Commit Graph

3114 Commits

Author SHA1 Message Date
Dirk Wetter
4cae781d98
Merge pull request #1267 from drwetter/hexstream2cipher_fix
Don't include SSLv2 ciphers in hexstream2cipher.sh
2019-05-06 19:37:44 +02:00
Dirk
13d3b7329b Don't include SSLv2 ciphers in hexstream2cipher.sh 2019-05-06 19:35:12 +02:00
Christoph Settgast
8c8a626b49 Remove erroneous DES-CBC-MD5 from Java 11 and 12
DES-CBC-MD5 was included by utils/hexstream2cipher.sh,
heres the relevant snippet, line 160:

148: c025 --> 0xc0,0x25 --> ECDH-ECDSA-AES128-SHA256
152: c029 --> 0xc0,0x29 --> ECDH-RSA-AES128-SHA256
156: 0067 --> 0x00,0x67 --> DHE-RSA-AES128-SHA256
160: 0040 --> 0x00,0x40 --> DHE-DSS-AES128-SHA256 DES-CBC-MD5
164: c009 --> 0xc0,0x09 --> ECDHE-ECDSA-AES128-SHA
168: c013 --> 0xc0,0x13 --> ECDHE-RSA-AES128-SHA
172: 002f --> 0x00,0x2f --> AES128-SHA
176: c004 --> 0xc0,0x04 --> ECDH-ECDSA-AES128-SHA

Unfortunately I don't know how to fix utils/hexstream2cipher.sh,
but I have manually removed the erroneous cipher and space from
the client-sim.
2019-05-06 18:07:43 +02:00
Dirk Wetter
29a74713ee
Merge pull request #1266 from drwetter/more_unittests1
t/25_baseline_starttls in line with the new scheme now
2019-05-06 14:08:54 +02:00
Dirk Wetter
33ece6858d In line with the new scheme now 2019-05-06 14:07:08 +02:00
Dirk Wetter
c5d76fec27
Merge pull request #1265 from drwetter/more_unittests1
Another (minor) step forwad for unit tests
2019-05-06 11:22:42 +02:00
Dirk Wetter
51e8373efb Update to newest template
* die statement if testssl.sh cannot be found from the current path
* comment everything out for JSON
* don't repeat the pattern, use a variable
* use "speaking" variable names
2019-05-06 11:20:28 +02:00
Dirk Wetter
802d0defe7 Better phrased and provide examples 2019-05-06 11:13:37 +02:00
Dirk Wetter
cf7c1ba4ae
Merge pull request #1262 from drwetter/more_unittests1
More unit / integration tests + Fix client simulation with OpenSSL, LDAP
2019-05-05 18:43:13 +02:00
Dirk Wetter
710017ba57 Merge branch 'more_unittests1' of github.com:drwetter/testssl.sh into more_unittests1 2019-05-05 15:08:18 +02:00
Dirk Wetter
15df3316c1 Formatting fixed 2019-05-05 15:07:55 +02:00
Dirk Wetter
62bd23a632
add headline+note 2019-05-05 13:54:56 +02:00
Dirk Wetter
3785e9d622
Proper formatting 2019-05-05 13:45:23 +02:00
Dirk Wetter
c3ff9e85f9 Rename file according to new scheme
... Readme.md
2019-05-05 13:44:02 +02:00
Dirk Wetter
666e897623 renamed 2019-05-05 13:42:48 +02:00
Dirk Wetter
b63c389b54 Renamed 2019-05-05 12:58:49 +02:00
Dirk Wetter
b9aee02978 Split IPv6 + IPv4
... and disable IPv6 test as it is NOT supported by Travis CI,
see https://docs.travis-ci.com/user/reference/overview/#virtualisation-environment-vs-operating-system

The *.disabled file should provide a start if it'll be available
at some time or one can manage this in travis with a docker container,
see https://github.com/travis-ci/travis-ci/issues/8891
2019-05-05 12:53:07 +02:00
Dirk Wetter
50a83235fe Renamed + testssl.net (IPv6) 2019-05-05 12:08:13 +02:00
Christoph Settgast
11416790cd Add Java 12 from Ubuntu 19.04
manually wiresharked, detailed version info:

