OpenSSL 3.X outputs a different error message than previous versions when $OPENSSL s_client -curves X ... is called with an unsupported curve. This was resulting in the check within find_openssl_binary() adding every curve to $OPENSSL_SUPPORTED_CURVES, even ones that were not supported. This commit changes to check in order to detect the new error message.
LibreSSL does not support the -nextprotoneg option. This commit enhances run_npn() to use tls_sockets() when $HAS_NPN is false, rather than reporting that the check can not be performed.
This commit fixes three lines of code that use Bash substring matching. In each case, a list of strings to match was enclosed in brackets. This resulted in a match if the string to test contained any character from any of the strings to match. This commit fixes the issue by removing the brackets.
(The bugs were introduced in b8e9b09ca7 and 8149c2d5cf)
Some versions of OpenSSL/LibreSSL do not support TLS 1.1 and earlier, either because they do not support the protocol (e.g, `$OEPNSSL s_client -tls1` results in a "unknown option" error) or because the cryptography needed to support these protocol versions (e.g., MD5/SHA1) is not available.
Given the limitations of some versions of $OPENSSL, this commit enhances ticketbleed testing in two ways. First, it performs the testing using the newest (non-TLS 1.3) version supported by the server, so that TLS 1 and TLS 1.1 aren't used unless TLS 1.2 is not supported. Second, it adds tests for whether the protocol version to be used is supported by $OPENSSL and for whether connection attempts were successful, rather than assuming connection attempts succeed.
.... by forbidding spaces in supplied CA files/directories
Also now we're sanitizing the cmd line parameter better using `safe_echo()`
See also #2647 .
For this anotehr variable needed to be passed to starttls_full_read()
via starttls_smtp_dialog, where the variable is defined.
Handling of the connection problem will occur at the calling level, fd_socket(),
so that in the future this can be extended if another STARTTLS problem signals
that we're too fast.
Fixes#2098.
When testing a TLS 1.3 host s_client_options used TLS 1.3 ciphers to test
for NPN. As that is not implemented we nee dto make sure any other version
is used.
This PR ensures that --after testing whether it's a TLS 1.3-only host
where this test doesn't make any sense in the first place.
Fix for #2633
In some cases OpenSSL returns an "unsupported" message rather than a "not found" message if X25519 and X448 are not supported. This commit changes the check for whether X5519 and X448 are supported for checking for either response.
This commit adds support for the three code points in draft-kwiatkowski-tls-ecdhe-mlkem and the code point 0x6399 from draft-tls-westerbaan-xyber768d00. The group 0x6399 uses a pre-standard version of Kyber and is considered obsolete.
Currently `compare_server_name_to_cert()` only indicates whether the server's host name matches a wildcard name in the certificate. So, it does not indicate if the certificate includes a wildcard name that does not match the server's host name. As a result, if a certificate includes the names "api.sub.example.tld" and "*.api.sub.example.tld," then a wildcard certificate warning will be issued for host names such as www.api.sub.example.tld, but not for api.sub.example.tld.
This commit changes `compare_server_name_to_cert()` to indicate whether the certificate is a wildcard certificate in addition to providing information about how the certificate matches the server's host name. Functions that use this function's response are then changed to extract the information they need (matching or wildcard) from the return value.
The server mentioned in #2615 has a bug, which results in it sending a handshake_failure alert rather than a successful connection if the signature_algorithms extension lists RSA+MD5 before one of the signature algorithms that it supports.
This commit works around this issue by reversing the order in which it lists the signature algorithms in the signature_algorithms extension, thus (generally) listing stronger options first.
This change should not affect the testing, except that it will result in the order of the supported signature algorithms being reversed in the output, if the server respects the client's preferences.
... to avoid redirects on the client side and to make repo migration better visible.
Also amend 'Status' and 'Contributing' in Readme.md. bluesky added, albeit mastodon
seems more interactive. Clarify twitter account is not in use anymore.
testssl.sh worked as expected.
Under the hood, broken pipes are expected as part of the fast loop exit
strategy that relies as little as possible on timeout detection.
But under the CI, testssl.sh output is garbled by the subshells stderr
outputs, catched for some reason by 'prove -v'.
Simply redirecting the stderr output of the offending command to
/dev/null fixes the problem.
This commit fixes#2599 by not wrapping fileout() messages in a "clientProblem" wrapper if TLS13_ONLY is set. The TLS13_ONLY flag being set is an indicator that fileout_banner() has already been called.
- Recover the "not vulnerable" case (no mitigation) printing, cosmetic
fix.
- With the removing of all s_client invocation other than the main loop
one, fix the init of the ERRFILE and TMPFILE: no need to append, no
need to remove, inconditionally zap the content before the loop.
In the wait loop, I was relying on a 1s sleep to eliminate a possible
late zero return value server close on the last attempt.
- do globaly one more harmless "for" iteration
and remove the sleep 1 for faster and more robust result
- correct the non HTTP case iteration value
- adjust the timeout to the conservative 6s in the non HTTP case,
for HTTP case it become 33s
- improve comments
