Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,163 Commits 17 Branches 35 Tags
6af53775075701b9c747d9e2da4050cb15d62367
Commit Graph

5163 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
6af5377507 Ignore MLKEMs for TLS 1.3 2025-10-08 23:15:49 +02:00
Dirk Wetter
f081db83e1 Update baseline 2025-10-08 23:14:54 +02:00
Dirk
a4b6ded123 Update basline scan for unit test 
This PR updates the baseline after switching to the new server.
 2025-10-08 10:03:19 +02:00
Dirk Wetter
3ece1e4b11 Merge pull request #2911 from testssl/early_data_preparation 
Define vars for early data
 2025-10-05 21:34:53 +02:00
Dirk Wetter
ffa1ffdbb3 fix syntax 2025-10-05 20:16:39 +02:00
Dirk Wetter
5b0b771c52 Define vars for early data 
It seems needed to introduce two variables for upcoming early data tests,
see #1186. This is not needed for OpenSSL as it introduced that
together with TLS 1.3. For LibreSSL it is though.
 2025-10-05 18:19:41 +02:00
Dirk Wetter
637ad03a36 Merge pull request #2904 from testssl/jdvorak001-fix_file_naming 
Jdvorak001 fix file naming
 2025-09-30 17:31:33 +02:00
Dirk Wetter
d6decc7f79 Merge pull request #2905 from testssl/fix_2884 
Consistency for function ciphers_by_strength()
 2025-09-30 15:53:34 +02:00
Dirk
78ecf53b67 Consistency for function ciphers_by_strength() 
* keys now always with v, like supportedciphers_TLSv1_2 and also
  ciphers (e.g. TLSv1.2   x35     AES256-SHA)
* add word "server" to file output so that it reads "NOT a server cipher order configured"

Fixes #2884
 2025-09-30 14:30:52 +02:00
Dirk
123684f554 make spellchecker and myself happy ;-) 2025-09-30 13:58:28 +02:00
Dirk
e8ab2c74e6 straighten global definitions in the very bottom 2025-09-30 13:56:25 +02:00
Dirk
1d6ddfb352 rename datetime_started 
.. to fname_date as it's more consitent with fname_prefix
 2025-09-30 13:35:08 +02:00
Jan Dvorak
e0009cf0cb Adapt variable naming (datetime_started now) 2025-09-26 12:18:44 +02:00
Jan Dvorak
67aba03a41 Use common datetime part when naming output files across all formats 
- the datetime is fetched just once
- it is then passed to the functions that start the output files, always as arg1
 2025-09-25 23:26:33 +02:00
Dirk Wetter
d66b67befe Merge pull request #2897 from dcooper16/fix2896 
Fix #2896
 2025-09-21 23:49:10 +02:00
David Cooper
41db430c46 Fix #2896 
This commit fixes #2896. This commit avoids modifying the ADDTL_CA_FILES environment variable, and instead substitutes spaces for commas whenever the variable is used.
 2025-09-21 13:23:55 -07:00
Dirk Wetter
97faadf425 Merge pull request #2894 from testssl/faq_update 
Restructure, load balancer issue, STARTTLS SMTP better explained
 2025-09-18 10:59:25 +02:00
Dirk Wetter
8dec13ba62 Update FAQ.md 2025-09-18 10:57:35 +02:00
Dirk Wetter
94f03a1f1f Merge pull request #2891 from testssl/fix_indentation_3.3dev 
Fix indentation @ Intermediate cert validity
 2025-09-16 19:52:42 +02:00
Dirk Wetter
75feb05a0c Fix indentation @ Intermediate cert validity 
... when there were two server and >1 intermediate CA certificates.
 2025-09-16 13:03:48 +02:00
Dirk Wetter
a90b2cfd4e Merge pull request #2886 from testssl/fix_http_age 
Fix garbled screen when HTTP Age is not a non-negative int
 2025-09-15 17:37:20 +02:00
Dirk Wetter
d08b54b5e1 Merge pull request #2882 from testssl/update_faq 
Additions to FAQ
 2025-09-15 17:37:07 +02:00
Dirk
52d24925e0 > was a problem 
trying to get it right in GiHub MD and retext
 2025-09-15 17:35:37 +02:00
Dirk
f36462b14a fix spell checking 2025-09-15 17:26:06 +02:00
Dirk
0b47f24bbd Add STARTTLS + rating amend paragraphs 
... and try to avoid "crypto"
 2025-09-15 17:20:54 +02:00
Dirk
ef82cd37be fix typo 2025-09-15 16:00:53 +02:00
Dirk
15ebceca84 Fix garbled screen when HTTP Age is not a non-negative int 
As suggested in https://github.com/testssl/testssl.sh/pull/2885 parsing
of the server determined HTTP age var wasn't strict enough.

https://www.rfc-editor.org/rfc/rfc7234#section-1.2.1 requires the
variable to be a non-negative integer but testssl.sh assumed it was
like that but did't check whether that really was the case. This was
labled as a (potential) security problem. Potential as it didn't
look exploitable after review -- the header as a whole was already
sanitized.