$ java -version
openjdk version "12.0.1" 2019-04-16
OpenJDK Runtime Environment (build 12.0.1+12-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 12.0.1+12-Ubuntu-1, mixed mode, sharing)
2019-05-04 22:30:46 +02:00
Christoph Settgast
c4b5f33532 Add Java 11 from Ubuntu 18.04
manually wiresharked, detailed version info:

$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode)
2019-05-04 22:20:53 +02:00
Dirk Wetter
df88577ec4 Add basline test for IPv4 and IPv6
... client simulations come later. One pattern for
failed output added
2019-05-04 13:51:20 +02:00
Dirk Wetter
19e9137f79 Add --vulnerabilities and LDAP constraints to documentation 2019-05-04 11:57:03 +02:00
Dirk Wetter
9c0a1459c0
Merge pull request #1261 from drwetter/safari-fix
Fix error + round brackets
2019-05-04 11:09:10 +02:00
Dirk Wetter
bfd6caa624 Fix error + round brackets
PR #1260 missed a 'current' line which caused an output problem.

I'd like to add round brackets to the displayed name so that we remember
what comes from wireshark and waht from SSLlabs
2019-05-04 11:05:57 +02:00
Dirk Wetter
d15fbedaa1
Merge pull request #1260 from csett86/safari121-ios122
Add Safari 12.1 from iOS 12.2
2019-05-04 10:53:48 +02:00
Christoph Settgast
67c0dd106e Add Safari 12.1 from iOS 12.2
Manually Wiresharked
2019-05-04 00:58:31 +02:00
Dirk Wetter
dc64753085 Add error catcher also for --ssl-native + FTP 2019-05-03 20:46:06 +02:00
Dirk Wetter
de45440279 better use the right protocol when checking ldap 2019-05-03 20:26:59 +02:00
Dirk Wetter
9257654522 fix wrong variable 2019-05-03 20:11:42 +02:00
Dirk Wetter
b60dbc0fa6 Code + Fix
- Removed doubled declaration (my)
- hopefully fix error in FTPs (should maybe think about changing
  the line in testssl.sh or filter here always)
2019-05-03 20:08:31 +02:00
Dirk Wetter
72136437bb Proper file naming 2019-05-03 19:32:59 +02:00
Dirk Wetter
1825a8ca33 Fix output for POP (STARTTLS unit test) 2019-05-03 19:32:25 +02:00
Dirk Wetter
2996d24176 Add several unit tests for STARTTLS protocols
- SMTP via sockets+OpenSSL
- POP3 via sockets+OpenSSL
- IMAP via sockets+OpenSSL
- XMPP via sockets+OpenSSL
- FTP via sockets+OpenSSL
- LDAP via OpenSSL
- NNTPS via sockets+OpenSSL

Open: IRC, LTMP, mysql, postgres

This PR fixes #923. Partly it addresses #1254
2019-05-03 19:27:31 +02:00
Dirk Wetter
2d719e5ebe Add cmdlines
* t / --starttls irc/ircs (which will fail later for now)
* --vulnerabilities : not yet the moment for renaming
2019-05-03 19:25:37 +02:00
Dirk Wetter
bb5450e3f5 Make STARTTLS + LDAP work again (via sockets)
A couple of checks required sockets but e.g. LDAP via STARTTLS
throwed an error (FIXME: LDAP+STARTTLS over sockets not supported yet)
in fd_sockets().

This adds a temporary workaround so that those functions are bypassed
and LDAP via STARTTLS can be used again.

