Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-02 22:48:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,274 Commits 16 Branches 37 Tags
6a5a69fcfd24d9a8e5ea0c30991fa673b2005e07
Commit Graph

5274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter 6a5a69fcfd Merge pull request #2978 from testssl/drwetter-patch-1 
Polish
 2025-12-20 23:24:50 +01:00
Dirk Wetter f16e270e6a Polish 2025-12-20 23:24:15 +01:00
Dirk Wetter ee8055ef61 Merge pull request #2977 from testssl/drwetter-patch-1 
Add FAQ
 2025-12-20 23:19:59 +01:00
Dirk Wetter 1650b445ef Add FAQ 2025-12-20 23:19:22 +01:00
Dirk Wetter 4c27d8a8b9 Merge pull request #2975 from testssl/badges_patch 
Update badges
 2025-12-19 15:19:34 +01:00
Dirk Wetter 2274c6cd5b Merge pull request #2974 from testssl/robot_timeout_doc 
Add ROBOT_TIMEOUT to documentation
 2025-12-19 15:18:50 +01:00
Dirk bca823a0cc Update badges 
- sort them better
- add forks+stars
- remove gitter
 2025-12-19 15:17:07 +01:00
Dirk 3ac39032fa Add ROBOT_TIMEOUT to documentation 
Also
* remove VULN_THRESHLD from docs

Note: pandoc was a different version, so the roff output has different
encodings for different special chars.
 2025-12-19 15:07:40 +01:00
Dirk Wetter 61d0189f8f Merge pull request #2969 from testssl/mitigate_2083 
Mitigate inconsistent test results for ROBOT
 2025-12-19 13:59:48 +01:00
Dirk Wetter 6cd5b4364c Merge branch '3.3dev' into mitigate_2083 2025-12-15 13:13:50 +01:00
Dirk Wetter 28baa6be44 Merge pull request #2968 from testssl/fix_missing_vulnHeadline 
ROBOT is also a vulnerability
 2025-12-15 13:12:56 +01:00
Dirk Wetter 81f25a6674 Mitigate inconsistent test results for ROBOT 
As reported a longer while back in #2083 there were trailing bytes
when receiving a TLS alert by the ROBOT check.

This PR corrects and thus normalizes the length of the TLS alert message to the
correct value, supposed the length in the TLS alart is two bytes and it is an
TLS alert.

Also this PR now uses a separate variable for the timeout. In 2ce0110e the timeout
was changed by mistake as MAX_WAITSOCK was reduced from 10 to 5. For this check it
is still 5 which seemed fine (TBC). Using a separate global variable however may offer
some possibility for tuning the check when the latency to the target is high.
 2025-12-15 12:52:41 +01:00
Dirk Wetter 51a35b0344 ROBOT is also a vulnerability 
We missed somehow to add in the big while loop to add the fact that
ROBOT is a vulnerability which become apparent with #2967.

This PR adds that.
 2025-12-15 11:44:42 +01:00
Dirk Wetter 08398b3ac2 Merge pull request #2967 from testssl/address_2943 
Remove underlined headline for each vulnerability
 2025-12-15 11:07:17 +01:00
Dirk Wetter 26e90d44c3 Remove underlined headline for each vulnerability 
This PR removes this legacy feature. There's a single
headline for vulnerabilties instead.

