Commit Graph

121 Commits

Author SHA1 Message Date
Dirk ed087197fe Add docu for #2497 2024-05-24 14:00:59 +02:00
Maurizio S 51ab05e651
Update testssl.1.html 2024-01-20 11:49:56 +01:00
Maurizio S 55ef4c09fe
Update testssl.1.md 2024-01-20 11:49:50 +01:00
Dirk Wetter d46301e9f7 Deprecate --ssl-native 2023-10-03 15:51:58 +02:00
Jeroen Dekkers d5e3bc2e7a
Add --server-preference alias to documentation 2023-09-20 15:05:14 +02:00
Dirk d001bba86b Finalize DNS via Proxy
See #2328, original PR #2295 from @w4ntun .

Formally testssl.sh returned an error when it wasn't not possible to determine IP
addresses through DNS resolution, even if --proxy and --ip=proxy flags are set.
The main function always tried to determine IP addresses via DNS and exits with
a fatal error if it cannot do it. Although the client cannot get the IP, the
proxy could, so the SSL/TLS analysis is still possible.

This PR allows the analysis for an HTTP service via a proxy server and the DNS
traffic can be sent directly or through the proxy using the flag --ip=proxy.

ATTENTION: This may be a breaking change for those who don't have a local resolver.
They now have to add --ip=proxy.

In addition:
* help() was amended to add --ip=proxy (was only in the ~i/doc dir before)
* amending ~/doc dir to document it's better to add --nodns=min when there's
  no local resolver
2023-03-21 19:40:40 +01:00
David Cooper b661f7b8d3 Update documentation for cipherlists tests
The sets of cipher lists checked by `run_cipherslists()` changed in 3.1dev, but the documentation was not updated.
2023-02-03 11:24:04 -08:00
Dirk fe010c87d2 Fix makefile
* add title
* feature to just rebuild html and roff with force target
2022-04-01 15:08:55 +02:00
Dirk 83d4075465 fixes for roff and html 2022-04-01 14:45:48 +02:00
Dirk 28085e5ec9 Implement fixes in documentation from #2074
kudos @k0lter

* numbering
* some ticks / backticks

For now I left the html and roff files like they were. That should be reconsidered
later.
2022-04-01 13:12:02 +02:00
Dirk Wetter 05d94fa019 Update documentation
* remove hint that LDAP only works with STARTTLS
* Add the relevant LDAP RFC for STARTTLS
* Amend with sieve RFC
* Correct numbering order of RFC section
2022-04-01 12:49:53 +02:00
Emmanuel Bouthenot bb48778fb3 Remove unused $PANDOCFLAGS in doc Makefile 2022-01-07 22:23:21 +01:00
Emmanuel Bouthenot dc8f7d9b9e Switch doc build process to pandoc using a Makefile 2022-01-06 23:21:43 +01:00
Dirk Wetter 1012a28958
again wide screen mode for HTML
see discussion on #2072
2021-12-27 17:09:59 +01:00
Emmanuel Bouthenot 6e050a780d Update doc for (manage)sieve protocol when used with STARTTLS 2021-12-20 17:20:01 +01:00
David Cooper 8b129577a7
Update testssl.1.md
testssl.1.md included '.SS "SINGLE CHECK OPTIONS"', which belongs in testssl.1, but not in testssl.1.md. This commit removes this extra line.
2021-09-30 14:09:17 -04:00
Dimitri Papadopoulos fcb282e3c3
Typos found by codespell
Run codespell in CI
2021-09-14 13:33:39 +02:00
Dirk 15cfd849fe Replace --standard by --categories 2021-09-09 22:07:44 +02:00
Dirk 739f45015f Fix minor inconsistency in description of cipher categories
A longer while back the section ~ "Testing standard ciphers" was
renamed to "Testing cipher categories". However the internal help
didn't reflect that.

This fixes that, including an addtion to the documentation.

Note: the help still lists "-s --std, --standard" as a cmd line
switch.
2021-09-08 08:46:47 +02:00
a1346054 6782e2a3b9 Fix spelling 2021-09-04 12:39:03 +00:00
Dirk Wetter e1a43e6e16
Merge branch '3.1dev' into starttls_injection 2020-12-29 13:46:18 +01:00
tosticated 351f36c943 Changed parameter to --reqheader for custom HTTP headers. 2020-12-25 20:10:02 +01:00
tosticated c1a565fad8 Custom HTTP request headers support added. Addresses #1770 2020-12-22 22:33:25 +01:00
Dirk Wetter 5c5c4dcd58 Merge branch '3.1dev' into starttls_smtp_injection
Resolving conflicts because of do_winshock
2020-11-26 10:45:02 +01:00
Dirk Wetter 9d0744e229 Introducing --overwrite option
Sometimes it is needed to overwrite existing output files.
This has been requested in the past (#927). For safety reasons
it was not implemented.

