Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
957 Commits 17 Branches 35 Tags
535c37fbb3450d35a0e873ded730b55c4983185b
Commit Graph

957 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Cooper
b264714fd9 Add check of IP address 
compare_server_name_to_cert() now checks the DNS names and IP addresses in the subjectAltName extension for a match.
 2016-06-13 11:09:15 -04:00
David Cooper
0a1c4d565c Merge branch 'master' into fix_issue_276 2016-06-13 10:59:34 -04:00
Frank Breedijk
701545dbb6 Allow the file output feature and mass_test feature to work together 2016-06-13 15:35:56 +02:00
Dirk Wetter
88fd5c4e19 Merge pull request #381 from PeterMosmans/chachanaming 
Updated ChaCha20 cipher names
 2016-06-13 08:27:28 +02:00
Peter Mosmans
a06c71d915 Updated ChaCha20 cipher names 
See https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 (the latest version as of this writing is 04).
The previous version received the suffix _2013. See https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
 2016-06-13 10:34:04 +10:00
Dirk Wetter
1b7653e438 Update Readme.md 2016-06-11 09:08:51 +02:00
David Cooper
f84ebd99b5 Merge branch 'master' into fix_issue_276 2016-06-10 15:27:46 -04:00
Dirk Wetter
61a049ccf9 Merge pull request #380 from dcooper16/runallciphers128limit 
run_cipher_per_proto() 128-cipher limit
 2016-06-10 20:30:47 +02:00
David Cooper
8c86049848 run_cipher_per_proto() 128-cipher limit 
Ensure that neither run_allciphers() nor run_cipher_per_proto() sends a ClientHello with 128 or more cipher suites.
 2016-06-10 13:45:25 -04:00
David Cooper
189fe662f5 Merge branch 'master' into fix_issue_276 2016-06-09 10:17:49 -04:00
Dirk
adbb1932eb simplified cipher and protocol retrieval in 'Testing server preferences' 2016-06-09 15:56:53 +02:00
David Cooper
a46b6791db Merge branch 'master' into fix_issue_276 2016-06-09 09:29:40 -04:00
Dirk
d561687554 initial commit 2016-06-09 15:06:42 +02:00
Dirk
6b07b89946 - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Dirk
5ceace33e0 - FIX #189 with a smart check, introduced global var SERVER_SIZE_LIMIT_BUG 
- introduced "has_server_protocol()" which can be used to check b4 connecting if protocol is a/v
 2016-06-09 11:04:40 +02:00
Dirk
94d5a8df80 hint for new (etxernal) binaries 2016-06-09 00:06:11 +02:00
David Cooper
a224bb5068 Merge branch 'master' into fix_issue_276 2016-06-08 13:44:16 -04:00
Dirk Wetter
f754d67e74 Merge pull request #377 from dcooper16/curve25519 
Adding x25519 and x448 to ClientHello
 2016-06-08 17:32:28 +02:00
David Cooper
4750c3f0d5 Adding x25519 and x448 to ClientHello 
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
 2016-06-08 11:25:47 -04:00
David Cooper
eaad4c7dd8 Merge branch 'master' into fix_issue_276 2016-06-08 09:46:25 -04:00
Dirk Wetter
c929fba206 Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions 
More extensions in socksend_tls_clienthello()
 2016-06-08 10:39:17 +02:00
Dirk
022dbc687a Merge branch 'master' of github.com:drwetter/testssl.sh 2016-06-07 23:07:17 +02:00
Dirk
d858edca1b - filled PROTOS_OFFERED w sense 
- minor fixes for fileout
- introduced "fixme()"
 2016-06-07 23:06:58 +02:00
Dirk Wetter
1d051a24e0 Merge pull request #374 from dcooper16/CREDITS 
Update CREDITS.md
 2016-06-07 22:40:56 +02:00
David Cooper
fa866f6458 Update CREDITS.md 2016-06-07 14:23:33 -04:00
David Cooper
c13ae4a001 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-07 10:35:32 -04:00
David Cooper
a6d59b5380 Merge branch 'master' into fix_issue_276 2016-06-07 10:24:56 -04:00
