91e98f1fc3
Merge pull request #1274 from dcooper16/pwnedkeys
...
Check pwnedkeys.com database
2019-05-23 10:45:57 +02:00
0d2b955e21
Check pwnedkeys.com database
...
This PR adds a check of whether the server's public key appears in the https://pwnedkeys.com database.
2019-05-22 10:11:34 -04:00
d6fb232152
Merge pull request #1271 from drwetter/depr_clients
...
Depreciation of more clients
2019-05-08 23:18:03 +02:00
d5f90218d1
Deprecation of more clients
...
* Tor 17
* Android 4.2.2
* IE 7 Vista
2019-05-08 23:12:45 +02:00
0c750c212c
Merge pull request #1270 from drwetter/ubuntu2openjdk
...
Change the platform for Java from Ubuntu to OpenJDK
2019-05-07 19:43:58 +02:00
7238a0167a
Change the platform for Java from Ubuntu to OpenJDK
2019-05-07 19:39:20 +02:00
174f4ee527
Merge pull request #1268 from csett86/safari-macos
...
Add Safari 12.1 on macOS 10.13.6
2019-05-07 19:35:09 +02:00
9273661779
Merge pull request #1269 from csett86/deprecate-java9
...
Deprecate Java 9, its EOL since March 2018
2019-05-07 08:02:44 +02:00
c41b1f0055
Revert diff noise at end of file
2019-05-06 21:35:58 +02:00
fa77a9c80e
Deprecate Java 9, its EOL since March 2018
...
No current distro (Ubuntu, Debian, Fedora) is still shipping it,
Oracle has EOLed it in March 2018 according to
https://www.oracle.com/technetwork/java/java-se-support-roadmap.html
2019-05-06 21:26:30 +02:00
a17f45b563
Add Safari 12.1 on macOS 10.13.6
...
manually wiresharked
2019-05-06 21:19:46 +02:00
1ccc8bdcb8
Merge pull request #1263 from csett86/java
...
Add Java 11 and 12 client simulations
2019-05-06 19:40:33 +02:00
4cae781d98
Merge pull request #1267 from drwetter/hexstream2cipher_fix
...
Don't include SSLv2 ciphers in hexstream2cipher.sh
2019-05-06 19:37:44 +02:00
13d3b7329b
Don't include SSLv2 ciphers in hexstream2cipher.sh
2019-05-06 19:35:12 +02:00
8c8a626b49
Remove erroneous DES-CBC-MD5 from Java 11 and 12
...
DES-CBC-MD5 was included by utils/hexstream2cipher.sh,
heres the relevant snippet, line 160:
148: c025 --> 0xc0,0x25 --> ECDH-ECDSA-AES128-SHA256
152: c029 --> 0xc0,0x29 --> ECDH-RSA-AES128-SHA256
156: 0067 --> 0x00,0x67 --> DHE-RSA-AES128-SHA256
160: 0040 --> 0x00,0x40 --> DHE-DSS-AES128-SHA256 DES-CBC-MD5
164: c009 --> 0xc0,0x09 --> ECDHE-ECDSA-AES128-SHA
168: c013 --> 0xc0,0x13 --> ECDHE-RSA-AES128-SHA
172: 002f --> 0x00,0x2f --> AES128-SHA
176: c004 --> 0xc0,0x04 --> ECDH-ECDSA-AES128-SHA
Unfortunately I don't know how to fix utils/hexstream2cipher.sh,
but I have manually removed the erroneous cipher and space from
the client-sim.
2019-05-06 18:07:43 +02:00
29a74713ee
Merge pull request #1266 from drwetter/more_unittests1
...
t/25_baseline_starttls in line with the new scheme now
2019-05-06 14:08:54 +02:00
33ece6858d
In line with the new scheme now
2019-05-06 14:07:08 +02:00
c5d76fec27
Merge pull request #1265 from drwetter/more_unittests1
...
Another (minor) step forwad for unit tests
2019-05-06 11:22:42 +02:00
51e8373efb
Update to newest template
...
* die statement if testssl.sh cannot be found from the current path
* comment everything out for JSON
* don't repeat the pattern, use a variable
* use "speaking" variable names
2019-05-06 11:20:28 +02:00
802d0defe7
Better phrased and provide examples
2019-05-06 11:13:37 +02:00
cf7c1ba4ae
Merge pull request #1262 from drwetter/more_unittests1
...
More unit / integration tests + Fix client simulation with OpenSSL, LDAP
2019-05-05 18:43:13 +02:00
710017ba57
Merge branch 'more_unittests1' of github.com:drwetter/testssl.sh into more_unittests1
2019-05-05 15:08:18 +02:00
15df3316c1
Formatting fixed
2019-05-05 15:07:55 +02:00
62bd23a632
add headline+note
2019-05-05 13:54:56 +02:00
3785e9d622
Proper formatting
2019-05-05 13:45:23 +02:00
c3ff9e85f9
Rename file according to new scheme
...
