Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,195 Commits 14 Branches 30 Tags 211 MiB
48c7e2d25c
Commit Graph

2503 Commits

Author SHA1 Message Date
Dirk
cedeff2b42 typo in tempdir led to missing gost cipher 2015-01-08 14:16:22 +01:00
Dirk
8a3e0267ba safer bacth processing if port isn't available 2015-01-06 16:25:19 +01:00
Lars Windolf
d1ab23c146 Change question logic on non-SSL port 
Idea is to bail out per default (with WARNINGS=off) this makes batch processing possible
as often testssl.sh hangs for minutes or endless on non-SSL ports.
 2015-01-03 11:41:35 +01:00
Dirk
eae1b2810f - check for CN wrt SNI / no SNI 
- fix different responses for CACert
 2014-12-23 09:59:03 +01:00
Dirk
4aa674d138 - Negotiated cipher per proto 
- nr_ciphers of used openssl version in banner
- spdy_pre check
- -testversion_new --> -testversion
 2014-12-21 23:22:50 +01:00
Dirk
a570d907e9 - Cipher order check! (also for starttls) 
- includes a remark 4 default_cipher (limited sense as client will pick)
- selfsigned certs: error!
- number of local ciphers in check with allciphers
 2014-12-21 00:47:23 +01:00
Dirk
21493fb788 - tempfile handling: every function leaves one, if DEBUG is set 
- FIX*2: OPENSSL_CONF/GOST_CONF
 2014-12-19 17:02:26 +01:00
Dirk
8635012cf5 - subjectAltName 2014-12-19 07:12:20 +01:00
Dirk
521a7160a9 - NEW: certificate info, details: 
- NEW: CN, SAN
- NEW: OCSP URI
- NEW: CRL distr point
- NEW: Issuer
- NEW: expiration
- NEW: signature algo
- renamed cmdline --simple_preference to --server_defaults
- now we have a TEMPDIR where all files are written toA
- function or handling/removing TMPFILE
 2014-12-18 09:33:24 +01:00
Dirk
b40c0b7178 - RELEASE: final 2.2 
- change of cmd line order for STARTTLS
- help more clear
 2014-12-08 10:32:51 +01:00
Dirk
b3efb3c4b0 - BUGFIX: potential stalling in HTTP Header query 
- BUGFIX: HTTP specific vuln. won't be checked if service is not http (we still
check crime and also spdy => gmail has spdy for pop and imap)
- Feature: service detection: HTTP, IMAP, POP, SMTP
- alignment in rDNS output corrected
- minor cleanup / improvements
 2014-11-30 01:30:20 +01:00
Dirk
27f06f8d50 - BUGFIX: BSD now has proper heartbleed and ccs injection detection 
- significant code improvement of hex-byte parser <-> socket sender
- BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing
- bumped to 2.1rc3, hoping that'll be the last
 2014-11-27 21:33:33 +01:00
Dirk
c034cd8a95 - for colors: double square brackets (might save a fork to "[ or "test" 
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
 2014-11-25 13:12:24 +01:00
Yuri
19f936bece Fixed the problem when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options. 2014-11-22 12:15:47 -08:00
Peter Mosmans
c3ab016164 Fixed minor redirection typo for 'which' command 2014-11-22 12:57:36 +10:00
Dirk
d4265742b1 color codes for protocols and default ciphers reflect better a rating 
- fix: heartbleed function needed a $TMPFILE for determining the TLS protocol
 - version bumped to 2.1rc2
 2014-11-20 10:46:55 +01:00
Dirk
5dd4a8f3fa - fix in cleanup (while debug) 
- wrong cmd line option --> help instread of error
 2014-11-19 22:23:13 +01:00
Dirk
05877dca93 - protocol check stream lined: similar now for every protocol 
- NPN/SPDY is not green anymore
 2014-11-19 18:04:43 +01:00
Dirk
d77b667489 - protocol w/o cipher (only SSLv2 so far) 
- for EVERY protocol now check whether $openssl supports it
- better fail for PFS if there are no local ciphers
 2014-11-19 17:08:59 +01:00
Dirk
99e472ac01 - banner (opensssl version build date, platform) slightly changed 
- even clearer warning upon old openssl version (MacOSX!)
- oparoz hexdump patch
- heartbleed doenst do a precheck anymore --> just sockets as it may lead to false negatives
  if the client was complied with it disabled (FreeBSD)
 2014-11-19 13:22:22 +01:00
Dirk
f2c44803ed - FreeBSD fixes (getent, printf) 2014-11-18 23:14:17 +01:00
Dirk
41a480abb4 small cleanup 2014-11-18 20:23:17 +01:00
Dirk
8756151a26 Merge branch 'master' of github.com:drwetter/testssl.sh 2014-11-18 16:40:14 +01:00
Dirk
049a945abc - prettyprint_local now also can do word pattern matching 
- help improved
- put the stripping of leading 0 into normalize_cipher_code where it belonged
- the latter makes a modified mapping-rfc.txt necessary!
