Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,797 Commits 17 Branches 35 Tags
31a09ec5937d6e16c306dfdd75db38ac6a4051b0
Commit Graph

4797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
31a09ec593 Merge pull request #2692 from testssl/more_extension_numbers 
Add a few extension numbers in the server hello
 2025-03-12 10:29:15 +01:00
Dirk Wetter
cab5bd7b13 Merge pull request #2694 from dcooper16/changes_update 
Update CHANGELOG.md and CREDITS.md
 2025-03-12 10:27:31 +01:00
David Cooper
ec1d28ea24 Update CHANGELOG.md and CREDITS.md 
This commit adds information about #2687, #2688, and #2690 to the change log.
 2025-03-11 12:48:48 -07:00
Dirk Wetter
1e63bd296d Merge pull request #2693 from testssl/drwetter-patch-1 
Update pull_request_template.md
 2025-03-11 16:25:19 +01:00
Dirk Wetter
011bcc7223 Update pull_request_template.md 2025-03-11 16:21:24 +01:00
Dirk Wetter
bad917f193 Update pull_request_template.md 2025-03-11 16:20:25 +01:00
Dirk
8b00ab4c47 Add a few extension numbers in the server hello 
Issue #2686 showed a server which listed an unknown extension number from
RFC 8446. THis PR adds this number and a few (later) ones.

It just lists them when detected in `parse_tls_serverhello()`

See also https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
 2025-03-11 15:57:25 +01:00
Dirk Wetter
830af44953 Merge pull request #2690 from dcooper16/mlkem 
Support draft-connolly-tls-mlkem-key-agreement
 2025-03-11 15:33:22 +01:00
Dirk Wetter
70e1c4d693 Merge pull request #2689 from dcooper16/sort_tls_extns 
Sort TLS extensions
 2025-03-11 15:20:36 +01:00
Dirk Wetter
6ed6db500b Merge pull request #2688 from dcooper16/ossl4_compat 
OpenSSL 4 compatibility
 2025-03-11 15:16:45 +01:00
Dirk Wetter
ac83b79680 Merge pull request #2687 from dcooper16/ossl35_compat 
OpenSSL 3.5 compatibility
 2025-03-11 15:13:44 +01:00
David Cooper
410b3acf5c OpenSSL 4 compatibility 
According to https://openssl-library.org/roadmap/index.html, OpenSSL 4 is scheduled to be released in April 2026. This commit modifies code that checks $OPENSSL version numbers so that versions 4 and above will be recognized.
 2025-03-10 15:58:40 -07:00
David Cooper
75b78bc21a Sort TLS extensions 
This commit modifies testssl.sh so that run_server_defaults() prints the server's supported TLS extensions sorted by extension number rather than listing them in the order in which they were found.

In order to simplify the sorting of the extensions, this commit changes $TLS_EXTENSIONS from a string to an array. In February 2017 comments were added (925e1061b2) saying that it would be $TLS_EXTENSIONS were an array. So, this commit addresses those comments. However, it is possible that the reason for those comments no longer apply.
 2025-03-10 15:38:24 -07:00
David Cooper
683f028164 Support draft-connolly-tls-mlkem-key-agreement 
This commit adds support for the three code points in draft-connolly-tls-mlkem-key-agreement.
 2025-03-06 11:42:00 -08:00
David Cooper
6a333d17b7 OpenSSL 3.5 compatibility 
With the current master branch of OpenSSL (3.5.0-dev), the output that is provided by s_client has changed in the case of a cipher suite that uses an ephemeral key. Rather than preceding the ephemeral key information with "Server Temp Key: ", it is now preceded by either "Peer Temp Key:" or "Negotiated TLS1.3 group:". This commit modifies the lines that extract ephemeral key information from OpenSSL responses to accept any of these strings.
 2025-03-06 10:33:04 -08:00
Dirk Wetter
f34b81ed8f Merge pull request #2683 from testssl/drwetter-patch-1 
Update pull_request_template.md
 2025-03-06 11:16:01 +01:00
Dirk Wetter
b25038e248 Update pull_request_template.md 2025-03-06 11:14:54 +01:00
Dirk Wetter
08d8039813 Merge pull request #2681 from testssl/date_not_available 
Fix regex for openssl banner
 2025-03-05 22:20:42 +01:00
Dirk
7bb04e020e Fix regex for openssl banner 
,,, and also update the warning when runing in SSL native mode to check the ciphers
before and include OpenSSL also
 2025-03-05 17:52:34 +01:00
Dirk Wetter
9807bc327a Merge pull request #2679 from testssl/banner_change 
Banner change
 2025-03-05 16:28:29 +01:00
Dirk
e6cfe8c3b0 Resolve merge conflict by incorporating both suggestions 2025-03-05 15:35:18 +01:00
Dirk
e2ee8b24b4 fix typo in comment 2025-03-05 15:06:41 +01:00
Dirk
5ffcd086eb Add missing local vars 2025-03-05 15:02:15 +01:00
Dirk
3152cdf864 Banner change + minor fix for curve detection 
In order to tell openssl binaries better apart the short banner below the
hash tag signs contain now also the date. That is the short version of the
build date unless it is not supplied which is the case of opensuse. Then
the name contains the date and it's taken from there.

The start and end banner lines have the same length now.

