4114db6663
Another update to ChaCha20 cipher names
2016-06-13 16:11:23 -04:00
ce8d042fb2
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-13 16:06:08 -04:00
1fae394b04
2013 --> OLD for CHACHA/POLY ciphers
2016-06-13 21:38:02 +02:00
8053e42e0f
Update ChaCha20 cipher names
...
In accordance with PR #381 , updated the ChaCha20 cipher names, then realigned the columns since the new cipher names are longer than any previously encountered cipher name.
2016-06-13 15:23:23 -04:00
42674ef2b8
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-13 15:00:09 -04:00
d4454d009b
Merge pull request #383 from dcooper16/printSAN
...
Printing of subjectAltName extension
2016-06-13 19:32:31 +02:00
1d0c8cb3f8
Printing of subjectAltName extension
...
Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
2016-06-13 12:52:19 -04:00
88fd5c4e19
Merge pull request #381 from PeterMosmans/chachanaming
...
Updated ChaCha20 cipher names
2016-06-13 08:27:28 +02:00
a06c71d915
Updated ChaCha20 cipher names
...
See https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 (the latest version as of this writing is 04).
The previous version received the suffix _2013. See https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
2016-06-13 10:34:04 +10:00
1b7653e438
Update Readme.md
2016-06-11 09:08:51 +02:00
b7fe461a6c
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-10 15:34:00 -04:00
61a049ccf9
Merge pull request #380 from dcooper16/runallciphers128limit
...
run_cipher_per_proto() 128-cipher limit
2016-06-10 20:30:47 +02:00
8c86049848
run_cipher_per_proto() 128-cipher limit
...
Ensure that neither run_allciphers() nor run_cipher_per_proto() sends a ClientHello with 128 or more cipher suites.
2016-06-10 13:45:25 -04:00
b566da94f5
Revised to use arrays
...
Here is a revision that creates a mapping file (similar to mapping.txt, but that mirrors the formatting of "$OPENSSL ciphers -V" and that includes all cipher suites, even ones for which there is no OpenSSL name), loads the contents of the file into arrays, and then uses the arrays to implement openssl2rfc() and rfc2openssl().
2016-06-10 11:11:39 -04:00
c1624782d5
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-09 10:18:29 -04:00
adbb1932eb
simplified cipher and protocol retrieval in 'Testing server preferences'
2016-06-09 15:56:53 +02:00
d561687554
initial commit
2016-06-09 15:06:42 +02:00
6b07b89946
- added values to curve448 + 25519
2016-06-09 13:18:55 +02:00
5ceace33e0
- FIX #189 with a smart check, introduced global var SERVER_SIZE_LIMIT_BUG
...
- introduced "has_server_protocol()" which can be used to check b4 connecting if protocol is a/v
2016-06-09 11:04:40 +02:00
94d5a8df80
hint for new (etxernal) binaries
2016-06-09 00:06:11 +02:00
b5765bfda0
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-08 13:46:18 -04:00
5e3d4d127c
Mask error when no $MAPPING_FILE_RFC
...
Redirect error output to $ERRFILE if $MAPPING_FILE_RFC is missing.
2016-06-08 12:07:23 -04:00
f754d67e74
Merge pull request #377 from dcooper16/curve25519
...
Adding x25519 and x448 to ClientHello
2016-06-08 17:32:28 +02:00
4750c3f0d5
Adding x25519 and x448 to ClientHello
...
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
2016-06-08 11:25:47 -04:00
0c146ef7a1
Merge branch 'master' into openss2rfc_rfc2openssl
2016-06-08 09:47:37 -04:00
c929fba206
Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions
...
More extensions in socksend_tls_clienthello()
2016-06-08 10:39:17 +02:00
022dbc687a
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-06-07 23:07:17 +02:00
d858edca1b
- filled PROTOS_OFFERED w sense
...
- minor fixes for fileout
- introduced "fixme()"
2016-06-07 23:06:58 +02:00
1d051a24e0
Merge pull request #374 from dcooper16/CREDITS
...
Update CREDITS.md
2016-06-07 22:40:56 +02:00
fa866f6458
Update CREDITS.md
2016-06-07 14:23:33 -04:00
253ba29cde
openssl2rfc and rfc2openssl
...
This PR provides implementations of openssl2rfc and rfc2openssl. It also uses openssl2rfc() in run_server_preference() to help determine how to display the "negotiated cipher." I believe that using the RFC names addresses the current FIXME:
FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list"
2016-06-07 14:02:48 -04:00
c13ae4a001
Merge branch 'master' into socksend_tls_clienthello_extensions
2016-06-07 10:35:32 -04:00
8ed6214b6f
preliminary fix for #189 (SIZELMT_W_ARND=true needed)
2016-06-07 13:02:58 +02:00
29072315e5
output correction for IPv6 and --ip=<addr
2016-06-07 09:08:48 +02:00
6f4ba5bda7
- corrected handling of shortened warning periods for LE certs (dual certs were wrong)
...
- (kind of) readded cert_key_algo in output
- smaller output fixes e.g. for GOST certificates
2016-06-06 13:42:17 +02:00
4668b9879a
Update Readme.md
2016-06-04 19:17:10 +02:00
efdcd805a9
Update Readme.md
2016-06-04 19:14:38 +02:00
561cfa16fc
- FIX #367
2016-06-02 21:31:24 +02:00
e8cc32af54
Merge branch 'master' into socksend_tls_clienthello_extensions
2016-06-02 09:16:45 -04:00
6a9b0e01fc
- polishing #366 and IPv6-related
2016-06-02 09:59:52 +02:00
51f4c9ac9e
Merge pull request #366 from typingArtist/365_fix_ipv6_handling
...
drwetter#365 fix ipv6 handling
2016-06-02 09:27:14 +02:00
2c69e83f5b
https://github.com/drwetter/testssl.sh/issues/365 add UNBRACKETED_IPV6 quirks option
...
Since some OpenSSL binaries, namely Gentoo’s, don’t support bracketed
IPv6 addresses but unbracketed ones, specified as the -connect option,
the UNBRACKETED_IPV6 environment variable can be set to true for
disabling the automatic addition of brackets around IPv6 addresses on
such platforms.
2016-05-27 20:11:47 +02:00
cf62353fc6
https://github.com/drwetter/testssl.sh/issues/365 ensure DNS PTR lookups use un-bracketed IPv6 address
...
While standard OpenSSL requires the literal IPv6 address enclosed
in [brackets], standard DNS lookup tools don’t support the additional
characters. Before making reverse PTR lookups, these brackets have to
be removed from the IPv6 addresses.
2016-05-27 19:54:23 +02:00
1074c062c7
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-05-27 17:44:08 +02:00
e1a8306286
- try to address #352
...
- WARNING in fileout is MEDIUM now
- NOT ok for medium on screen squashed
2016-05-27 17:43:45 +02:00
1ecad208fe
Update Readme.md
2016-05-26 18:03:07 +02:00
6fb15e83fa
global $OPENSSL_NR_CIPHERS
2016-05-26 12:56:55 +02:00
acc72a1daf
Merge branch 'master' into socksend_tls_clienthello_extensions
2016-05-25 16:50:56 -04:00
65193cdcee
Merge pull request #361 from dcooper16/run_rc4_show_each_fix
...
run_pfs() and run_rc4() show each fixes
2016-05-24 23:47:23 +02:00
e0c147ec86
run_pfs() and run_rc4() show each fixes
...
When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs().
In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect.
This PR fixes both issues.
2016-05-24 13:57:47 -04:00