Fixes #2943.
 2025-12-14 21:24:30 +01:00
Dirk Wetter 3430bd97d2 Merge pull request #2965 from testssl/fix_2944 
Add missing LF after pwnkeys DB check
 2025-12-14 21:03:51 +01:00
Dirk Wetter eeb8e7dbf1 Add missing LF after pwnkeys DB check 
This fixes #2940 .
 2025-12-14 17:43:44 +01:00
Dirk Wetter 651ddc1876 Merge pull request #2963 from dcooper16/fix2959 
Fix #2959
 2025-12-13 15:37:16 +01:00
David 2b93c9e6bb Fix #2959 
This commit fixes #2959 by modifying TLS12_CIPHER, TLS12_CIPHER_2ND_TRY, and TLS12_CIPHER_3RD_TRY so that they each have 118 ciphers (including "00,ff"). It also modifies run_cipherlists(), run_server_defaults(), and run_beast() so that, when $SERVER_SIZE_LIMIT_BUG is true, no more than 125 ciphers are sent.
 2025-12-11 08:00:32 -08:00
Dirk Wetter 7a0b62e689 Merge pull request #2961 from testssl/fix_2960 
Label missing KEMs as LOW severity
 2025-12-09 12:43:05 +01:00
Dirk Wetter 03f43ecd68 Label missing KEMs as LOW severity 2025-12-09 10:15:50 +01:00
Dirk Wetter 1250d6f853 Merge pull request #2958 from testssl/fix_early_data_empty 
Fix error when early data empty
 2025-11-29 22:38:18 +01:00
Dirk ece7bce138 Merge branch '3.3dev' into fix_early_data_empty 2025-11-29 20:55:56 +01:00
Dirk Wetter 2b73544efc Merge pull request #2954 from testssl/address_2952 
Address 2952
 2025-11-29 20:53:43 +01:00
Dirk Wetter 8ed4b4218c this may fix it 2025-11-29 18:43:00 +01:00
Dirk Wetter d92769d15c trying again to make Mac work 2025-11-29 13:45:00 +01:00
Dirk 17896a44a5 move unlink 2025-11-28 17:23:50 +01:00
Dirk 4bc0a5ccba Change back to google.com, avoid 0-RTT for Mac 
... as we can't make it to get proper results unless
on the laptop
 2025-11-28 16:26:25 +01:00
Dirk Wetter d3c33867d7 Rather try cloudflare... 
instead of google.com. Maybe google's edge server to github has
different configuration and thus has not 0-RTT.

On my Mac it worked fine before.
 2025-11-28 13:28:58 +01:00
Dirk 2b06c97f19 Add 0-RTT, more in line with other files 
... and simplyfied
 2025-11-28 03:20:10 +01:00
Dirk Wetter d648a0851d Fix error when early data empty 
This PR fixes an error when early data was empty
which caused testssl.sh to exit instead of marking
that there was no file returned.

Also it changes HEAD to GET as the latter is probably
more often supported.

There needs to be a unit test for 0-RTT / early data!
 2025-11-28 01:46:16 +01:00
Dirk b1d79b6d72 change style to be in line w others 2025-11-28 01:21:19 +01:00
Dirk 3a0a6eaf88 re-add $ 2025-11-27 22:17:54 +01:00
Dirk 7823699982 json and html unit tests more seamless 
- html_file / json_file
- file name comes in command, not earlier
- Both a title
- avoid fixed string for file names over and over
 2025-11-27 20:38:12 +01:00
Dirk 964e8924a4 define file var before using it 2025-11-27 19:45:39 +01:00
Dirk Wetter a4b6d1fca0 spellcheck 2025-11-27 18:49:12 +01:00
Dirk Wetter f3ebf0e971 Add autoflush thingy for MAcOS 2025-11-27 18:46:19 +01:00
Dirk Wetter 853da2a9de term pattern seems better than the "colorized list" 2025-11-27 18:39:52 +01:00
Dirk Wetter 3591f70a17 reorder lines 2025-11-27 18:31:43 +01:00
Dirk Wetter 8103a0e24d Make this work undeer MacOS 
- URI is now example.com bc Akamai doesn't block too many checks
  (MacOS runner was delayed and often hiccuped here)
- failed to flush message --prevention
- term pattern seems better than the "colorized list"
 2025-11-27 18:24:15 +01:00
Dirk Wetter 7e97fef030 remove LFs and comment 2025-11-27 18:22:48 +01:00
Dirk Wetter fc499cb67f Akamai keeps connection open (opossum check problem) 2025-11-27 18:21:26 +01:00
Dirk Wetter 0ef742a17a Just add comments, reorder lines 2025-11-27 17:44:31 +01:00
Dirk Wetter 4582bd8d73 Merge branch '3.3dev' into address_2952 2025-11-27 16:37:16 +01:00
Dirk Wetter 86700dbd7a Merge pull request #2957 from testssl/flush 
Try to remove the "failed to flush stdout" messages
 2025-11-27 16:34:40 +01:00
Dirk Wetter de6e92826a Add stdout flush 2025-11-27 14:23:27 +01:00
Dirk Wetter 5111804b75 Try to remove the "failed to flush stdout" messages 2025-11-25 00:23:13 +01:00
Dirk Wetter e8098fc1d2 fix remainder from old os definition 2025-11-24 12:03:03 +01:00
Dirk Wetter dd696bb871 Merge pull request #2955 from testssl/shellcheck_path_improvement 
No shellcheck in ./t/
 2025-11-24 11:20:18 +01:00
Dirk Wetter 92e0195118 No shellcheck in ./t/ 2025-11-24 11:19:13 +01:00