Commit Graph

2364 Commits

Author SHA1 Message Date
David Cooper 8c165fd3da Merge branch '2.9dev' into negotiated_cipher 2017-02-14 14:06:18 -05:00
Dirk a22e4e5228 - fix heartbleed detection which sometimes case false psoitives over slow connections like sattelite links, partially addressing #352
- start revamping run)ccs_injection
- fix missing space in BEAST after protocol
2017-02-14 19:45:14 +01:00
David Cooper 48088bbceb Cleanup
Rearrange code so that in the case of just a single test, `parse_hn_port()` is not called earlier than it was previously unless it needs to be called in order to create the HTML file name.

Doing this ensures that the banner is displayed even if the `$URI` cannot be parsed (except in the case that the `$URI` needs to be parsed in order to create a file name) and that any error messages created by `parse_hn_port()` will be included in the HTML, if possible.
2017-02-14 13:44:03 -05:00
David Cooper 308b24cbe9 Let testssl.sh create HTML file name
Add option for testssl.sh to create the HTML file name. If testssl.sh creates the file name, then, in the case of mass testing, a separate HTML file is created for each test (i.e., for each line in the file provided to `--file`).
2017-02-14 13:19:12 -05:00
David Cooper e2161aef5e Rearrange code
Just a slight rearrangement of the code in order to remove some redundancy.
2017-02-14 10:04:42 -05:00
David Cooper 76c34dd148 Negotiated cipher per proto bugfix
I have a test server that I configured to support only SSLv3 and TLSv1.2. When I set `SSLHonorCipherOrder` to `off` I get the following results:
```
     ECDHE-RSA-AES256-SHA:          SSLv3     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
```
The current code, when printing TLSv1.2 checks whether `${cipher[4]}` is empty, and since it is assume no previous protocol (SSLv2, SSLv3, TLSv1, TLSv1.1) was supported and so doesn't output a newline before outputting the cipher and protocol for TLSv1.2.

This PR fixes that by changing to code to look at the previous non-empty cipher (if there is one), even if that does not come from the previous protocol.
2017-02-14 09:53:38 -05:00
David Cooper 61b5539ca6 Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-14 08:50:56 -05:00
Dirk Wetter 67fb3feff8 Merge pull request #630 from dcooper16/show_rfc_
Option to show RFC cipher names
2017-02-14 09:28:15 +01:00
David Cooper 1dc132c6a4 Option to show RFC cipher names
When a list of cipher suites is being displayed using `neat_list()`, testssl.sh shows the cipher suite's OpenSSL name and (in most cases) the RFC name as well. However, in all other cases only the OpenSSL name is shown.

This PR adds the option to have cipher suite's RFC names shown instead of the OpenSSL name, by including `--mapping rfc` in the command line. [Note: if the cipher-mapping.txt file cannot be found, then the `--mapping rfc` option is ignored and the OpenSSL names are shown.]

This PR seems to be related to issue #9, but #9 may be been referring to the output created by `neat_list()`.
2017-02-13 16:07:25 -05:00
David Cooper e953c737d1 Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-13 09:14:22 -05:00
Dirk Wetter 971c8e8b63 Update Readme.md 2017-02-13 09:33:50 +01:00
Dirk Wetter c252d5ab28 Update Readme.md 2017-02-13 09:33:03 +01:00
Dirk 7d6f1eb46f polishing #628, mostly make sure we automatically align to terminal width 2017-02-13 09:06:10 +01:00
Dirk Wetter 21cd97b08a Merge pull request #628 from dcooper16/format_long_lines
Wrap long lines
2017-02-13 08:52:07 +01:00
Dirk d2f688e925 CAA RR belongs also in JSON, see #588 2017-02-11 14:16:18 +01:00
Dirk 8dabc28280 also made sure that all old dns binaries work (SLES 11, FreeBSD 9) 2017-02-11 14:01:51 +01:00
David Cooper 376fb95d04 Follow $COLOR value in HTML output
Use the value of `$COLOR` to affect the HTML output in addition to the output to the terminal.
2017-02-10 17:08:49 -05:00
David Cooper fea2558b20 Show gray for COLOR=1
Gray should appear for COLOR=1 or COLOR=2.

Since `pr_grey()` is basically the same as `out()` for COLOR=0, `mybanner()` should just call `pr_grey()` without checking the value of `$COLOR`.
2017-02-10 16:30:14 -05:00
David Cooper f633ce67d6 Color change
Change `emphasize_stuff_in_headers()` to use olive and bold olive rather than brown and yellow. This matches what `aha` creates and appears similar to what is displayed in the terminal on a Mac. Also, yellow text is very difficult to read.
2017-02-10 15:05:43 -05:00
David Cooper 2652362ce0 Final fixes
Found more places where output should only go to terminal, or where it was only going to the terminal (e.g., printf) but should also be in the HTML. Also added the ability to include active URLs in the HTML output.

To Do: Handle automatic generation of HTML file name and support for parallel testing.
2017-02-10 14:47:49 -05:00
David Cooper 2b5324b8ef Fix emphasize_stuff_in_headers()
Changed `emphasize_stuff_in_headers()` so that the appropriate coloring would appear both in the terminal and in the HTML. It's slow, but it works.
2017-02-10 10:59:20 -05:00
David Cooper a50488c44f Handle --file option
Introduced "trick" so that if the `--file` option is used, `html_header()` will only be called once before anything is printed and `html_footer()` will only be called once after all printing is complete. With this, `html_header()` now delete the output file if it exists.

