Dirk
76902af3b8
update hashes
2024-07-23 11:35:49 +02:00
Dirk
69c1a2fcb8
need to update hashes needs to be earlier
2024-07-23 11:35:16 +02:00
Dirk
778aab0241
dos2unix
2024-07-23 11:34:38 +02:00
Dirk
95ed863ac0
update MS CA root store
2024-07-23 10:42:14 +02:00
Dirk
472eff85b1
Update Apple CA store
...
...and modify readme to reflect that the certificates are better to retrieve from GH
2024-07-22 17:08:18 +02:00
Dirk
3a9c0aa8ed
Update Truststores
...
- Mozilla: 2024-7-02
- Debian 12, ca-certificates from 20230311
- JDK 21.04
See also #2525
ToDo:
- Apple (https://opensource.apple.com/source/security_certificates/ doesnt exist anymore), github?
- MS
- Check old LE CA
- update hashes
- update Readme
2024-07-22 16:38:45 +02:00
Dirk
23c2b24c3d
MUST update hashes
2023-12-24 14:00:34 +01:00
Dirk
db175a8d51
Update of certificate stores
...
Mozilla: 2023-08-22
Debian 10
JDK 22
Windows 10 22H2, Patched until 2023-10
Apple: 2023-10
2023-10-09 22:08:48 +02:00
David Cooper
d0e1c4a8e7
Fix line endings in etc/curves-mapping.txt
...
The file etc/curves-mapping.txt currently has CRLF line endings and this seems to cause problems with git since .gitattributes now specifies LF line endings for .txt files. This commit changes the line endings for the file in order to (hopefully) prevent problems with git.
2023-07-03 08:50:23 -07:00
David Cooper
5002dd23b1
Add support for brainpool curves with TLS 1.3
...
This commit adds support for the curves brainpoolP256r1tls13, brainpoolP384r1tls13, and brainpoolP512r1tls13.
2023-03-28 08:53:20 -07:00
Dirk Wetter
aac696b0a0
Updated root CA stores
2023-03-17 18:06:57 +01:00
Dirk Wetter
6106887fdd
Update DST CA
2023-03-17 18:06:03 +01:00
Dirk Wetter
419aae3c98
updates docu to reflekt actual status
2023-03-17 18:05:24 +01:00
Dirk Wetter
12654b904b
Update README.md
2022-07-02 22:12:56 +02:00
Dirk
e217af0324
Remove the expired DST Root CA X3 cert from ...
...
Apple / Linux / Microsoft stores
2022-07-02 16:02:30 +02:00
Dirk
d79504ea8a
Reference to remove DST Root CA
2022-07-02 16:00:16 +02:00
Dirk
9f4a3b359c
add new stores
2022-07-02 15:59:00 +02:00
Dirk
fb2b4935ac
Java.pem from Oracle jdk-17.0.3.1
2022-07-01 22:01:36 +02:00
Dirk
dca2672d88
Apple.pem: picked from Internet (see etc/Readme.md)
2022-07-01 21:55:43 +02:00
Dirk
285eb60d45
add loop for Apple.pem
2022-07-01 21:51:25 +02:00
Dirk
f1003d62f8
fine tune instructions for Apple.pem
2022-07-01 21:45:02 +02:00
Dirk
8b580d1448
Update cert store: Linux + Mozilla
2022-07-01 21:32:38 +02:00
Dirk Wetter
c92a648391
Add LibreSSL from MacOS
2022-05-31 16:17:47 +02:00
Dirk Wetter
854028166d
Including AppleMail
2022-05-31 15:12:16 +02:00
Dirk Wetter
b274e3b858
correct openssl 3.0.3 data which made CI action fail
2022-05-31 14:32:47 +02:00
Dirk Wetter
a21a343c1c
disable Java 12 and Safari on OS X 10.12
2022-05-31 12:17:38 +02:00
Dirk Wetter
09432f0346
minor fix: italic markdown
2022-05-31 12:10:36 +02:00
Dirk Wetter
f90b473b32
Add Thunderbid 91.9 to hanshak simulation
2022-05-31 12:10:11 +02:00
Dirk Wetter
86158f0bdf
Firefox 100, Chrom and Edge 101 (Win10)
...
