Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-02 18:18:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,598 Commits 15 Branches 34 Tags
30f80cf9b3f38a83778d03995c9e2839ed87e03d
Commit Graph

4598 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
f84e8c05f5 Merge pull request #2470 from Tazmaniac/renego_timing_fix 
Correct client_renego timing bug.
 2024-02-21 17:17:51 +01:00
Dirk Wetter
32a279730f Merge pull request #2472 from Tazmaniac/zombies-fix-3.2 
Fix subshell killing to avoid zombies
 2024-02-20 10:03:19 +01:00
Emmanuel Fusté
af20952b86 Fix subshell killing to avoid zombies 
Learned from the rest of the code ...
 2024-02-19 16:19:23 +01:00
Dirk Wetter
19607d7c2c Merge pull request #2467 from Tazmaniac/mongodb-detection-fix 
MongoDB identification fix
 2024-02-13 17:15:01 +01:00
Emmanuel Fusté
6277613906 Usual spell fixes. 2024-02-13 15:41:35 +01:00
Emmanuel Fusté
4066766de5 MongoDB identification fix 
The actual code grep for "MongoDB" keyword in the head of the HTTP
session.
In case of "compressed" HTML, a big page is on one line.
On a IT page, we could encounter the "MongoDB" keyword and
miss-identify the application protocol.

Fixed by matching on a longuer string taken from a live MogoDB
server.
 2024-02-13 15:00:19 +01:00
Emmanuel Fusté
faae91edbc Correct client_renego timing bug. 
OpenSSL will buffer only the first command till the establishment of the
session.
In case of slow session establishment, we could:
  * loose some renego trys missing proper mitigation implementation
  * loose some renego trys missing a real vulnerable host if 2/3 of the
    tries are lost during session establishment (very slow startup).

Wait for the session to be fully establised before starting the renego
loop.
 2024-02-13 14:40:53 +01:00
Dirk Wetter
62b5859d52 Merge pull request #2465 from Odinmylord/3.2 
Add SNI to ticketbleed check
 2024-02-09 09:56:58 +01:00
Odinmylord
eb661dadb8 Add SNI to ticketbleed check 2024-02-08 15:01:12 +01:00
Dirk Wetter
c30e541658 Merge pull request #2463 from janbrasna/fix-docker-md-quotes 
Fix Dockerfile.md formatting
 2024-02-02 20:25:46 +01:00
Jan Brasna
1db2df333f Fix Dockerfile.md formatting 2024-02-02 19:33:08 +01:00
Dirk Wetter
7ec7f8cf32 Merge pull request #2460 from Tazmaniac/client-renego-regression 
Fixed regression in printing results
 2024-01-22 09:51:11 +01:00
Maurizio S
51ab05e651 Update testssl.1.html 2024-01-20 11:49:56 +01:00
Maurizio S
55ef4c09fe Update testssl.1.md 2024-01-20 11:49:50 +01:00
Maurizio S
83fb9b5b3a Update CHANGELOG.md 2024-01-20 11:49:41 +01:00
Maurizio S
bdab5f665c Update CREDITS.md 2024-01-20 11:49:32 +01:00
Maurizio S
ec4ceb2c20 Add mTLS feature 
Added new feature to support mutual TLS via client certificate and private key, when a remote server requires client authentication.
 2024-01-20 11:49:05 +01:00
Emmanuel Fusté
4cc02a63ef One more spell fix... 2024-01-19 17:09:44 +01:00
Emmanuel Fusté
02a3c2cc14 Fixed regression in printing results 
And improve it with the effective number of renego before disconnection
as it is now tracked.
 2024-01-19 16:22:50 +01:00
Dirk Wetter
ad04a90b2a Merge pull request #2459 from Tazmaniac/client-renego-fix 
Secure Client-Initiated Renegotiation : fixes/enhancements
 2024-01-18 18:37:58 +01:00
Emmanuel Fusté
67c362c89a One more spell fix 2024-01-15 10:07:09 +01:00
Emmanuel Fusté
de364b0c84 Introduce SSL_REGEG_WAIT and reduce wait to 0.25s 
Reduce wait between reneg test to 0.25s. Still robust and accelerates
the test as now we do up to 10 renego tests.

