Commit Graph

90 Commits

Author SHA1 Message Date
1d954233bd Document is in utf-8
See #1701
2020-08-13 20:43:54 +02:00
953e1bd0ff Phrase --version & friends as standalone
This PR fixes #1671.

Primarily there's now an additional case statement in the main while loop
which just calls fatal() when it detects --help -b --banner -v or --version.

The documentation was also updated to reflect that.

(Some grammar and other errors which I stumbled over were corrected too)
2020-08-13 20:41:57 +02:00
5b17bbcf87 Add RFC 8701 to list of RFCs
This commit adds RFC 8701 to the list of RFCs in the documentation.
2020-08-03 11:14:10 -04:00
57c4913260 Update GREASE reference
The GEASE Internet Draft is now RFC 8701. This commit updates the references.
2020-08-03 10:43:15 -04:00
e6c5507b20 Fix grammar 2020-08-02 21:54:27 +00:00
e8d2992add Fix grammar 2020-08-02 21:48:15 +00:00
5b44e43ec4 Fix grammar 2020-08-02 21:47:40 +00:00
288223c707 Polish STARTTLS rating output
Moved the sentence ~i "A grade better than T would lead to a false sense of security"
to the documentation. No reason for excuses in the output. ;-) Explanation fits
better in the doc.

See also #1657
2020-06-25 20:47:51 +02:00
b2d41330e0 port typo fixes to html and roff doc 2020-06-25 13:05:47 +02:00
f647ae8264 Change to grade cap 2020-06-23 19:24:24 +02:00
069c5ae917 Spelling 2020-06-22 19:16:20 +02:00
2bff63b7db Add a comment about STARTTLS connections in the docs 2020-06-22 19:14:25 +02:00
8b74d41487 unintended linebreak 2020-05-11 15:22:51 +02:00
6119d8538e proper rating of dh group length 2020-05-11 15:20:16 +02:00
871db32fb5 Fix a couple typos.
enviroment → environment
ususally → usually
2020-05-08 22:48:20 -04:00
908975380d Amendment to "Relax the possible GPL license contradiction"
fix it also in the man pages. See #1590 / #1593
2020-05-06 09:17:42 +02:00
381fdfa985 Fix typo in docs: Strong grade Ciphers / AEAD 2020-05-02 19:49:01 +02:00
0e6fb44bd3 add xmpp-server 2020-05-01 18:31:35 +02:00
2b174821e4 Merge pull request #1575 from horazont/feature/xmpp-server
STARTTLS: add support for xmpp-server
2020-05-01 17:53:34 +02:00
4daf20585d STARTTLS: add support for xmpp-server
XMPP client-to-server and server-to-server links historically use
different XML namespaces. Some server implementations are strict
about this and will not proceed with the connection attempt when
the client namespace (`jabber:client`) is used on a
server-to-server link.

openssl s_client also supports `xmpp-server`.
2020-05-01 17:44:30 +02:00
ebe75252fa Merge branch '3.1dev' into magnuslarsen-grading_dev 2020-05-01 17:36:29 +02:00
a9d28949fe Clarify responsilility for rating 2020-04-28 21:13:36 +02:00
97ac4c452e Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-28 15:07:33 +02:00
13a76bc719 (try to) resolve merge conflict 2020-04-28 13:35:24 +02:00
680aff48e4 Update documentation related to extended run_server_preference() 2020-04-27 17:19:30 +02:00
a9ab2bcd91 Update documentation (ADDITIONAL_CA_FILES -> ADDTL_CA_FILES)
which happened in d44a643fab in
testssl.sh .

This fixes it in the related files. See also #1581
2020-04-23 11:20:46 +02:00
c3f09f56f7 Grading --> Rating
but we still hand out grades
2020-04-20 22:41:14 +02:00
64735d0241 Remove env variable DISABLE_GRADING
as for run_* functions we currntly don't have that.

