Commit Graph

4180 Commits

Author SHA1 Message Date
Dirk Wetter
730c758488
Merge pull request #2206 from drwetter/update_bug_report
Update bug_report.md
2022-08-02 13:28:56 +02:00
Dirk Wetter
8e6aa10e22
Merge pull request #2209 from drwetter/drwetter-patch-1
Update feature_request.md
2022-08-02 13:28:31 +02:00
Dirk Wetter
78423d3e7d
Update feature_request.md 2022-08-02 13:18:49 +02:00
Dirk Wetter
901f5712f1
Merge pull request #2207 from drwetter/fix_2203_rating
Address grading bug when --show-each is used
2022-08-02 13:08:45 +02:00
Dirk Wetter
4f38646523 Address grading bug when --show-each is used
This fixes #2203. When used -E with -9 and --show-each the grading wasn't
correct as all ciphers printed were included in the grading verdict instead
of just the ones available.
2022-08-02 10:44:41 +02:00
Dirk Wetter
ffd9129f8d
Update bug_report.md
fix missing char
2022-08-01 14:15:42 +02:00
Dirk Wetter
d929c1d833
Update bug_report.md 2022-08-01 14:14:11 +02:00
Dirk Wetter
4e0309cb99
Merge pull request #2205 from drwetter/dependabot/github_actions/docker/build-push-action-3.1.0
Bump docker/build-push-action from 3.0.0 to 3.1.0
2022-08-01 14:00:02 +02:00
dependabot[bot]
b10a96d96e
Bump docker/build-push-action from 3.0.0 to 3.1.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-20 00:25:25 +00:00
Dirk Wetter
88e80d2688
Merge pull request #2201 from drwetter/readme-patch
Update README.md
2022-07-02 22:13:06 +02:00
Dirk Wetter
12654b904b
Update README.md 2022-07-02 22:12:56 +02:00
Dirk Wetter
559049fa60
Merge pull request #2200 from drwetter/cert_update
Update cert stores
2022-07-02 22:11:24 +02:00
Dirk
e217af0324 Remove the expired DST Root CA X3 cert from ...
Apple / Linux / Microsoft stores
2022-07-02 16:02:30 +02:00
Dirk
d79504ea8a Reference to remove DST Root CA 2022-07-02 16:00:16 +02:00
Dirk
9f4a3b359c add new stores 2022-07-02 15:59:00 +02:00
Dirk
fb2b4935ac Java.pem from Oracle jdk-17.0.3.1 2022-07-01 22:01:36 +02:00
Dirk
dca2672d88 Apple.pem: picked from Internet (see etc/Readme.md) 2022-07-01 21:55:43 +02:00
Dirk
285eb60d45 add loop for Apple.pem 2022-07-01 21:51:25 +02:00
Dirk
f1003d62f8 fine tune instructions for Apple.pem 2022-07-01 21:45:02 +02:00
Dirk
8b580d1448 Update cert store: Linux + Mozilla 2022-07-01 21:32:38 +02:00
Dirk Wetter
153ce87982
Merge pull request #2194 from dcooper16/reorganize_ciphers_by_strength
Reorganize ciphers_by_strength()
2022-07-01 21:26:26 +02:00
David Cooper
564dd63efc Reorganize ciphers_by_strength()
This commit modifies ciphers_by_strength() and run_server_preference() so that the message indicating that ciphers are listed by strength is not printed until the list of supported ciphers has been determined. This is in support of #1311, as it will allow the message to be modified based on the set of supported ciphers.