Also introduced the `html_reserved()`, which is called for all text to be sent to `out_html()`. `html_reserved()` converts any HTML reserved characters (", ', &, <, >) to their corresponding entity names (&quot;, &apos;, &amp;, &lt;, &gt;).
2017-02-09 17:03:21 -05:00
David Cooper 45379ce1f9 Fix subjectAltName indendation
The PR didn't account for the indentation of the subjectAltName differing depending on whether the server has one or more than one certificate.
2017-02-09 13:29:22 -05:00
David Cooper c92131c072 Don't collect number of bits in run_pfs()
The `bits` array is no longer needed in `run_pfs()` since the information collected is not being used.
2017-02-09 11:45:29 -05:00
David Cooper d4455081f0 Wrap long lines
This PR addresses the issue raised in #623. This PR is based on the function `out_row_aligned_max_width()` that I proposed in #623, but the `out_row_aligned_max_width()` in this PR is a little different. It takes a fourth parameter, which is the function to use to print each word in the text string to be printed. This is used in `run_pfs()` so that the "Elliptic curves offered" can be printed using this function (some servers support 25 curves), while still having the curves printed using color-coding to indicate the quality of each curve.

I somewhat arbitrarily have each line wrap at 120 characters, but that could be changed (e.g., to `$TERM_WIDTH`).
2017-02-09 11:36:24 -05:00
David Cooper 1c5ef78913 Another update to HTML colors
For the most part I used the RGB values for xterm from https://en.wikipedia.org/wiki/ANSI_escape_code#Colors for the HTML colors, but with a few exceptions. For example, I did not use "yellow" for `pr_svrty_low()`, since that color is very difficult to read. I also used a different color for `pr_svrty_medium()` so that `pr_svrty_medium()` would appear more red than `pr_svrty_low()`.

These color choices could use more adjustment.
2017-02-08 15:16:51 -05:00
David Cooper be6bafaec4 Merge branch '2.9dev' into generate_html
Conflicts:
	testssl.sh
2017-02-08 10:04:14 -05:00
Dirk 386aa92448 keep detected status of WSL / bash on windows in a variable, see also #620 2017-02-08 09:08:05 +01:00
Dirk 0200100750 see #620 2017-02-08 08:58:28 +01:00
Dirk Wetter 0b7e9b18b8 Merge pull request #620 from teward/2.9dev
Attempt to force system binaries for WSL
2017-02-08 08:54:20 +01:00
Dirk Wetter 0810f2a719 Merge pull request #609 from dcooper16/handle_supported_groups
Handle renaming of the Supported Elliptic Curves Extension
2017-02-08 08:11:23 +01:00
Dirk 0d993427a3 - enabling TLS 1.2 via sockets
- enabling sockets in run_protocols STARTTLS per default
- minor output polishing
2017-02-07 23:08:29 +01:00
David Cooper 2af8198f27 Change HTML colors
Rather than use the colors created by `aha` use colors that more closely match the colors that appear in the terminal.
2017-02-07 17:06:27 -05:00
Thomas Ward 6140aa8b8c Attempt to force system binaries for WSL 2017-02-07 15:59:09 -05:00
David Cooper dc9e3bfb58 Add option to create HTML
This PR adds the option to generate HTML. The code was created as follows:

* For each output function (`out()`, `outln()`, `pr_liteblue()`, etc.) I created two functions: one that just outputs to the terminal and one that outputs to the terminal and to the HTML file (if an HTML file is to be created).

* I modified the code so that any output that should appear in the HTML file in addition to being displayed on the terminal is sent through one of the display functions: out()`, `outln()`, `pr_liteblue()`, etc.

* I created a new function `retstring()` to use in place of `out()` when a function is creating a string to be "captured" by the calling function.

* I modified the code so that no string returned by a function includes color-coding escape characters.
2017-02-07 14:25:41 -05:00
Dirk Wetter edb358b3e0 Merge pull request #595 from dcooper16/rename_ephemeral_DH_ciphers
Rename cipher lists for run_logjam()
2017-02-07 17:51:07 +01:00
David Cooper 4fab1830cb Merge branch '2.9dev' into handle_supported_groups 2017-02-06 13:49:05 -05:00
David Cooper f03ae865d8 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-06 13:48:35 -05:00
Dirk 48e264a193 fixed regression #611 2017-02-06 17:47:17 +01:00
David Cooper f519e42507 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-06 08:48:45 -05:00
David Cooper 321d5e0c9d Merge branch '2.9dev' into handle_supported_groups 2017-02-06 08:47:11 -05:00
Dirk 54e0395969 Reverse #600 but leave the hook in here, ANSI code for strikethru 2017-02-06 11:06:59 +01:00
Dirk Wetter 03daa1be35 Merge pull request #608 from dcooper16/neat_list_camelliagcm
Fix neat_list() for Camellia GCM
2017-02-06 10:41:01 +01:00
Dirk a9cddd7afb see #611 2017-02-04 15:11:03 +01:00
Dirk Wetter e95f9a8d0a Merge pull request #611 from dcooper16/print_two_CRL_or_OCSP_URI
Fix Two CRL and/or two OCSP URLs
2017-02-04 15:06:18 +01:00
Dirk 3a21097cc5 HTTP/1.1 GET handler for #254 2017-02-04 14:13:33 +01:00
Dirk Wetter 59c3286775 Merge pull request #612 from dcooper16/update_fix_587
Update fix to 587
2017-02-04 12:14:09 +01:00
AlGreed 8457c1ce9e corrected path to common_primes_file in logjam 2017-02-04 01:38:18 +01:00
AlGreed 513cbf0d65 Merge branch 'drwetter/2.9dev' into 2.9dev 2017-02-04 00:32:28 +01:00
Dirk 5046b80414 first draft of LUCKY13 (128 cipher limit has to be addressed) 2017-02-03 22:36:04 +01:00