See also #1258
2019-05-03 18:55:28 +02:00
Dirk Wetter
bdbc194491 Beautify and simplify the code 2019-05-03 16:38:44 +02:00
Dirk Wetter
c38a1e6896 Major imporvement to unit test for client simulations
- we don't check the head line only but errors
- don't use "pass" if you didn't run a test
- add simulation for http too
2019-05-03 16:24:57 +02:00
Dirk Wetter
2176f29104 Fix bug due to different naming scheme for curves
... which led to a false output in OpenSSL based handshake simulations.

secp256r1 is prime256v1
secp192r1 is prime192v1

Also a few varaiables were added in debug output (environment.txt)
2019-05-03 16:16:30 +02:00
Dirk Wetter
0c45720f6c
Merge pull request #1256 from drwetter/no-ssl3-fix
Fix typo in handshake simulation with openssl 1.1.x
2019-05-02 18:10:09 +02:00
Dirk Wetter
79a0345213 Fix typo in handshake simulation with openssl 1.1x
"protos" contained "-no-ssl3" instead of "-no_ssl3"
which lead to an error message "Oops: openssl s_client connect problem"
-- which wasn't caught by the STARTTLS unit test either :-(
2019-05-02 09:53:51 +02:00
Dirk Wetter
77c3bca646
Merge pull request #1253 from drwetter/rDNS_chars
Remove " " ";" in rDnS
2019-05-01 11:31:27 +02:00
Dirk Wetter
9d84308e3e Remove " " ";" in rDnS
... as occasionally they showed up when using dig which
made the rDNS output look like it's not supposed to be
2019-05-01 11:26:39 +02:00
Dirk Wetter
29e69d1156
Merge pull request #1252 from dcooper16/tls13_rating
Mark only TLSv1.3 final as pr_svrty_best
2019-05-01 10:42:40 +02:00
David Cooper
b081f5fffc
Mark only TLSv1.3 final as pr_svrty_best
This PR changes run_protocols() so that, when using tls_sockets(), support for TLSv1.3 is only marked as pr_svrty_best() if the final (RFC 8446) version is supported. It also changed run_protocols() so that support for TLSv1.3 is marked as pr_svrty_best() if OpenSSL is used (i.e., if the --ssl-native option is specified).

One potential issue is that the --ssl-native version assumes that if OpenSSL supports TLSv1.3 it supports the final (RFC 8446) version of the protocol. If the tester is using a development version of OpenSSL 1.1.1 rather than the final version, then the protocol test will actually be indicating whether the server supports the same draft version of OpenSSL as the $OPENSSL being used to perform the tests.
2019-04-29 15:28:46 -04:00
Dirk Wetter
040976ab49
Merge pull request #1247 from drwetter/outfile_man
Add documentation to  #1245
2019-04-25 22:43:07 +02:00
Dirk
c9ec73bce8 Add documentation to #1245
it accepts a directory.

This PR adds documenation for it.
2019-04-25 22:40:32 +02:00
Dirk Wetter
6bd5897c82
Merge pull request #1245 from dcooper16/outfile_directory
The -outfile, -oa, -outFile, and -oA options should accept a directory
2019-04-25 22:29:31 +02:00
Dirk Wetter
682537b9f8
Merge pull request #1244 from dcooper16/fix1243
Fix #1243
2019-04-25 22:26:43 +02:00
David Cooper
a1289d1ec3
The -outfile, -oa, -outFile, and -oA options should accept a directory
Currently the -outfile, -oa, -outFile, and -oA assume that <fname> being provided is to be used as a filename, unless it is "auto." However, all of the individual options (e.g., --logfile) allow for a directory name to be provided instead of a file name.

This PR changes the handling of the -outfile, -oa, -outFile, and -oA options so that if a directory name is provided, the files are created in that directory.
2019-04-25 14:55:13 -04:00
David Cooper
66d15c6a03
Fix #1243
This PR fixes #1243 by modifying create_mass_testing_cmdline() to handle the --outfile, -oa, --outFile, and -oA options in the case that the filename provided is not "auto." It also modifies create_mass_testing_cmdline() so that in the case of serial testing -oj and -oJ are treated the same as --jsonfile and --jsonfile-pretty, respectively.
2019-04-25 14:10:09 -04:00