Commit Graph

176 Commits

Author SHA1 Message Date
42f20b59b1 fix missing semicolon in docs 2025-01-30 10:23:12 +01:00
0042b6313e s/drwetter/testssl
For the remaining occurences. Except dockerhub which needs to be solved.
2025-01-24 11:15:55 +01:00
11d7979f41 Support draft-kwiatkowski-tls-ecdhe-mlkem and draft-tls-westerbaan-xyber768d00
This commit adds support for the three code points in draft-kwiatkowski-tls-ecdhe-mlkem and the code point 0x6399 from draft-tls-westerbaan-xyber768d00. The group 0x6399 uses a pre-standard version of Kyber and is considered obsolete.
2025-01-21 09:00:21 -08:00
e17b1c17bb Support RFC 9150 cipher suites
This commit adds support for the two cipher suites in RFC 9150, TLS_SHA256_SHA256 and TLS_SHA384_SHA384. These are authentication and integrity-only cipher suites.
2024-10-28 15:07:22 -07:00
76902af3b8 update hashes 2024-07-23 11:35:49 +02:00
69c1a2fcb8 need to update hashes needs to be earlier 2024-07-23 11:35:16 +02:00
778aab0241 dos2unix 2024-07-23 11:34:38 +02:00
95ed863ac0 update MS CA root store 2024-07-23 10:42:14 +02:00
472eff85b1 Update Apple CA store
...and modify readme to reflect that the certificates are better to retrieve from GH
2024-07-22 17:08:18 +02:00
3a9c0aa8ed Update Truststores
- Mozilla: 2024-7-02
- Debian 12, ca-certificates from 20230311
- JDK 21.04

See also #2525

ToDo:
- Apple (https://opensource.apple.com/source/security_certificates/ doesnt exist anymore), github?
- MS
- Check old LE CA
- update hashes
- update Readme
2024-07-22 16:38:45 +02:00
23c2b24c3d MUST update hashes 2023-12-24 14:00:34 +01:00
db175a8d51 Update of certificate stores
Mozilla: 2023-08-22
Debian 10
JDK 22
Windows 10 22H2, Patched until 2023-10
Apple: 2023-10
2023-10-09 22:08:48 +02:00
d0e1c4a8e7 Fix line endings in etc/curves-mapping.txt
The file etc/curves-mapping.txt currently has CRLF line endings and this seems to cause problems with git since .gitattributes now specifies LF line endings for .txt files. This commit changes the line endings for the file in order to (hopefully) prevent problems with git.
2023-07-03 08:50:23 -07:00
5002dd23b1 Add support for brainpool curves with TLS 1.3
This commit adds support for the curves brainpoolP256r1tls13, brainpoolP384r1tls13, and brainpoolP512r1tls13.
2023-03-28 08:53:20 -07:00
aac696b0a0 Updated root CA stores 2023-03-17 18:06:57 +01:00
6106887fdd Update DST CA 2023-03-17 18:06:03 +01:00
419aae3c98 updates docu to reflekt actual status 2023-03-17 18:05:24 +01:00
12654b904b Update README.md 2022-07-02 22:12:56 +02:00
e217af0324 Remove the expired DST Root CA X3 cert from ...
Apple / Linux / Microsoft stores
2022-07-02 16:02:30 +02:00
d79504ea8a Reference to remove DST Root CA 2022-07-02 16:00:16 +02:00
9f4a3b359c add new stores 2022-07-02 15:59:00 +02:00
fb2b4935ac Java.pem from Oracle jdk-17.0.3.1 2022-07-01 22:01:36 +02:00
dca2672d88 Apple.pem: picked from Internet (see etc/Readme.md) 2022-07-01 21:55:43 +02:00
285eb60d45 add loop for Apple.pem 2022-07-01 21:51:25 +02:00
f1003d62f8 fine tune instructions for Apple.pem 2022-07-01 21:45:02 +02:00
8b580d1448 Update cert store: Linux + Mozilla 2022-07-01 21:32:38 +02:00
c92a648391 Add LibreSSL from MacOS 2022-05-31 16:17:47 +02:00
854028166d Including AppleMail 2022-05-31 15:12:16 +02:00
b274e3b858 correct openssl 3.0.3 data which made CI action fail 2022-05-31 14:32:47 +02:00
a21a343c1c disable Java 12 and Safari on OS X 10.12 2022-05-31 12:17:38 +02:00
09432f0346 minor fix: italic markdown 2022-05-31 12:10:36 +02:00
f90b473b32 Add Thunderbid 91.9 to hanshak simulation 2022-05-31 12:10:11 +02:00
86158f0bdf Firefox 100, Chrom and Edge 101 (Win10)
- disabled Opera (too old)
- disabled ATS 9 / iOS 9
- reenabled Android 8.1
2022-05-09 17:49:16 +02:00
22d8cd3adf Go client (1.17) 2022-05-06 10:06:03 +02:00
cf79a19598 Add Android 11+12 2022-05-04 19:12:03 +02:00
28e9ddeebd Teating of FFDHE groups
* readded to the markdown
* readded to the clientsimulations for Java 12
2022-05-04 18:29:29 +02:00
ac6f99fe1c correct FFDHE groups
... so that they a recognized by ~/utils/hexstream2curves.sh
2022-05-04 17:44:33 +02:00
c6491a3834 Correct spell checking error
and hint to missing ALPN
2022-05-04 15:56:25 +02:00
415043865a Add Java 17 LTS
plus