"sieve" was added in a comment and the sequence where sieve appears in
a pattern was trying to match other occurences (i.e. after nntp)

While testing the banners it appeared under Linux that a) the vendor
supplied openssl sometimes hangs during startup when determining the
supported curves using -connect b) a pattern was missing to detect
whether the curve was not supported which falsely labeled all supplied curves
as supported when using /usr/bin/openssl . The pattern for the latter
was added (b). For a) there needs to be a follow up PR to avoid the
long delays.
 2025-03-05 14:41:12 +01:00
Dirk Wetter
f555fb050e Merge pull request #2678 from dcooper16/fix_typo 
Fix typo
 2025-03-05 09:13:12 +01:00
David Cooper
bbdf19df85 Fix typo 
This commit fixes a typo that was introduced by #2656.
 2025-03-04 14:01:50 -08:00
Dirk Wetter
3ae276497d Merge pull request #2677 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.6.0 
Bump docker/setup-qemu-action from 3.5.0 to 3.6.0
 2025-03-03 09:49:25 +01:00
dependabot[bot]
4d43d97622 Bump docker/setup-qemu-action from 3.5.0 to 3.6.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-03 00:22:11 +00:00
Dirk Wetter
4fde2e7e49 Merge pull request #2674 from testssl/dependabot/github_actions/docker/build-push-action-6.15.0 
Bump docker/build-push-action from 6.14.0 to 6.15.0
 2025-02-27 10:32:27 +01:00
Dirk Wetter
105c19e4ef Merge pull request #2675 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.5.0 
Bump docker/setup-qemu-action from 3.4.0 to 3.5.0
 2025-02-27 10:32:03 +01:00
Dirk Wetter
c9d1ba4fcc Merge pull request #2673 from dcooper16/avoid_subshell 
Avoid subshell overhead
 2025-02-27 10:31:04 +01:00
dependabot[bot]
c37e171424 Bump docker/setup-qemu-action from 3.4.0 to 3.5.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-27 00:03:48 +00:00
dependabot[bot]
5bfe6d63bd Bump docker/build-push-action from 6.14.0 to 6.15.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.14.0 to 6.15.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-27 00:03:46 +00:00
Dirk Wetter
78dd0a13c9 Merge pull request #2671 from javabrett/javabrett/improve-ev-detection 
Improved (experimental) Extended Validation (EV) certificate identification
 2025-02-26 22:56:21 +01:00
David Cooper
c38f46880f Avoid subshell overhead 
This commit removes the use of parenthesis in two expressions in run_fs() in order to avoid subshell overhead.
 2025-02-26 13:25:49 -08:00
David Cooper
102e4fb9b7 Merge pull request #2620 from Odinmylord/fix_curves 
fix curves findings in TLS1.2 and prior versions
 2025-02-26 13:15:34 -08:00
Dirk Wetter
04e5bc4be9 Merge pull request #2672 from javabrett/patch-1 
Update CONTRIBUTING.md
 2025-02-26 10:23:26 +01:00
Brett Randall
5f548b4214 Update CONTRIBUTING.md 
Fixed typo complains -> complaints.
 2025-02-26 13:02:16 +11:00
Brett Randall
352ed61a2e Improved (experimental) Extended Validation (EV) certificate identification. 
Three changes:

- added grep for "EV TLS" in addition to "EV SSL", as some issuers are
  using this.  This grep link actually picks-up most EV policies.
- Added policy detection for 2.23.140.1.1.  This is from CA Browser
  Forum https://cabforum.org/resources/object-registry/ extended-validation(1).
- Added policy detection for 1.3.6.1.4.1.38064.1.3.1.4 , which is SSL.com's EV policy.
 2025-02-26 10:10:21 +11:00
Dirk Wetter
ff41cbbb89 Merge pull request #2669 from magnuslarsen/3.1dev 
fix(rating): explicit enable rating if required vuln-checks are enabled
 2025-02-23 14:29:18 +01:00
Magnus Larsen
9429afade1 fix(rating): explicit enable rating if required tests are ran 2025-02-23 11:48:41 +01:00
Dirk Wetter
69e2067b99 Merge pull request #2666 from krufab/fix/fix-typo-in-help-message 
Corrected typo in the help message
 2025-02-22 16:00:31 +01:00
Fabio Kruger
1539148f0b Corrected typo in the help message 
Signed-off-by: Fabio Kruger <10956489+krufab@users.noreply.github.com>
 2025-02-22 00:55:08 +01:00
Riccardo Germenia
b3609603f9 remove unnecessary "if" statements and remove break from "if" statements 2025-02-20 15:45:05 +01:00
Dirk Wetter
ffa3e19764 Merge pull request #2662 from dcooper16/fix_ossl_supported_curve_check 
Fix check for OpenSSL supported curves
 2025-02-20 11:30:10 +01:00
Dirk Wetter
94ff89671f Merge pull request #2664 from testssl/dependabot/github_actions/docker/build-push-action-6.14.0 
Bump docker/build-push-action from 6.13.0 to 6.14.0
 2025-02-20 11:29:28 +01:00
dependabot[bot]
ec220e7c27 Bump docker/build-push-action from 6.13.0 to 6.14.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.13.0 to 6.14.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.13.0...v6.14.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-20 00:56:34 +00:00
David Cooper
5c7e7bcbc7 Fix check for OpenSSL supported curves 
OpenSSL 3.X outputs a different error message than previous versions when $OPENSSL s_client -curves X ... is called with an unsupported curve. This was resulting in the check within find_openssl_binary() adding every curve to $OPENSSL_SUPPORTED_CURVES, even ones that were not supported. This commit changes to check in order to detect the new error message.
 2025-02-19 12:47:35 -08:00
Dirk Wetter
74209e05de Merge pull request #2660 from testssl/rm_comment 
Remove obsolete comment that SNI is not needed for ticketbleed
 2025-02-17 15:39:26 +01:00
Dirk Wetter
2baaf61cc5 Merge pull request #2657 from dcooper16/fix_pattern_match 
Fix pattern matches
 2025-02-15 14:14:38 +01:00