Dirk Wetter
9f47ccece2
Merge pull request #412 from dcooper16/supported_elliptic_cur
...
Reorder supported curves
2016-07-11 17:08:39 +02:00
David Cooper
891c56f8bf
Determine support elliptic curves for ECDHE- ciphers
...
This PR extends run_pfs() to display the set of elliptic curves supported by the server, if the server supports any ECDHE- ciphers.
2016-07-11 11:00:56 -04:00
David Cooper
fb94221ce0
Reorder supported curves
...
Reorder the supported curves sent by socksend_tls_clienthello() from strongest to weakest.
2016-07-11 10:52:48 -04:00
David Cooper
f968bd8346
Merge branch 'master' into version_negotiation
2016-07-11 10:45:59 -04:00
David Cooper
197bee8658
Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2
2016-07-11 10:44:37 -04:00
David Cooper
08953416e8
Merge branch 'master' into more_sslv2_sslv3_fixes
2016-07-11 10:42:28 -04:00
Dirk Wetter
16087f8252
Merge pull request #411 from welwood08/patch-2
...
Server cipher order NPN tests should use SNI
2016-07-11 16:24:45 +02:00
Dirk
3e8d5208dc
further fix, see #410
2016-07-11 16:20:36 +02:00
Dirk Wetter
c32706c039
Merge pull request #410 from welwood08/patch-1
...
Unreadable SAN list on FreeBSD
2016-07-11 16:01:35 +02:00
Will Elwood
2573a9b8b8
More SNI for NPN tests
...
Found another NPN test (for the case where server doesn't specify cipher order?) that wasn't using SNI.
Also found a comment saying proxies don't support NPN => removed `$PROXY` from all modified lines.
2016-07-11 14:37:20 +01:00
Will Elwood
382d22648a
Server cipher order NPN tests should use SNI
...
I noticed the NPN parts of this test were not returning any ECDSA ciphers where I expected them to match the results of the immediately preceding TLS 1.2 test. Found it wasn't using SNI so my test server was using the default domain (snakeoil RSA certificate) instead of the tested domain (dual ECDSA/RSA certificates).
2016-07-11 14:15:50 +01:00
Will Elwood
3c39396391
Unreadable SAN list on FreeBSD
...
On FreeBSD, sed does not support "\n" in the replacement string of a substitution. The SANs are currently output all together inside a single pair of quotes and each separated with an "n" character, needless to say this is very difficult to read.
After a little digging, it seems this is a somewhat recent regression of the fix in #173 . I believe `tr` would be a more cross-platform way to do this, and several sources (including the author of that PR) would seem to agree - assuming the newline is now necessary.
It doesn't appear to matter what order the newline replacement happens amongst all the other replacements, so I have placed it first simply to avoid extending any already-long lines. Please correct me if this deduction is false.
2016-07-11 13:35:55 +01:00
Dirk Wetter
018468a670
more user friendly...
2016-07-09 14:24:38 +02:00
David Cooper
f216cbe61f
Merge branch 'master' into version_negotiation
2016-07-08 09:39:12 -04:00
David Cooper
02a39e4859
Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2
2016-07-08 09:38:06 -04:00
David Cooper
788042ba37
Merge branch 'master' into more_sslv2_sslv3_fixes
2016-07-08 09:35:52 -04:00
Dirk
eb58598ca5
make it public, see #122
2016-07-08 11:40:17 +02:00
Dirk
af4117aa7a
FIX #404
2016-07-08 11:25:41 +02:00
Dirk
8c11334030
FIX #405
2016-07-08 11:15:41 +02:00
Dirk Wetter
57bf01a360
Merge pull request #402 from dcooper16/poodle
...
Check for all CBC ciphers in Poodle test
2016-07-08 10:04:49 +02:00
Dirk Wetter
9c92a866e0
Update Readme.md
2016-07-08 08:04:58 +02:00
Dirk Wetter
345087c3a4
Merge pull request #403 from teward/patch-1
...
Missing closing parenteses in help output for --openssl
2016-07-06 20:45:45 +02:00
Thomas Ward
de05711e5a
Fix grammar issue in help output for --openssl
...