... Readme.md
2019-05-05 13:44:02 +02:00
666e897623
renamed
2019-05-05 13:42:48 +02:00
b63c389b54
Renamed
2019-05-05 12:58:49 +02:00
b9aee02978
Split IPv6 + IPv4
...
... and disable IPv6 test as it is NOT supported by Travis CI,
see https://docs.travis-ci.com/user/reference/overview/#virtualisation-environment-vs-operating-system
The *.disabled file should provide a start if it'll be available
at some time or one can manage this in travis with a docker container,
see https://github.com/travis-ci/travis-ci/issues/8891
2019-05-05 12:53:07 +02:00
50a83235fe
Renamed + testssl.net (IPv6)
2019-05-05 12:08:13 +02:00
11416790cd
Add Java 12 from Ubuntu 19.04
...
manually wiresharked, detailed version info:
$ java -version
openjdk version "12.0.1" 2019-04-16
OpenJDK Runtime Environment (build 12.0.1+12-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 12.0.1+12-Ubuntu-1, mixed mode, sharing)
2019-05-04 22:30:46 +02:00
c4b5f33532
Add Java 11 from Ubuntu 18.04
...
manually wiresharked, detailed version info:
$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment (build 11.0.2+9-Ubuntu-3ubuntu118.04.3)
OpenJDK 64-Bit Server VM (build 11.0.2+9-Ubuntu-3ubuntu118.04.3, mixed mode)
2019-05-04 22:20:53 +02:00
df88577ec4
Add basline test for IPv4 and IPv6
...
... client simulations come later. One pattern for
failed output added
2019-05-04 13:51:20 +02:00
19e9137f79
Add --vulnerabilities and LDAP constraints to documentation
2019-05-04 11:57:03 +02:00
9c0a1459c0
Merge pull request #1261 from drwetter/safari-fix
...
Fix error + round brackets
2019-05-04 11:09:10 +02:00
bfd6caa624
Fix error + round brackets
...
PR #1260 missed a 'current' line which caused an output problem.
I'd like to add round brackets to the displayed name so that we remember
what comes from wireshark and waht from SSLlabs
2019-05-04 11:05:57 +02:00
d15fbedaa1
Merge pull request #1260 from csett86/safari121-ios122
...
Add Safari 12.1 from iOS 12.2
2019-05-04 10:53:48 +02:00
67c0dd106e
Add Safari 12.1 from iOS 12.2
...
Manually Wiresharked
2019-05-04 00:58:31 +02:00
dc64753085
Add error catcher also for --ssl-native + FTP
2019-05-03 20:46:06 +02:00
de45440279
better use the right protocol when checking ldap
2019-05-03 20:26:59 +02:00
9257654522
fix wrong variable
2019-05-03 20:11:42 +02:00
b60dbc0fa6
Code + Fix
...
- Removed doubled declaration (my)
- hopefully fix error in FTPs (should maybe think about changing
the line in testssl.sh or filter here always)
2019-05-03 20:08:31 +02:00
72136437bb
Proper file naming
2019-05-03 19:32:59 +02:00
1825a8ca33
Fix output for POP (STARTTLS unit test)
2019-05-03 19:32:25 +02:00
2996d24176
Add several unit tests for STARTTLS protocols
...
- SMTP via sockets+OpenSSL
- POP3 via sockets+OpenSSL
- IMAP via sockets+OpenSSL
- XMPP via sockets+OpenSSL
- FTP via sockets+OpenSSL
- LDAP via OpenSSL
- NNTPS via sockets+OpenSSL
Open: IRC, LTMP, mysql, postgres
This PR fixes #923 . Partly it addresses #1254
2019-05-03 19:27:31 +02:00
2d719e5ebe
Add cmdlines
...
* t / --starttls irc/ircs (which will fail later for now)
* --vulnerabilities : not yet the moment for renaming
2019-05-03 19:25:37 +02:00
bb5450e3f5
Make STARTTLS + LDAP work again (via sockets)
...
A couple of checks required sockets but e.g. LDAP via STARTTLS
throwed an error (FIXME: LDAP+STARTTLS over sockets not supported yet)
in fd_sockets().
This adds a temporary workaround so that those functions are bypassed
and LDAP via STARTTLS can be used again.
See also #1258
2019-05-03 18:55:28 +02:00
bdbc194491
Beautify and simplify the code
2019-05-03 16:38:44 +02:00
c38a1e6896
Major imporvement to unit test for client simulations
...
- we don't check the head line only but errors
- don't use "pass" if you didn't run a test
- add simulation for http too
2019-05-03 16:24:57 +02:00
2176f29104
Fix bug due to different naming scheme for curves
...
... which led to a false output in OpenSSL based handshake simulations.
secp256r1 is prime256v1
secp192r1 is prime192v1
Also a few varaiables were added in debug output (environment.txt)
2019-05-03 16:16:30 +02:00
Dirk Wetter
David Cooper
Christoph Settgast