However I realized that it could be useful. It requires some
responsible usage though.

Code added, help() and manpages added -- warnings added too.
2020-11-13 16:05:53 +01:00
Klaus Eisentraut d130d70e8b fix #1757: manpage: --c has one dash to much 2020-10-29 20:05:44 +01:00
Chad Brigance 4d6dba79e6 Update man pages and CHANGELOG 2020-10-19 07:32:41 +00:00
Dirk 7d8cf71a94 Further robustness check to winshock (#1719)
This commit adds

* a check for the elliptical curves
* and a check for TLS extensions

which will again reduces false positives.

Background:
* https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves
* https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions

Also:

* Docu phrased more precise (we're not checking ciphers and
  HTTP Server banner only
* As a last resort we also take 'Microsoft-HTTPAPI/2.0' as a server header on the HTTPS branch
  and query the HTTP branch for Microsoft-IIS/8.x.
* $EXPERIMENTAL overrides some banner and service related checks. So that e.g. SMTP servers can also
  be checked. Last but bot least ist's a vulnerability of the TLS stack.

For better debugging we'll keep the TLS extensions and offered curves in a file.
Also it adds a debug1() function which may be needed on other occasions.

Also the output is better coded as we put "check patches locally to confirm"
into a variable.

There's still room for improvement:

* More extensions (see https://raw.githubusercontent.com/cisco/joy/master/doc/using-joy-fingerprinting-00.pdf)
* We could need a separate determine_curves() function, see #1730 as otherwise
  we can't use the curves in a non-default run.
2020-09-22 13:04:18 +02:00
Dirk Wetter 1f8e65104c Add winshock to documentation 2020-09-08 22:08:05 +02:00
Dirk Wetter 35b79f65ee Add documentation for STARTTLS injection's cmd line flag
and also the modified one for ROBOT
2020-09-02 18:23:11 +02:00
Dirk Wetter ecc6cd8160 Allow dir with PEM files for --add-CA
Idea which popped up while following #1700
2020-08-18 21:52:59 +02:00
Dirk Wetter 1d954233bd Document is in utf-8
See #1701
2020-08-13 20:43:54 +02:00
Dirk Wetter 953e1bd0ff Phrase --version & friends as standalone
This PR fixes #1671.

Primarily there's now an additional case statement in the main while loop
which just calls fatal() when it detects --help -b --banner -v or --version.

The documentation was also updated to reflect that.

(Some grammar and other errors which I stumbled over were corrected too)
2020-08-13 20:41:57 +02:00
David Cooper 5b17bbcf87 Add RFC 8701 to list of RFCs
This commit adds RFC 8701 to the list of RFCs in the documentation.
2020-08-03 11:14:10 -04:00
David Cooper 57c4913260 Update GREASE reference
The GEASE Internet Draft is now RFC 8701. This commit updates the references.
2020-08-03 10:43:15 -04:00
a1346054 e6c5507b20
Fix grammar 2020-08-02 21:54:27 +00:00
a1346054 e8d2992add
Fix grammar 2020-08-02 21:48:15 +00:00
a1346054 5b44e43ec4
Fix grammar 2020-08-02 21:47:40 +00:00
Dirk Wetter 288223c707 Polish STARTTLS rating output
Moved the sentence ~i "A grade better than T would lead to a false sense of security"
to the documentation. No reason for excuses in the output. ;-) Explanation fits
better in the doc.

See also #1657
2020-06-25 20:47:51 +02:00
Dirk Wetter b2d41330e0 port typo fixes to html and roff doc 2020-06-25 13:05:47 +02:00
Magnus Larsen f647ae8264 Change to grade cap 2020-06-23 19:24:24 +02:00
Magnus Larsen 069c5ae917 Spelling 2020-06-22 19:16:20 +02:00
Magnus Larsen 2bff63b7db Add a comment about STARTTLS connections in the docs 2020-06-22 19:14:25 +02:00
Magnus Larsen 8b74d41487 unintended linebreak 2020-05-11 15:22:51 +02:00
Magnus Larsen 6119d8538e proper rating of dh group length 2020-05-11 15:20:16 +02:00
Unit 193 871db32fb5 Fix a couple typos.
enviroment → environment
ususally → usually
2020-05-08 22:48:20 -04:00
Dirk 908975380d Amendment to "Relax the possible GPL license contradiction"
fix it also in the man pages. See #1590 / #1593
2020-05-06 09:17:42 +02:00
Dirk 381fdfa985 Fix typo in docs: Strong grade Ciphers / AEAD 2020-05-02 19:49:01 +02:00
Dirk 0e6fb44bd3 add xmpp-server 2020-05-01 18:31:35 +02:00
Dirk Wetter 2b174821e4
Merge pull request #1575 from horazont/feature/xmpp-server
STARTTLS: add support for xmpp-server
2020-05-01 17:53:34 +02:00