Missing a closing parentheses `)`.
2016-07-06 14:23:32 -04:00
David Cooper
ec6c0ce605
Check for all CBC ciphers in Poodle test
...
This PR should address issue #399 .
I created the list of ciphers using the CIPHERS_BY_STRENGTH file from PR #373 , making a list of all ciphers that had "CBC" in the RFC name and for which I had been able to find a corresponding OpenSSL name. Then, since that list contained more than 128 ciphers, I removed any ciphers from the list where the name ended in "-SHA256" or "-SHA384", as it is my understanding that those ciphers can only be used with TLS 1.2.
2016-07-06 10:52:54 -04:00
Frank Breedijk
02fb4ef9ca
Debug begone
2016-07-06 00:12:48 +02:00
Frank Breedijk
845e6c13a3
And we have unit tests too (and found some bugs in the process)
2016-07-05 23:55:19 +02:00
Frank Breedijk
95e42b2fdf
Better displaying of findings
2016-07-05 23:33:20 +02:00
Frank Breedijk
5ea49c1433
Merge branch 'master' of https://github.com/drwetter/testssl.sh into feature/ca-pinning
2016-07-05 18:15:46 +02:00
Frank Breedijk
07f91a54bf
Fixed the encoding for root/intermediate CAs now.
2016-07-05 18:10:36 +02:00
David Cooper
b6accbe737
Merge branch 'master' into version_negotiation
2016-07-05 10:24:53 -04:00
David Cooper
1102ef324c
Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2
2016-07-05 10:23:13 -04:00
David Cooper
6ec00c33db
Merge branch 'master' into more_sslv2_sslv3_fixes
...
Conflicts:
testssl.sh
2016-07-05 10:19:53 -04:00
Dirk
0217992553
fixed error where an URI in X509v3 Issuer Alternative Name was displayed and an URI in SAN
2016-07-05 00:08:51 +02:00
Dirk
d2f2dab7fb
fix regression lf in CN
2016-07-05 00:02:34 +02:00
Dirk
2bba19360f
see #401 , part 2
2016-07-04 23:52:52 +02:00
Dirk Wetter
251e3f9a3b
Merge pull request #371 from dcooper16/fix_issue_276
...
Fix issue #276
2016-07-04 23:25:13 +02:00
Dirk
0b5705fff4
FIX #258 , FIX #398
...
partly addressed: #246
2016-07-04 23:05:12 +02:00
Frank Breedijk
e280cac2af
Without bash-bsd check
2016-07-04 17:30:32 +02:00
Frank Breedijk
4efb6531c2
Merge branch 'master' of https://github.com/drwetter/testssl.sh into issues/258
2016-07-04 17:28:06 +02:00
Frank Breedijk
3049425740
Checks for CA and intermediate pins too. Need to clean up output and write unit tests
2016-07-04 17:25:48 +02:00
Frank Breedijk
a648470988
Not done yet, but the basic code is working
2016-07-04 17:21:24 +02:00
Dirk
f01bff973a
renamed function, better banner for logging
2016-07-04 13:59:39 +02:00
Dirk
491a03233b
updating neat_list() to be faster and more compatible to openssl 1.1.0 with new chacha/poly ciphers
2016-07-03 22:35:21 +02:00
Dirk
d5242c255e
FIX #384
2016-07-03 21:45:49 +02:00
Frank Breedijk
946506f3ac
This Fixes #258 - Checks if /dev/fd is mounted on FreeBSD
2016-07-03 19:52:48 +02:00
Dirk
37b33c9d79
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-07-01 18:26:20 +02:00
Dirk
32f249b0c2
enabling sockets for client testing per default #375
2016-07-01 18:26:05 +02:00
Dirk Wetter
0d2797e5a0
travis ci icon
2016-07-01 14:58:54 +02:00
Dirk
1e9863823c
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-07-01 12:04:21 +02:00
Dirk
2362cd8745
wording for GOST sig algos and keys
2016-07-01 12:03:46 +02:00