* amend documentation
* remove TLS 1.3 ciphers in ch_ciphers for consistency reasons
2022-05-04 15:46:36 +02:00
52ed4181f9 Add SSLSocketClient in Java
Note this doesn't add alpn (same as openssl). See here https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html
if you want to add that.

This code is NOT GPLv2! It was taken from the Oracle web site which didn't list any license
(https://docs.oracle.com/javase/10/security/sample-code-illustrating-secure-socket-connection-client-and-server.htm).
2022-05-04 15:39:32 +02:00
d84492a75e Update openssl 3.0.3 2022-05-04 14:32:04 +02:00
cc7a88386d Update documention how to add a client simulation 2022-05-04 12:38:12 +02:00
03803cf0c9 Add Safari for macOS 2022-05-03 22:11:31 +02:00
50b09267d0 Try more ciphers
determine_optimal_sockets_params() makes two attempts to send a TLS 1.2 ClientHello, with each attempt trying 127 ciphers. However, this leaves 97 ciphers from etc/cipher-mapping.txt that are not tried, most of which use ARIA or CAMELLIA. This commit adds a third attempt a send a ClientHello that offers these 97 remaining ciphers. This helps to ensure that support for TLS 1.2 is detected and that later calls to tls_sockets() work, even if the server only supports the ARIA/CAMELLIA ciphers that are not included in TLS12_CIPHER or TLS12_CIPHER_2ND_TRY.
2022-04-18 11:53:28 -04:00
905f801309 Remove the expired DST Root CA X3 cert from all trust stores, and ensure Mozilla's is up to date (fixes ISRG X1 alternate path)
Remove changes to Dockerfiles

Update hashes for CA trust stores
2021-10-02 08:05:56 +10:00
2405176a26 Fix #1982: Newer openssl.cnf break openssl detection
Newer configuration files from openssl may include statements
which aren't compatible with our supplied old openssl version.
This commit adds an autodetection of such a file and uses a
openssl.cnf provided by this project then.
2021-09-15 09:31:03 +02:00
fcb282e3c3 Typos found by codespell
Run codespell in CI
2021-09-14 13:33:39 +02:00
b1f5c6c9af Trim excess whitespace 2021-09-04 13:28:30 +00:00
54dcecd184 Make text file not executable 2021-09-03 22:19:39 +00:00
7029ada0ba fixing typo in md file 2020-11-28 14:06:26 +01:00