- disabled Opera (too old)
- disabled ATS 9 / iOS 9
- reenabled Android 8.1
2022-05-09 17:49:16 +02:00
Dirk Wetter
22d8cd3adf
Go client (1.17)
2022-05-06 10:06:03 +02:00
Dirk Wetter
cf79a19598
Add Android 11+12
2022-05-04 19:12:03 +02:00
Dirk Wetter
28e9ddeebd
Teating of FFDHE groups
...
* readded to the markdown
* readded to the clientsimulations for Java 12
2022-05-04 18:29:29 +02:00
Dirk Wetter
ac6f99fe1c
correct FFDHE groups
...
... so that they a recognized by ~/utils/hexstream2curves.sh
2022-05-04 17:44:33 +02:00
Dirk Wetter
c6491a3834
Correct spell checking error
...
and hint to missing ALPN
2022-05-04 15:56:25 +02:00
Dirk Wetter
415043865a
Add Java 17 LTS
...
plus
* amend documentation
* remove TLS 1.3 ciphers in ch_ciphers for consistency reasons
2022-05-04 15:46:36 +02:00
Dirk Wetter
52ed4181f9
Add SSLSocketClient in Java
...
Note this doesn't add alpn (same as openssl). See here https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html
if you want to add that.
This code is NOT GPLv2! It was taken from the Oracle web site which didn't list any license
(https://docs.oracle.com/javase/10/security/sample-code-illustrating-secure-socket-connection-client-and-server.htm ).
2022-05-04 15:39:32 +02:00
Dirk Wetter
d84492a75e
Update openssl 3.0.3
2022-05-04 14:32:04 +02:00
Dirk Wetter
cc7a88386d
Update documention how to add a client simulation
2022-05-04 12:38:12 +02:00
Dirk Wetter
03803cf0c9
Add Safari for macOS
2022-05-03 22:11:31 +02:00
David Cooper
50b09267d0
Try more ciphers
...
determine_optimal_sockets_params() makes two attempts to send a TLS 1.2 ClientHello, with each attempt trying 127 ciphers. However, this leaves 97 ciphers from etc/cipher-mapping.txt that are not tried, most of which use ARIA or CAMELLIA. This commit adds a third attempt a send a ClientHello that offers these 97 remaining ciphers. This helps to ensure that support for TLS 1.2 is detected and that later calls to tls_sockets() work, even if the server only supports the ARIA/CAMELLIA ciphers that are not included in TLS12_CIPHER or TLS12_CIPHER_2ND_TRY.
2022-04-18 11:53:28 -04:00
Miguel Jacq
905f801309
Remove the expired DST Root CA X3 cert from all trust stores, and ensure Mozilla's is up to date (fixes ISRG X1 alternate path)
...
Remove changes to Dockerfiles
Update hashes for CA trust stores
2021-10-02 08:05:56 +10:00
Dirk Wetter
2405176a26
Fix #1982 : Newer openssl.cnf break openssl detection
...
Newer configuration files from openssl may include statements
which aren't compatible with our supplied old openssl version.
This commit adds an autodetection of such a file and uses a
openssl.cnf provided by this project then.
2021-09-15 09:31:03 +02:00
Dimitri Papadopoulos
fcb282e3c3
Typos found by codespell
...
Run codespell in CI
2021-09-14 13:33:39 +02:00
a1346054
b1f5c6c9af
Trim excess whitespace
2021-09-04 13:28:30 +00:00
a1346054
54dcecd184
Make text file not executable
2021-09-03 22:19:39 +00:00
Alexander Troost
7029ada0ba
fixing typo in md file
2020-11-28 14:06:26 +01:00
Alexander Troost
57ffe08dd4
Adding a hex2curves util.
2020-11-28 14:04:00 +01:00
Dirk Wetter
ce802634b6
Update remaining: Apple / Java / Microsoft
...
* also ca_hashes.txt
* Used Java SDK 15 instead of JRE 8
* Used Windows 20H2
* Java Keystore has added 5 certificates (90 --> 95)
Updated Readme and make it more reproducible
2020-11-13 22:01:17 +01:00
Dirk Wetter
33ea2c710c
updated Linux.pem + Mozilla.pem
2020-11-11 18:15:56 +01:00
David Cooper
851cd564e6
Check for bad OCSP intermediate certificates
...
This commit checks whether any intermediate certificates provided by the server include an extended key usage extension that asserts the OCSP Signing key purpose.
This commit replaces #1680 , which checks for such certificates by comparing the server's intermediate certificates against a fixed list of known bad certificates.
2020-07-15 11:56:20 -04:00