Git
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,914 Commits 14 Branches 30 Tags 204 MiB
Commit Graph

1914 Commits

Author SHA1 Message Date
Lars Windolf d1ab23c146 Change question logic on non-SSL port 
Idea is to bail out per default (with WARNINGS=off) this makes batch processing possible
as often testssl.sh hangs for minutes or endless on non-SSL ports.
 2015-01-03 11:41:35 +01:00
Dirk eae1b2810f - check for CN wrt SNI / no SNI 
- fix different responses for CACert
 2014-12-23 09:59:03 +01:00
Dirk 4aa674d138 - Negotiated cipher per proto 
- nr_ciphers of used openssl version in banner
- spdy_pre check
- -testversion_new --> -testversion
 2014-12-21 23:22:50 +01:00
Dirk a570d907e9 - Cipher order check! (also for starttls) 
- includes a remark 4 default_cipher (limited sense as client will pick)
- selfsigned certs: error!
- number of local ciphers in check with allciphers
 2014-12-21 00:47:23 +01:00
Dirk 04b6795f94 Merge branch 'master' of github.com:drwetter/testssl.sh 2014-12-19 17:06:37 +01:00
Dirk 21493fb788 - tempfile handling: every function leaves one, if DEBUG is set 
- FIX*2: OPENSSL_CONF/GOST_CONF
 2014-12-19 17:02:26 +01:00
Dirk Wetter 9e53070598 Update Readme.md 2014-12-19 15:52:05 +01:00
Dirk Wetter c2ef5d1da8 Update Readme.md 2014-12-19 15:51:32 +01:00
Dirk 8635012cf5 - subjectAltName 2014-12-19 07:12:20 +01:00
Dirk 521a7160a9 - NEW: certificate info, details: 
- NEW: CN, SAN
- NEW: OCSP URI
- NEW: CRL distr point
- NEW: Issuer
- NEW: expiration
- NEW: signature algo
- renamed cmdline --simple_preference to --server_defaults
- now we have a TEMPDIR where all files are written toA
- function or handling/removing TMPFILE
 2014-12-18 09:33:24 +01:00
Dirk Wetter 5d66eeef05 Update Readme.md 2014-12-09 14:25:38 +01:00
Dirk b40c0b7178 - RELEASE: final 2.2 
- change of cmd line order for STARTTLS
- help more clear
 2014-12-08 10:32:51 +01:00
Dirk b3efb3c4b0 - BUGFIX: potential stalling in HTTP Header query 
- BUGFIX: HTTP specific vuln. won't be checked if service is not http (we still
check crime and also spdy => gmail has spdy for pop and imap)
- Feature: service detection: HTTP, IMAP, POP, SMTP
- alignment in rDNS output corrected
- minor cleanup / improvements
 2014-11-30 01:30:20 +01:00
Dirk 27f06f8d50 - BUGFIX: BSD now has proper heartbleed and ccs injection detection 
- significant code improvement of hex-byte parser <-> socket sender
- BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing
- bumped to 2.1rc3, hoping that'll be the last
 2014-11-27 21:33:33 +01:00
Dirk c034cd8a95 - for colors: double square brackets (might save a fork to "[ or "test" 
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
 2014-11-25 13:12:24 +01:00
Dirk Wetter 5228986b25 Update Readme.md 2014-11-24 16:43:11 +01:00
Dirk Wetter b242876597 Merge pull request #37 from yurivict/master 
Fixed errors when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options
 2014-11-24 15:16:42 +01:00
Yuri 19f936bece Fixed the problem when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options. 2014-11-22 12:15:47 -08:00
Dirk Wetter 7cf2030c20 Merge pull request #36 from PeterMosmans/bugfix 
Fixed minor redirection typo for 'which' command
 2014-11-22 18:31:09 +01:00
Peter Mosmans c3ab016164 Fixed minor redirection typo for 'which' command 2014-11-22 12:57:36 +10:00
Dirk 4c3cc0df8e - increase first read buffer -- otherwise it's how up at hb reply and lead to false positives 2014-11-20 18:55:51 +01:00
Dirk d4265742b1 color codes for protocols and default ciphers reflect better a rating 
- fix: heartbleed function needed a $TMPFILE for determining the TLS protocol
 - version bumped to 2.1rc2
 2014-11-20 10:46:55 +01:00
Dirk 5dd4a8f3fa - fix in cleanup (while debug) 
- wrong cmd line option --> help instread of error
 2014-11-19 22:23:13 +01:00
Dirk 05877dca93 - protocol check stream lined: similar now for every protocol 
- NPN/SPDY is not green anymore
 2014-11-19 18:04:43 +01:00
Dirk d77b667489 - protocol w/o cipher (only SSLv2 so far) 
- for EVERY protocol now check whether $openssl supports it
- better fail for PFS if there are no local ciphers
 2014-11-19 17:08:59 +01:00
Dirk 52ef1fe684 @oparoz 2014-11-19 13:26:48 +01:00
Dirk 99e472ac01 - banner (opensssl version build date, platform) slightly changed 
- even clearer warning upon old openssl version (MacOSX!)