Dirk
8ed6214b6f preliminary fix for #189 (SIZELMT_W_ARND=true needed) 2016-06-07 13:02:58 +02:00
Dirk
29072315e5 output correction for IPv6 and --ip=<addr 2016-06-07 09:08:48 +02:00
Dirk
6f4ba5bda7 - corrected handling of shortened warning periods for LE certs (dual certs were wrong) 
- (kind of) readded cert_key_algo in output
- smaller output fixes e.g. for GOST certificates
 2016-06-06 13:42:17 +02:00
Dirk Wetter
4668b9879a Update Readme.md 2016-06-04 19:17:10 +02:00
Dirk Wetter
efdcd805a9 Update Readme.md 2016-06-04 19:14:38 +02:00
Dirk Wetter
561cfa16fc - FIX #367 2016-06-02 21:31:24 +02:00
David Cooper
e8cc32af54 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-02 09:16:45 -04:00
David Cooper
fc6b5070af Merge branch 'master' into fix_issue_276 2016-06-02 09:08:24 -04:00
Dirk Wetter
6a9b0e01fc - polishing #366 and IPv6-related 2016-06-02 09:59:52 +02:00
Dirk Wetter
51f4c9ac9e Merge pull request #366 from typingArtist/365_fix_ipv6_handling 
drwetter#365 fix ipv6 handling
 2016-06-02 09:27:14 +02:00
David Cooper
6825c0b363 Allow for certificates with no subjectAltName extension 
While it seems that almost all certificates include a subjectAltName extension, need to allow for the possibility that the two certificates being compared don't have subjectAltName extensions.
 2016-06-01 16:20:10 -04:00
David Cooper
3bc0d6b45c Fix issue #276 
Here is my proposed change to fix issue #276.
 2016-06-01 15:57:40 -04:00
typingArtist
2c69e83f5b https://github.com/drwetter/testssl.sh/issues/365 add UNBRACKETED_IPV6 quirks option 
Since some OpenSSL binaries, namely Gentoo’s, don’t support bracketed
IPv6 addresses but unbracketed ones, specified as the -connect option,
the UNBRACKETED_IPV6 environment variable can be set to true for
disabling the automatic addition of brackets around IPv6 addresses on
such platforms.
 2016-05-27 20:11:47 +02:00
typingArtist
cf62353fc6 https://github.com/drwetter/testssl.sh/issues/365 ensure DNS PTR lookups use un-bracketed IPv6 address 
While standard OpenSSL requires the literal IPv6 address enclosed
in [brackets], standard DNS lookup tools don’t support the additional
characters. Before making reverse PTR lookups, these brackets have to
be removed from the IPv6 addresses.
 2016-05-27 19:54:23 +02:00
Dirk Wetter
1074c062c7 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-05-27 17:44:08 +02:00
Dirk Wetter
e1a8306286 - try to address #352 
- WARNING in fileout is MEDIUM now
- NOT ok for medium on screen squashed
 2016-05-27 17:43:45 +02:00
Dirk Wetter
1ecad208fe Update Readme.md 2016-05-26 18:03:07 +02:00
Dirk Wetter
6fb15e83fa global $OPENSSL_NR_CIPHERS 2016-05-26 12:56:55 +02:00
David Cooper
acc72a1daf Merge branch 'master' into socksend_tls_clienthello_extensions 2016-05-25 16:50:56 -04:00
Dirk Wetter
65193cdcee Merge pull request #361 from dcooper16/run_rc4_show_each_fix 
run_pfs() and run_rc4() show each fixes
 2016-05-24 23:47:23 +02:00
David Cooper
e0c147ec86 run_pfs() and run_rc4() show each fixes 
When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs().

In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect.

This PR fixes both issues.
 2016-05-24 13:57:47 -04:00
Dirk
5a03e96304 - consequently removed "NOT ok" for not-av of TLS 1.2 2016-05-23 22:42:40 +02:00
Dirk Wetter
bf17a17b70 - 3DES in standard cipher list is medium, thus "NOT ok" is too much (need for elegant general way for "medium") 
(see also https://www.keylength.com/en/8/)
 2016-05-23 18:56:05 +02:00