1199 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Dirk Wetter	10b3e7db55	Merge pull request #471 from nachtgeist/issue-467 ... quote argument for s_client's -nextprotoneg parameter	2016-09-14 07:24:29 +02:00
Daniel Reichelt	2a926609ca	quote argument for s_client's -nextprotoneg parameter ... The argument to -nextprotoneg is provided in sometimes empty an unquoted variables. Because of the missing quotes, the next word on the line "-status" gets parsed as "-nextprotoneg"'s argument instead of enabling the OCSP status check. This fixes #467.	2016-09-13 21:22:35 +02:00
Dirk	cca1b49890	- fixing wrong cipher order for URL=ipaddress	2016-09-12 21:54:51 +02:00
Dirk Wetter	4158372ab7	Merge pull request #468 from knweiss/referenced_but_not_assigned ... compare_server_name_to_cert(): Fix unassigned vars.	2016-09-12 16:51:34 +02:00
Dirk Wetter	93c240278a	Merge pull request #469 from knweiss/referenced_but_not_assigned2 ... certificate_info(): Fix unassigned variable.	2016-09-12 16:49:33 +02:00
Karsten Weiss	b9d9a909b1	certificate_info(): Fix unassigned variable. ... Fix referenced but not assigned variable 'sign_algo'. In testssl.sh line 4309: fileout "${json_prefix}algorithm" "DEBUG" "Signature Algorithm: $sign_algo" ^-- SC2154: sign_algo is referenced but not assigned. Found by ShellCheck.	2016-09-12 16:20:05 +02:00
Karsten Weiss	7dbbe42ea0	compare_server_name_to_cert(): Fix unassigned vars. ... Two instances of referenced but not assigned variables ('req' instead of 'ret'). In testssl.sh line 4130: if [[ $req -eq 0 ]]; then ^-- SC2154: req is referenced but not assigned. Found by ShellCheck.	2016-09-12 16:12:18 +02:00
Dirk	f0132dcb7f	stringer usabiliy warning for SHA1 + HTTP	2016-09-07 21:34:27 +02:00
David Cooper	7932d34fda	Updates to cipher suite table ... Changed `Enc=CHACHA20/POLY1305(256)` to `Enc=ChaCha20(256)` and `Enc=GOST-28178-89-CNT(256)` to `Enc=GOST(256)` in order to shorten the names that are printed, so that they fit in the allocated column. Added the four experimental post-quantum cipher suites mentioned in #462.	2016-09-06 14:47:20 -04:00
David Cooper	3b3d16849d	Merge branch 'master' into remove_sockread ... Conflicts: testssl.sh	2016-09-06 11:38:54 -04:00
David Cooper	950b39122e	Merge branch 'master' into openss2rfc_rfc2openssl	2016-09-06 10:34:53 -04:00
Dirk	d1cc7b3755	FIX #426	2016-09-06 08:32:05 +02:00
Dirk	c00c98caa2	warning for SHA1 sig algo and web servers	2016-09-05 10:01:46 +02:00
David Cooper	44c37e3177	Merge branch 'master' into remove_sockread	2016-09-02 10:50:28 -04:00
David Cooper	f17a09e1d9	Merge branch 'master' into openss2rfc_rfc2openssl	2016-09-02 10:47:36 -04:00
Dirk Wetter	228296e175	Merge pull request #290 from andreild/issue-289-domain-resolution-etc-hosts ... Fix #289 - the grep that decides whether a domain is a local address …	2016-09-02 15:38:28 +02:00
Dirk Wetter	fdcdad3faa	Merge pull request #345 from dcooper16/more_sslv2_sslv3_fixes ... More SSLv2 (and SSLv3) related fixes	2016-09-02 09:06:52 +02:00
Dirk Wetter	caec8029f2	Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI ... Fix tls_sockets() when SNI empty	2016-09-02 08:50:35 +02:00
David Cooper	a9002ba6e6	Fix tls_sockets() when SNI empty ... `socksend_tls_clienthello()` always includes a server name extension in the ClientHello (for TLS 1.0 and above), even if `$SNI` is empty. If `$NODE` is an IP address, then the IP address is placed in the extension, even though RFC 6066 says that only DNS names are supported in the extension. This PR changes `socksend_tls_clienthello()` so that the server name extension is only included in the ClientHello is `$SNI` is not empty.	2016-09-01 13:22:39 -04:00
Dirk	2313aee22d	fix for previously borken HPKP_MIN value	2016-09-01 19:09:12 +02:00
Dirk	1c53160348	ups ;-)	2016-09-01 19:04:47 +02:00
David Cooper	305c8c0063	Merge branch 'master' into remove_sockread	2016-09-01 10:57:43 -04:00