This commit also modifies both ciphers_by_strength() and cipher_pref_check() so that the order in which ciphers are listed (by strength or server preference) is not printed if the server does not support the protocol.
2022-06-06 15:48:34 -04:00
Dirk Wetter
13298ffd19
Merge pull request #2193 from drwetter/moregitignore
More .gitignore files
2022-06-01 09:47:12 +02:00
Dirk Wetter
6959d3c9a5 few amendments to ignore files 2022-05-31 20:39:47 +02:00
Dirk Wetter
8438f99856
Merge pull request #2169 from drwetter/update_clients1
Update client simulations
2022-05-31 17:00:37 +02:00
Dirk Wetter
c92a648391 Add LibreSSL from MacOS 2022-05-31 16:17:47 +02:00
Dirk Wetter
854028166d Including AppleMail 2022-05-31 15:12:16 +02:00
Dirk Wetter
b274e3b858 correct openssl 3.0.3 data which made CI action fail 2022-05-31 14:32:47 +02:00
Dirk Wetter
6536eaddb6 remove Java 12 and OSX 10 in baseline file 2022-05-31 14:09:19 +02:00
Dirk Wetter
a21a343c1c disable Java 12 and Safari on OS X 10.12 2022-05-31 12:17:38 +02:00
Dirk Wetter
09432f0346 minor fix: italic markdown 2022-05-31 12:10:36 +02:00
Dirk Wetter
f90b473b32 Add Thunderbid 91.9 to hanshak simulation 2022-05-31 12:10:11 +02:00
Dirk Wetter
6023acd58c Merge branch '3.1dev' into update_clients1 2022-05-31 12:09:23 +02:00
Dirk Wetter
acc063e078
Merge pull request #2181 from dcooper16/continue_server_pref_on_error
Continue run_server_preference() on error
2022-05-31 11:37:08 +02:00
Dirk Wetter
e6f6bcaaa7
Merge pull request #2191 from drwetter/pr2189
Fix CRIME test
2022-05-30 14:58:48 +02:00
Dirk Wetter
dfbb9f8122 Fix Actions
this one works locally...
2022-05-30 13:37:07 +02:00
Dirk Wetter
8d817e1dcf PR to merge #2189
added: changes in CI so that it goes through
2022-05-25 18:46:08 +02:00
Dirk Wetter
f3fe2ac401 Merge branch 'EliteTK-fix-crime-tls1.3' into pr2189 2022-05-25 18:45:13 +02:00
Tomasz Kramkowski
fc0cc67d47 Make run_crime use $jsonID instead of repeating
This also seems more consistent across the code.
2022-05-23 13:57:31 +01:00
Tomasz Kramkowski
326a65e7ad Fix CRIME test on servers only supporting TLS 1.3
As jsonID is not set by run_crime, make the fileout invocation for
servers supporting only TLS 1.3 use the literal "CRIME_TLS" instead.

Previously running testssl with CSV or JSON output would produce an item
with the wrong ID.
2022-05-23 13:53:38 +01:00
David Cooper
706262095b Continue run_server_preference() on error
Currently run_server_preference() will stop if it cannot determine whether the server enforces a cipher preference order.

This commit changes run_server_preference() so it will continue running even if this case, so that the list of ciphers supported with each TLS protocol is provided. Since it is not known whether the server enforces a cipher order, the list of supported ciphers is ordered by strength.
2022-05-16 09:28:02 -04:00
Dirk Wetter
d931eb470c
Merge pull request #2186 from drwetter/censys_fix_2127
Fix censys link in DROWN section
2022-05-14 13:57:46 +02:00
Dirk
04463784a8 Fix censys link in DROWN section
See #2127. the line seems very long though.

Note: this was previously commited as #2184 but as there were two mistakes
and one other thing which could be improved I decided to make a hard reset.

Apologize if it caused inconvenience.
2022-05-14 12:06:09 +02:00
Dirk
1eb8347174 Update comparion/diff file for CI
... for the time being
2022-05-10 13:08:44 +02:00
Dirk Wetter
b89574e5c7
Merge pull request #2180 from dcooper16/ossl_ffdhe
Check for OpenSSL support for ffdhe groups
2022-05-10 07:47:56 +02:00
Dirk Wetter
86158f0bdf Firefox 100, Chrom and Edge 101 (Win10)
- disabled Opera (too old)
- disabled ATS 9 / iOS 9
- reenabled Android 8.1
2022-05-09 17:49:16 +02:00
David Cooper
66c3e35dba Check for OpenSSL support for ffdhe groups
OpenSSL 3.0.0 and later supports specifying the FFDHE groups from RFC 7919 in the "-groups" (or "-curves") option of s_client.

This commit modifies find_openssl_binary() to check whether $OPENSSL supports this. This information is then used by run_client_simulation(), if client simulation testing is being performed using $OPENSSL. If the "curves" for a client include FFDHE groups, then they will be included in the simulated ClientHello.
2022-05-09 09:46:40 -04:00
Dirk Wetter
6bd80b3baa Merge branch '3.1dev' into update_clients1 2022-05-06 10:32:01 +02:00
Dirk Wetter
22d8cd3adf Go client (1.17) 2022-05-06 10:06:03 +02:00
Dirk Wetter
ff23a2ba22
Merge pull request #2177 from drwetter/dependabot/github_actions/docker/setup-buildx-action-2
Bump docker/setup-buildx-action from 1 to 2
2022-05-06 08:17:49 +02:00