Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-03 18:48:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
441 Commits 16 Branches 34 Tags
5d761196600c7b04bf947d1e7c4ee13bbb8366c5
Commit Graph

441 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
942ceb04d9 FIX "built on: reproducible build, date unspecified" problem 2015-07-06 20:33:05 +02:00
Dirk Wetter
0e1a7002b9 FIX "built on: reproducible build, date unspecified" problem 2015-07-06 20:22:45 +02:00
Dirk Wetter
c08baa94b3 * CHANGE: some tuning variable are now booleans (see help) 
* help() to reflect this
* cleanups
 2015-07-06 10:10:46 +02:00
Dirk
80e26a75ef * Warning if LibreSSL is used #126 
* FIX for screwed up output for fixed ciphers (FREAK, LOGJAM), see also #126
* GOST support now doesn't complain if MY confif file aleady exists (minor fix)
 2015-07-02 16:39:41 +02:00
Dirk
1186bf4229 - try to interpret server protocol (SMTP, FTP,...) handshake 2015-07-01 19:50:38 +02:00
Dirk
39a0da31e5 - echo host:port 2015-07-01 19:48:33 +02:00
Dirk
d44cff9a81 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-07-01 18:51:18 +02:00
Dirk Wetter
c2f8e23441 Rename ccs-injection.sh to ccs-injection.bash 2015-07-01 18:50:45 +02:00
Dirk
21119d6d01 works also for nntp,ftp,imap,pop,xmpp +starttls now 2015-07-01 13:01:16 +02:00
Dirk
83dc3f707f - works now also for SMTP+STARTTLS 2015-07-01 10:16:01 +02:00
Dirk Wetter
bfdc95f3dc Rename bash-heartbleed.changelog.txt to heartbleed.bash.changelog.txt 2015-07-01 10:12:03 +02:00
Dirk Wetter
4363229a01 Rename bash-heartbleed.sh to heartbleed.bash 2015-07-01 10:11:20 +02:00
Dirk Wetter
0bd46058a1 Update Readme.md 2015-06-29 23:46:39 +02:00
Dirk Wetter
31431a62cf Update Readme.md 2015-06-29 23:37:18 +02:00
Dirk
b797ebaba2 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-29 23:35:05 +02:00
Dirk
24cdfded56 see #124 (John more to the top though) 2015-06-29 23:31:51 +02:00
Dirk
5acfc93d79 * couple of checks for new proxy option from John Newbigin #124 
* minor cleanups for #124
 2015-06-29 23:28:37 +02:00
Dirk
ddd680ac93 * merge #124 from jnewbigin 
* fix my run time error
 2015-06-29 22:29:15 +02:00
Dirk
15a672b521 * assertion vs. condition fixed 2015-06-29 10:41:56 +02:00
Dirk Wetter
b2ebd7640d Update Readme.md 2015-06-28 14:05:25 +02:00
Dirk
93f5b8216d * FIX #125 
* beautified some code / function names
 2015-06-28 13:52:42 +02:00
Dirk
5d78c9421f * first tls_low_byte is now always 01 in TLS 1.0 --> TLS 1.2 (see openssl) 
* removing TLS 1.2 check from sockets as IIS has a problem with it
 2015-06-24 11:08:09 +02:00
Dirk
e121f944e9 * FIX: added missed downgrade (ret=2) in socket protcol check 
* resorted helper functions to top
* cleanups (ok, renamed some functions)
 2015-06-23 21:54:47 +02:00
Dirk
b575710634 * FIX in --ip=one 
* straighthen help()
* FIX ret value for no response in parse_tls_serverhello
 2015-06-23 12:58:40 +02:00
Dirk
ae8f998f8f * help corrected, -e is standard 2015-06-23 07:56:56 +02:00
Dirk
a6c5a2af0d * handshake works now with SNI 2015-06-22 23:19:08 +02:00
Dirk
d3c793e6bc * help without <> now and | 
* socket SNI issue: As it turns out Apache 2.2/2.4 is not behaving according to https://tools.ietf.org/html/rfc6066#section-3
   .