Also AEAD as WIP we can remove that from the doc
2020-04-17 13:22:30 +02:00
e4cef5438d Added grading based on ssllabs 2020-04-15 15:06:08 +02:00
8c466bf2ee Rename PFS/perfect forward secrecy to FS/forward secrecy
In all instances:

* command line (will break things)
* JSON IDs (will break things)
* in the documentation
* in the travis checks where used
* everywhere in the code: variables, functions, comments
2020-04-14 15:53:05 +02:00
4603d924be Last fine tuning for http basic auth
* create roff file and HTML
* add hint to $ENV

Avoid 1x subshell

See #1451.
2020-01-16 14:29:53 +01:00
942cf3d374 add description for HTTP basic auth credentials switch in the docs 2020-01-16 10:11:22 +01:00
c228b578dd Remove --warnings=false from documenation
... and reorder manpages also so that --warnings, --connect-timeout
and --openssl-timeout appear in the "input parameter" section.

The HTML manpage looks in the diff view quite different as previously
another computer was used for converting the source format with ronn(1).

The manpage in (g)roff format was manually edited with .RE / .RS
for provide indented bulletpoints.

See also #1419
2020-01-08 14:24:41 +01:00
3fdb5617db --connect-timeout 2019-12-10 20:44:55 +01:00
b1f4713287 Merge branch '3.0' of https://github.com/goncalor/testssl.sh into goncalor-3.0 2019-12-06 16:29:45 +01:00
dc658637a5 add </b>
.. so to speak in addition to #1376
2019-11-19 12:38:58 +01:00
966b464802 --html option looks like all others 2019-11-13 21:23:33 +01:00
5485ebe439 Update man page to include --connect-timeout 2019-10-10 04:41:10 +01:00
15df3316c1 Formatting fixed 2019-05-05 15:07:55 +02:00
19e9137f79 Add --vulnerabilities and LDAP constraints to documentation 2019-05-04 11:57:03 +02:00
c9ec73bce8 Add documentation to #1245
it accepts a directory.

This PR adds documenation for it.
2019-04-25 22:40:32 +02:00
e92b7326bc Extra warning for certificates >= 5yrs, italics handling for BSDs
This PR fixes #803 and emit an extra warning if the certificate
has a lifetime longer or equal of five years which happens often
on appliances with self signed certificates. (CAs do not offer
such a long certificate lifetime.) This was tested under Linux,
FreeBSD and OpenBSD. On the latter however we only check the
years as opposed to other OS where we have a finer granularity
(seconds).

On the screen there's only an output if the lifetime is too long,
using JSON or CSV formats, it is always displayed (ID: cert_validityPeriod).

Also this PR changes the ID cert_expiration_status to cert_expirationStatus.

Older FreeBSD and OpenBSD can't deal with italics characters but it output
the escape codes which could result in a different markup. This PR detects
such OS and just doesn't dsiplay the escape sequence.

Also the manpage is reflecting the change and has updates in the server
defaults and standard cipher checks section.
2019-04-09 11:46:53 +02:00
e29b1f40e6 Improve HTML-Formatting, minor additions
The HTML manual is now post processed through tidy
which removes the problem of ">" not HTML encoded.

--color 0 is now explicitly mentioned to avoid escaped codes in the
output.

Minor changes wrt certificate stores
2019-01-08 13:56:55 +01:00
d10f66a4c5 Minor additions
1) add --add-ca option and remove eother references to ADDITIONAL_CA_FILES
2) add a paragraph 'TUNING OPTIONS'
3) add -iL as a n alternative to --file
2018-12-17 21:04:47 +01:00
1416ff620b Major update, review
Review: grammar, spelling.  Errorneous and obsolete description.
        Some items reordered.

Updated: to reflect the current capabilities.

Moreover: (Almost) complete the tuning variables section.
2018-12-13 18:07:20 +01:00
ab7ca281c0 Minor polishing 2018-12-07 14:35:49 +01:00
6fe5adbbc3 Improved connection failure conditions
As a kind of a pre-warning this commit allows the n-1 connection problem to
give feedback on the screen (that wasn't working before).

Also the message on the screen is now more clear and the manpage
gives better advice.

Related to #1172
2018-12-05 16:09:36 +01:00
6ce0ad80e6 fit HTML man page to page width 2018-11-23 23:47:21 +01:00
f591126a1b Minor updates
added: client simulation, requirements.

Updated number of ciphers.
2018-11-12 21:36:43 +01:00
da233c939e RFC --> IANA
The cipher suites names in the RFCs stem (mostly) from IANA, see
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

This PR corrects that in places visible to the user. For backwards
compatibility the cmd line switches still work as before, but there's
a preference to IANA. The RFC naming is labeled as to be retired
in the future.
2018-11-08 20:26:52 +01:00