- oparoz hexdump patch
- heartbleed doenst do a precheck anymore --> just sockets as it may lead to false negatives
  if the client was complied with it disabled (FreeBSD)
 2014-11-19 13:22:22 +01:00
Dirk f2c44803ed - FreeBSD fixes (getent, printf) 2014-11-18 23:14:17 +01:00
Dirk 59bdf48823 - Peter 2014-11-18 20:24:10 +01:00
Dirk 41a480abb4 small cleanup 2014-11-18 20:23:17 +01:00
Dirk 8756151a26 Merge branch 'master' of github.com:drwetter/testssl.sh 2014-11-18 16:40:14 +01:00
Dirk Wetter 3d6eda97de Merge pull request #30 from PeterMosmans/cleanup 
Make sure that cleanup() function is always called
 2014-11-18 16:39:32 +01:00
Dirk Wetter f067944f2a Merge pull request #29 from PeterMosmans/msys 
Added compatilibility with MSYS2 on Windows
 2014-11-18 16:30:18 +01:00
Dirk 7b45311c30 - stripping of leading 0 in testssl.sh needed to be reflected by this file 2014-11-18 11:04:57 +01:00
Dirk 049a945abc - prettyprint_local now also can do word pattern matching 
- help improved
- put the stripping of leading 0 into normalize_cipher_code where it belonged
- the latter makes a modified mapping-rfc.txt necessary!
 2014-11-18 11:03:03 +01:00
Dirk f45d85617b - hexcode in neat list now w/o leading 0 
- help cleaned up and clearer (& removing tabs)
- test_just_one with headline
 2014-11-18 10:29:11 +01:00
Peter Mosmans de0b4313b8 Make sure that cleanup() function is always called 
Added {HEADERFILE_BREACH} to temporary files that should be removed
Removed obsolete cleanup calls
 2014-11-18 14:30:48 +11:00
Peter Mosmans 15f23f1fec Added compatilibility with MSYS2 on Windows 2014-11-18 13:30:56 +11:00
Dirk cf8fa2c3f3 - version bumped to 2.1rc1, better layout for chacha (albeit bit ugly), better layout for all ciphers, test_just_one w/ headline 2014-11-18 01:36:29 +01:00
Dirk 16279267ea - sockread w/ sleep 
- ccs better documented + more verbose during debug
 2014-11-18 00:26:58 +01:00
Dirk Wetter 2e6c0a45cd Update CREDITS.md 2014-11-17 18:59:57 +01:00
Dirk 7414b5b310 next step in color handling: 2=full color, 1: b/w, 0: no ESC codes at all 2014-11-17 18:49:56 +01:00
Dirk eee56b4bd4 2014-11-17 18:47:39 +01:00
Dirk fc4c2e5446 - omit the "**" in non colored mode 
- query COLOR properly (env)
 2014-11-17 17:43:59 +01:00
Dirk a7bbc6c39a warning upon "no ssl enabled server" clearer; we check only for return code of s_client. Fails if certificate needed 2014-11-17 17:05:43 +01:00
Dirk b2cd4bfd4c better documentation 2014-11-03 21:45:48 +01:00
Dirk 481af083a3 NEW: first working implementation of "-x <list_of_csv_hexcodes> server" with a catch: none a/v local cipher 2014-11-02 23:37:17 +01:00
Dirk a2cd77c4ee TLS_FALLBACK_SCSV 2014-10-30 21:15:30 +01:00
Dirk 3b783323d5 TLS_FALLBACK_SCSV 2014-10-30 21:14:50 +01:00
Dirk 5984e86f81 FIX for RUN_DIR, bumped up version to 2.1beta 2014-10-30 21:12:18 +01:00