 2015-06-22 18:32:40 +02:00
Dirk
58a6f501b5 - better addressed no clear fallback repsonses, see #121 2015-06-20 19:36:11 +02:00
Dirk
633cdc209b - NEW: IP address detection now in HTTP header 
- NEW: Varnish and Squid header detected
- NEW: option --ip=one is a shortcut and means just test the first ip
- CSP Report-Only in security headers
- New: Varnish and Squid header detected, OWA header
- all single tests in bold now
- no support for TLS 1.2 spits out "NOT ok" as it is not ok
- Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings
- http-date is now in http header(), tls_time in server_defaults()
- http header reply is indented to same row as server defaults
- http status code is displayed clearly now
- BUGFIX: IPv6 address wasn't displayed
- cleanup
- application banner now in two lines if needed
- try a second time to get a http header if first one fails
- fix: case where % sign in ip address made prinf hiccup (sanitized)
- fix: $url was in some functions empty
- fixed bug where some headers were displayed twice
 2015-06-19 20:36:32 +02:00
Dirk
59299ce9e1 - FIX #119 (sed -E fails for old sed versions) 
- std_cipherlists tuned
- fix for selfsigned certs (missed sometimes because of trailing space)
 2015-06-17 11:33:29 +02:00
Dirk
06899f3cbf - introduced Reverse Proxy header 
- FIX for OWA header
- beautfied some header funcs
- fixed GET_REQ1?/HEAD_REQ1?
 2015-06-16 23:00:47 +02:00
Dirk
478b8afac7 FIX: bail out better if $NODE doesn't resolve 
cipher lists now wth plural ending
added Liferay-Portal + X-OWA-Version for application banner
new http_header (still leaving old one in)
readability improvements
 2015-06-16 19:53:40 +02:00
Dirk
e16ccd06b6 - testing all IP addresses of a node works now (refactoring of parse_hn_port into three functions) FIX #96 
- SNI is unset if STARTTLS is set
- some BSD fixes (sed)
 2015-06-16 14:04:44 +02:00
Dirk
ac92ffb3c2 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-15 12:13:45 +02:00
Dirk
4432faf497 "--ip" works now (see help) 
little cleanups
 2015-06-15 12:13:16 +02:00
Dirk Wetter
3ca2b4d8a1 Update Readme.md 2015-06-15 11:29:05 +02:00
Dirk
46c43ee53f Merge branch 'master' of github.com:drwetter/testssl.sh 2015-06-11 21:41:53 +02:00
Dirk
a98b67013a FIX #116 
CRIME is lightred/litegreen as it is not that bad as ccs or heartbleed
 resorted some functions
 2015-06-11 21:41:25 +02:00
Dirk Wetter
7be69786b8 Update Readme.md 2015-06-11 19:32:14 +02:00
Dirk
bdff6ba1bd - TLS_FALLBACK* was missing in the help #22 #118 2015-06-11 18:46:22 +02:00
Dirk
f9e4526f70 - polish of #118 
- FIX #22
 2015-06-11 18:33:06 +02:00
Dirk Wetter
c39b69a45f Merge pull request #118 from JonnyHightower/master 
Added a check for TLS_FALLBACK_SCSV
 2015-06-11 18:30:07 +02:00
JonnyHightower
dc548f1cfc Added check for TLS_FALLBACK_SCSV support in local OpenSSL binary. 
In TLS_FALLBACK_SCSV check, added unique socket address to temporary
file name in order to support multiple simultaneous instances.
 2015-06-10 17:38:39 +01:00
Dirk
8acc17b4bc - ease of making openssl binary with make-openssl.sh 
- Hint where the Readme is
- removal of old binaries
 2015-06-10 08:15:28 +02:00
JonnyHightower
0e36255fb9 Added a check for TLS_FALLBACK_SCSV 2015-06-08 17:19:34 +01:00
Dirk
0f5c4981cb - more or less desperate try to figure out the real installation path (and find the mapping file) 
- help extended (equal sign, logjam)
 2015-06-02 22:13:19 +02:00
Dirk Wetter
312b02ac63 Merge pull request #117 from teward/patch-1 
Update OpenSSL reqs - LOGJAM checks need 1.0.2+
 2015-06-02 18:09:19 +02:00
Thomas Ward
266874daeb Expand the OpenSSL 1.0.2 reqs/benefits. 2015-06-02 11:59:17 -04:00
Thomas Ward
03d8ba9b81 Update OpenSSL reqs - LOGJAM checks need 1.0.2+ 
To effectively analyze the LOGJAM risks, and to display the bitstrength on the DH/ECDH negotiated ciphers, OpenSSL 1.0.2+ is needed.  With anything under 1.0.2 (and greater than 1.0.0), the bitstrengths are not displayed as OpenSSL is 'too old' (as referred to in the script itself when 1.0.2 is newer than what's available).

I suggest that we keep a note that >= 1.0.2 is needed for LOGJAM checks.
 2015-06-02 11:57:11 -04:00
Dirk
4081b2eef4 - wrong arg for dirname ($1) 2015-06-02 15:59:17 +02:00