-09 20:14:42 +02:00
Dirk
647aeae205 Update docu and (futile) perl script 2025-04-09 20:00:47 +02:00
Dirk
f337f53e49 Reorder Java 8 2025-04-09 19:40:12 +02:00
Dirk
85232b7bc5 Chromium 137 Win 11 2025-04-09 19:31:35 +02:00
Dirk
84e77d2bb0 Java 21 2025-04-09 17:07:19 +02:00
Dirk
31e2f43eec LibreSSL update 3.3.6 (MacOS) 
.. renaming that to macOS instead "Apple".
 2025-04-09 16:51:26 +02:00
Dirk
4f696f94df Add openssl 3.0.15 (from Debian) 
... and set OpenSSL 3.0.3 (git) as not to list
 2025-04-09 16:39:05 +02:00
Dirk
e4cdca9e63 Add Safari 18.4 @ MacOS 15.4 2025-04-09 15:53:11 +02:00
Dirk
d601f33a37 Merge branch '3.2' into new_Handshakes 2025-04-09 10:59:40 +02:00
David Cooper
3a8038636d OpenSSL 3.5.0 client simulation 
Add OpenSSL 3.5.0 to etc/client-simulation.txt.
 2025-04-08 15:26:41 -07:00
Dirk
0d7c33ab7f deprecate more 
- Safari 12.1 (iOS 12.2)
- Firefox 66 (Win 8.1/10)
 2025-04-08 16:14:37 +02:00
Dirk
887653a033 Deprecate a few entries ... 
- Android 5+6
- Chrome 79 Win 10
- IE 6 XP
- IE 8 XP
- Safari 13.0 (macOS 10.14.6)
- OpenSSL 1.1.0l (Debian)

... before new ones are added
 2025-04-08 16:06:55 +02:00
Dirk
7939144af1 Swap Android 6 for Android 5 
... as it seems to habe more market share
 2025-04-08 15:49:44 +02:00
Dirk
58ddfd8a24 Add hint for JA3/4 
+ minor corrections
 2025-04-07 19:38:05 +02:00
Dirk
45be26db7c Add Java 8u442 handshake 
Also the ja3 and ja4 values were added as retrieved from wireshark.

See also #2430 .
 2025-04-07 19:36:34 +02:00
David Cooper
683f028164 Support draft-connolly-tls-mlkem-key-agreement 
This commit adds support for the three code points in draft-connolly-tls-mlkem-key-agreement.
 2025-03-06 11:42:00 -08:00
Teun Vink
42f20b59b1 fix missing semicolon in docs 2025-01-30 10:23:12 +01:00
Dirk Wetter
0042b6313e s/drwetter/testssl 
For the remaining occurences. Except dockerhub which needs to be solved.
 2025-01-24 11:15:55 +01:00
David Cooper
11d7979f41 Support draft-kwiatkowski-tls-ecdhe-mlkem and draft-tls-westerbaan-xyber768d00 
This commit adds support for the three code points in draft-kwiatkowski-tls-ecdhe-mlkem and the code point 0x6399 from draft-tls-westerbaan-xyber768d00. The group 0x6399 uses a pre-standard version of Kyber and is considered obsolete.
 2025-01-21 09:00:21 -08:00
David Cooper
e17b1c17bb Support RFC 9150 cipher suites 
This commit adds support for the two cipher suites in RFC 9150, TLS_SHA256_SHA256 and TLS_SHA384_SHA384. These are authentication and integrity-only cipher suites.
 2024-10-28 15:07:22 -07:00
Dirk
76902af3b8 update hashes 2024-07-23 11:35:49 +02:00
Dirk
69c1a2fcb8 need to update hashes needs to be earlier 2024-07-23 11:35:16 +02:00
Dirk
778aab0241 dos2unix 2024-07-23 11:34:38 +02:00
Dirk
95ed863ac0 update MS CA root store 2024-07-23 10:42:14 +02:00
Dirk
472eff85b1 Update Apple CA store 
...and modify readme to reflect that the certificates are better to retrieve from GH
 2024-07-22 17:08:18 +02:00
Dirk
3a9c0aa8ed Update Truststores 
- Mozilla: 2024-7-02
- Debian 12, ca-certificates from 20230311
- JDK 21.04

See also #2525

ToDo:
- Apple (https://opensource.apple.com/source/security_certificates/ doesnt exist anymore), github?
- MS
- Check old LE CA
- update hashes
- update Readme
 2024-07-22 16:38:45 +02:00
Dirk
23c2b24c3d MUST update hashes 2023-12-24 14:00:34 +01:00
Dirk
db175a8d51 Update of certificate stores 
Mozilla: 2023-08-22
Debian 10
JDK 22
Windows 10 22H2, Patched until 2023-10
Apple: 2023-10
 2023-10-09 22:08:48 +02:00
David Cooper
d0e1c4a8e7 Fix line endings in etc/curves-mapping.txt 
The file etc/curves-mapping.txt currently has CRLF line endings and this seems to cause problems with git since .gitattributes now specifies LF line endings for .txt files. This commit changes the line endings for the file in order to (hopefully) prevent problems with git.
 2023-07-03 08:50:23 -07:00
David Cooper
5002dd23b1 Add support for brainpool curves with TLS 1.3 
This commit adds support for the curves brainpoolP256r1tls13, brainpoolP384r1tls13, and brainpoolP512r1tls13.
 2023-03-28 08:53:20 -07:00
Dirk Wetter
aac696b0a0 Updated root CA stores 2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd Update DST CA 2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98 updates docu to reflekt actual status 2023-03-17 18:05:24 +01:00