This PR fixes the typs confusion and the garbled screen by checking
the variable early in run_http_header() and reset it to NaN. That
will be used later in run_http_date() to raise a low severity finding.

Kudos to @Tristanhx for catching this and for the suggested PR.

Also, only when running in debug mode, this PR fixes that during
service_detection() parts of the not-yet-sanitized header ended
up on the screen. The fix just calls sanitze_http_header() for the
temporary variable $TMPFILE.
 2025-09-15 15:41:43 +02:00
Dirk Wetter
89a0d8d2c4 Micro additions 2025-09-03 10:51:55 +02:00
Dirk Wetter
e75ef95547 Merge pull request #2879 from testssl/newfaq 
Provide an FAQ
 2025-09-02 15:46:11 +02:00
Dirk Wetter
0d8150e088 add faq to changes 2025-09-02 15:43:28 +02:00
Dirk Wetter
b1a7c287e8 Include the FAQ 2025-09-02 15:40:54 +02:00
Dirk Wetter
08e6e4f1b5 typo / omitting few words 2025-09-02 15:31:38 +02:00
Dirk Wetter
d367575511 Start over with FAQ 
... see #2685
 2025-09-02 15:29:06 +02:00
Dirk Wetter
5d959c1860 Merge pull request #2877 from testssl/drwetter-patch-1 
Keep  feature_request.md up to date
 2025-09-01 16:38:40 +02:00
Dirk Wetter
1fd86b1854 Update feature_request.md 2025-09-01 16:36:59 +02:00
Dirk Wetter
b366d30b9e Merge pull request #2872 from testssl/dependabot/github_actions/actions/checkout-5 
Bump actions/checkout from 4 to 5
 2025-08-18 17:10:55 +02:00
dependabot[bot]
cce6124a92 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 11:44:32 +00:00
Dirk Wetter
de222f1241 Merge pull request #2870 from testssl/fraction_sleep 
wait_kill() is now 0.1 seconds
 2025-07-30 22:29:04 +02:00
Dirk Wetter
881ce7723e wait_kill() is now 0.1 seconds 
... which leads to a performance gain., most noteably on Macs.

All times when calling were re-adjusted.

Also:
* PROXY_WAIT was decrease to 10 seconds. 20 seemed just too much
* passed var to `starttls_just_read()` was simplyfied
 2025-07-30 18:34:37 +02:00
Dirk Wetter
8f036729ba Merge pull request #2868 from testssl/fix_MAX_SOCKET_FAIL 
Fix additional parameter in shouldwedo_ipv6()
 2025-07-30 15:14:53 +02:00
Dirk Wetter
bd2312ec0d Merge pull request #2869 from testssl/drwetter-patch-1 
Try badge for correct branch
 2025-07-30 12:58:14 +02:00
Dirk Wetter
ca8fdcca0e Try badge for correct branch 2025-07-30 12:57:19 +02:00
Dirk
279bc4ad91 Fix additional parameter in shouldwedo_ipv6() 
.... for connectivity_problem() which may block testssl.sh
 2025-07-30 12:53:13 +02:00
Dirk Wetter
f14e24533b Merge pull request #2867 from testssl/check_ipv6_in_background 
Exec IPv6 check in background
 2025-07-29 22:54:01 +02:00
Dirk
2ce0110eee Exec IPv6 check in background 
... as it can get stuck.

Also reduce MAX_WAITSOCK to 5 instead of 10.
 2025-07-29 15:36:23 +02:00
Dirk Wetter
8c1ade5e38 Merge pull request #2865 from testssl/drwetter-patch-3 
Modify OS bullet point + badge param
 2025-07-29 12:43:25 +02:00
Dirk Wetter
f64cef8871 typo 2025-07-29 12:43:00 +02:00
Dirk Wetter
8ff61c4898 Modify OS bullet point + badge param 2025-07-29 12:40:29 +02:00
Dirk Wetter
9e09d2cd58 Merge pull request #2863 from testssl/reliability_quic 
More reliability for QUIC test
 2025-07-28 19:03:04 +02:00
Dirk Wetter
31804ac424 Merge pull request #2857 from testssl/reliable_ut_host 
Pick another host for unit tests
 2025-07-28 16:37:16 +02:00