With the global loop timeout, the backoff identification seem unneeded.
But if we switch to 0.25s, we no longuer trigger the global timeout so
it is still valuable.
Adjust write out messages as bash do not support floating point number
arithmetic.
 2024-01-12 11:30:35 +01:00
Emmanuel Fusté
9b79e3917a Bump SSL_RENEG_ATTEMPTS=10 for Stormshield 
Stormshield allows 9x and then blocks. So then 10x should be tested.
Example: https://ems.ocapiat.fr
 2024-01-11 18:34:47 +01:00
Emmanuel Fusté
b793f54c3e Add timeout for the client initiated renego loop 
Some site hang/block the connection after some renego reties
Example: https://feedback.amadeus.com

Hand written timeout logic because:
- we want to get the result of the command in case of normal exit
- we want to have working log fd redirection
- we want to known the timeout condition
 2024-01-11 18:30:44 +01:00
Dirk Wetter
b6fdfb1986 Merge pull request #2458 from drwetter/drwetter-patch-1 
Create pull_request_template.md
 2024-01-10 19:28:22 +01:00
Dirk Wetter
6e84f5f139 Fill pull_request_template.md 2024-01-10 19:27:24 +01:00
Dirk Wetter
9a494b135c Create pull_request_template.md 2024-01-10 19:03:23 +01:00
Emmanuel Fusté
d30d8e09f2 tab/space corrections and "grep -ac" in place of "grep -a | wc -l" 2024-01-10 18:31:41 +01:00
Dirk Wetter
7c0c06641c Merge pull request #2437 from drwetter/disclaimer 
Disclaimer
 2024-01-10 12:22:34 +01:00
Dirk Wetter
810e870d16 Merge pull request #2454 from Odinmylord/3.2 
Make cert_keysize output consistent
 2024-01-10 12:21:42 +01:00
Dirk Wetter
69664cbabf Merge pull request #2455 from Odinmylord/fix_intermediate_cert 
add utf8 support to intermediate cert names
 2024-01-06 20:38:32 +01:00
Odinmylord
e404cf8bdb add utf8 support to intermediate cert names 2024-01-03 14:27:11 +01:00
Odinmylord
f4b1bb28a0 Update certificate_info function to include key algorithm in error messages 2024-01-02 14:06:18 +01:00
Dirk Wetter
3f9cc7b6a5 Merge pull request #1871 from dcooper16/quit_on_cmd_line_errors 
Quit testssl.sh on all command line errors
 2023-12-24 15:34:00 +01:00
Dirk Wetter
bbf770ac7f Merge pull request #2447 from Odinmylord/3.2 
Add Brainpool signature algorithms to output
 2023-12-24 14:00:42 +01:00
Dirk
23c2b24c3d MUST update hashes 2023-12-24 14:00:34 +01:00
Dirk Wetter
3d63b62c24 Merge pull request #2450 from drwetter/fix_stupid_umaskerror 
Bail out if user error bc of umask
 2023-12-23 15:02:20 +01:00
Dirk Wetter
c5265e33b7 fix wrong temp file var 2023-12-23 13:13:16 +01:00
Dirk Wetter
3b5f2022b3 fix typo 2023-12-23 13:03:57 +01:00
Dirk Wetter
8e517e0a70 Bail out if user error bc of umask 
If a user chose a broken umask testssl.sh will start but emits
subsequent errors.

This patch adds two sanity checks whether it is allowed to create
and read files in the temp directory.

Fixes #2449
 2023-12-23 12:58:05 +01:00
Odinmylord
90272f1d12 Add Brainpool signature algorithms to output 2023-12-13 14:23:28 +01:00
Dirk Wetter
7829821010 Merge pull request #2441 from drwetter/dependabot/github_actions/docker/build-push-action-5.1.0 
Bump docker/build-push-action from 5.0.0 to 5.1.0
 2023-12-09 18:13:24 +01:00
Emmanuel Fusté
2c84a525cc Fix mitigation detection with debug level 0 2023-12-07 18:58:58 +01:00
Emmanuel Fusté
52c6ac7fec Spell fix. 2023-11-28 15:22:01 +01:00
Emmanuel Fusté
429db592e2 Crudely detect exponential backoff as a mitigation 2023-11-28 14:41:25 +01:00
dependabot[bot]
30129b59f3 Bump docker/build-push-action from 5.0.0 to 5.1.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-20 00:50:39 +00:00
Dirk Wetter
1a9a486474 Merge pull request #2438 from drwetter/wildcard 
Implement warning for wildcard match
 2023-11-10 19:41:08 +01:00
Dirk
81ba1fe818 Implement warning for wildcard match 
fixes #2122
 2023-11-10 15:37:13 +01:00
Dirk Wetter
654086782b wording, typos 2023-11-06 14:40:52 +01:00
Dirk Wetter
b87634baa0 Disclaimer 2023-11-06 14:34:55 +01:00