David Cooper	59d4acec11	Merge branch 'master' into more_sslv2_sslv3_fixes	2016-09-01 10:56:57 -04:00
David Cooper	e10d256ae6	Merge branch 'master' into openss2rfc_rfc2openssl	2016-09-01 10:55:29 -04:00
Dirk	d665f69c72	fix #436	2016-09-01 12:42:56 +02:00
David Cooper	9ef0d1f4ea	20 lines is 320 bytes, not 160	2016-08-31 17:07:53 -04:00
David Cooper	a2f968d4ad	Undo changed behavior for CCS	2016-08-31 17:03:50 -04:00
David Cooper	d9578bb975	Merge branch 'master' into remove_sockread	2016-08-31 17:02:18 -04:00
Dirk Wetter	2613d20375	Merge pull request #460 from dcooper16/certificate_info ... Display SNI information in "Server Certificate" line	2016-08-31 18:26:45 +02:00
David Cooper	e79e980336	Display SNI information in "Server Certificate" line ... This PR is an attempt to address issue #447. If more than one certificate is being displayed, then a parenthetical saying "(in response to request w/o SNI)" is added for any certificate that was obtained using `$SNI=""`. In addition, if the certificate was obtained without SNI, then `certificate_info()` doesn't call `$OPENSSL s_client` in order to obtain the non-SNI host certificate and it does not display a separate "Trust (hostname)" finding for the non-SNI certificate.	2016-08-30 15:22:46 -04:00
David Cooper	1b548cee10	Follow https://github.com/Tripwire/OpenSSL-CCS-Inject-Test ... Attempt to rewrite `run_ccs_injection()` to follow the logic from https://github.com/Tripwire/OpenSSL-CCS-Inject-Test.	2016-08-30 11:38:43 -04:00
David Cooper	f88ad58e72	Merge branch 'master' into openss2rfc_rfc2openssl	2016-08-29 15:03:35 -04:00
David Cooper	6e6fdf6410	Merge branch 'master' into more_sslv2_sslv3_fixes	2016-08-29 15:02:40 -04:00
David Cooper	9bcf232f0f	Check for empty byte6	2016-08-29 14:10:16 -04:00
David Cooper	3dc8754a0e	Merge branch 'master' into remove_sockread	2016-08-29 14:07:43 -04:00
Dirk Wetter	ba1ea6dcba	Merge pull request #455 from dcooper16/unsupported_purpose ... Output correct error for unsupported certificate purpose	2016-08-29 17:39:00 +02:00
David Cooper	957225595f	Merge branch 'master' into unsupported_purpose	2016-08-29 10:17:27 -04:00
David Cooper	2abf6fc7c7	Fix merge	2016-08-29 10:14:21 -04:00
David Cooper	dea2b1a761	Merge branch 'master' into remove_sockread ... Conflicts: testssl.sh	2016-08-29 10:05:01 -04:00
David Cooper	01391e318a	Merge branch 'master' into openss2rfc_rfc2openssl	2016-08-29 10:00:18 -04:00
David Cooper	97b8dd1959	Merge branch 'master' into more_sslv2_sslv3_fixes ... Conflicts: testssl.sh	2016-08-29 09:57:36 -04:00
Dirk	f5792a1e8d	1st important fixes ;-)	2016-08-28 21:43:48 +02:00
Dirk	54a66b9d88	- minor output fixes ... - removed "experimental" from TLS_FALLBACK_SCSV + DROWN - bumped up version to rc2	2016-08-28 21:41:30 +02:00
Dirk Wetter	1e5b619a19	Merge pull request #427 from dcooper16/server_preference_sslv2_fixes ... SSLv2 fixes for server preference	2016-08-28 19:15:22 +02:00
Dirk Wetter	dbb7d6f4be	Merge pull request #444 from dcooper16/sslv2_sockets ... Move printing of results out of sslv2_sockets()	2016-08-28 18:27:29 +02:00
Dirk Wetter	f4d9a638ba	Merge pull request #449 from dcooper16/poodle_no_ssl3 ... Warning on Poodle test when no local SSLv3 support	2016-08-28 18:10:50 +02:00
Dirk Wetter	a76e67cbbe	Merge pull request #450 from dcooper16/determine_optimal_proto_fix ... Fix SSLv2-only test in determine_optimal_proto()	2016-08-28 18:08:01 +02:00
Dirk Wetter	1d83e220bf	Merge pull request #456 from dcooper16/dh_keys ... Support DH server keys	2016-08-28 18:04:22 +02:00
Dirk Wetter	8da00a8025	Merge pull request #445 from dcooper16/devel_option ... Fix "--devel" with SSLv2	2016-08-28 18:03:17 +02:00
Dirk Wetter	dfa0cfd0b4	Merge pull request #453 from dcooper16/no_ssl2 ... OpenSSL 1.1.0 doesn't have "-no_ssl2" option	2016-08-28 17:58:56 +02:00