 2014-11-18 11:03:03 +01:00
Dirk
f45d85617b - hexcode in neat list now w/o leading 0 
- help cleaned up and clearer (& removing tabs)
- test_just_one with headline
 2014-11-18 10:29:11 +01:00
Peter Mosmans
de0b4313b8 Make sure that cleanup() function is always called 
Added {HEADERFILE_BREACH} to temporary files that should be removed
Removed obsolete cleanup calls
 2014-11-18 14:30:48 +11:00
Dirk
cf8fa2c3f3 - version bumped to 2.1rc1, better layout for chacha (albeit bit ugly), better layout for all ciphers, test_just_one w/ headline 2014-11-18 01:36:29 +01:00
Dirk
16279267ea - sockread w/ sleep 
- ccs better documented + more verbose during debug
 2014-11-18 00:26:58 +01:00
Dirk
7414b5b310 next step in color handling: 2=full color, 1: b/w, 0: no ESC codes at all 2014-11-17 18:49:56 +01:00
Dirk
fc4c2e5446 - omit the "**" in non colored mode 
- query COLOR properly (env)
 2014-11-17 17:43:59 +01:00
Dirk
a7bbc6c39a warning upon "no ssl enabled server" clearer; we check only for return code of s_client. Fails if certificate needed 2014-11-17 17:05:43 +01:00
Dirk
481af083a3 NEW: first working implementation of "-x <list_of_csv_hexcodes> server" with a catch: none a/v local cipher 2014-11-02 23:37:17 +01:00
Dirk
5984e86f81 FIX for RUN_DIR, bumped up version to 2.1beta 2014-10-30 21:12:18 +01:00
Dirk
f56f81090a NEW: HPKP 2014-10-29 21:24:43 +01:00
Dirk
b49b1451c4 FIX: for FreeBSD and spaces in "Local problem ..." 2014-10-29 20:23:21 +01:00
Dirk
ef5bf00094 FIXED: too much spaces in "Local problem: No .. configured" 2014-10-23 15:52:06 +02:00
Dirk
6737cd230c FIXED: When there is no support in openssl for SSLv2 the error message and the next protocol test get on the same line 2014-10-23 15:40:15 +02:00
Dirk
1720fed5fe be clear that no TLS_FALLBACK_SCSV support yet 2014-10-17 22:16:37 +02:00
Dirk
86e0141f72 POODLE hack 2014-10-15 13:10:06 +02:00
Dirk
192867554e - FIX for getent line 2014-10-15 11:56:40 +02:00
Dirk
5e76322840 - regression on libressl fix fdor openssl fixed 2014-10-14 16:28:18 +02:00
Dirk
df06f45432 - mm: patch for libressl 2014-10-14 16:08:11 +02:00
Dirk
905e1540ab another error message suppressed (DNS) and properly handled internally 2014-10-09 11:22:23 +02:00
Dirk
08202a5768 - FIX: socket reset (ccs, hb) made formatting look not ok 2014-10-08 14:30:31 +02:00
Dirk
4ae510650d - for seldom cases of two hsts header we don't throw an error but take the first one 2014-10-08 01:03:14 +02:00
Dirk
e06251a1d3 - removed netcat dependency, availability check with bash sockets only. Should work on RH'ish distros better now 2014-10-07 12:04:21 +02:00
Dirk
723ab08258 - BUGFIX: supplying ip addresses only works again 2014-10-07 11:14:39 +02:00
Dirk Wetter
3dee100ac2 - clearer output 2014-09-25 16:24:21 +02:00
Dirk
455cd2fe62 - only numbers for hsts (thx to Olivier) 2014-09-24 11:17:28 +02:00
Dirk
fb40dad089 - jobcontrol for heartbleed and CCS test --> no blocking anymore 2014-09-16 22:18:09 +02:00
Dirk
a7fe0b48b5 * added ocsp stapling in server defaults test 
* non-working prototype of testing a single cipher via hexcode
 2014-08-29 14:57:20 +02:00
Dirk Wetter
93503a1b43 - except minor points now compatible to MacOSX and *BSD 
- Russian GOST cipher support added
- more see CHANGELOG.txt
 2014-07-16 19:04:15 +02:00
Dirk Wetter
9a689bbffc - first try to commit here 2014-07-01 16:28:16 +02:00