testssl.sh

mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-02 22:48:49 +02:00

Author	SHA1	Message	Date
Andreas Landgraf	7c62ae5d2e	Add support for EC private key in mTLS check	2025-11-13 16:57:11 +01:00
Dirk Wetter	ae48b680fa	Merge pull request #2945 from magnuslarsen/3.3dev feat: --rating-only flag to only test checks required for rating	2025-11-13 08:00:15 +01:00
Magnus Larsen	640444e1fc	feat: --rating-only flag to only test checks required for rating	2025-11-12 11:14:16 +01:00
Dirk Wetter	932c91f67c	Merge pull request #2941 from testssl/dependabot/github_actions/actions/checkout-5 Bump actions/checkout from 4 to 5	2025-11-11 16:46:21 +01:00
dependabot[bot]	bdf62198a8	Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-11 00:10:32 +00:00
Dirk Wetter	4ba3500b0b	Merge pull request #2940 from testssl/shellcheck_cherrypicked_2428 Shellcheck cherrypicked from PR #2428	2025-11-10 14:37:35 +01:00
Dirk Wetter	d4cc41405f	Skipping push as it seems expensive and may cause delays ... no bypasses for direct commit for those changes anyway	2025-11-10 12:29:05 +01:00
Dirk Wetter	2fcd01c693	fix FP	2025-11-10 12:15:58 +01:00
Dirk Wetter	0347f2ffee	24.04 Ubuntu's instead of latest	2025-11-10 12:05:42 +01:00
meisam	191b1e791d	add shellcheck to ci	2025-11-10 12:01:06 +01:00
Dirk Wetter	f219fd6ca3	Merge pull request #2938 from testssl/fix_2937 Fix pattern for matching /etc/hosts entries	2025-11-03 23:39:04 +01:00
Dirk	da8a6f2f34	Fix pattern for matching /etc/hosts entries `grep -w` matches also `string1-whatsoever` so that entries like ``` 192.168.0.10 anystring anystring-apache 192.168.0.11 anystring-tomcat ``` matched 3 entries over 2 lines. This PR fixes #2937 by improving the match pattern, so that `string1` needs a trailing whitespace or a EOL -- besides a leaing whitespace.	2025-11-03 22:30:26 +01:00
Dirk Wetter	c19d3fff0c	Merge pull request #2935 from testssl/fix_2933 Add new Sectigo R46 cert, update Java/Mozilla.pem	2025-11-01 18:00:27 +01:00
Dirk	3e495f456a	Add new Sectigo R46 certs + update Java/Mozilla.pem Fixes #2933 .	2025-11-01 14:15:36 +01:00
Dirk Wetter	a0c99d855e	Merge pull request #2934 from testssl/shorten_badssl Shorten badssl GHA as they fail too often	2025-10-30 20:41:46 +01:00
Dirk	1ce514d95f	Shorten badssl GHA as they fail too often * Remove checks which aren't needed in t/51_badssl.com.t t/33_isJSON_severitylevel_valid.t * tryying to make some files more readable	2025-10-30 18:35:43 +01:00
Dirk Wetter	0b9715c239	Merge pull request #2930 from testssl/fix_2929 Fix date parsing bc of locale problem	2025-10-30 15:54:23 +01:00
Dirk	da436e7d87	Fix date parsing bc of locale problem The new block making sure that rust coreutils work properly (PR #2913) introduced a new check in order to determine which date functions to use. The function however parsed only for English error messages ("No such file"). This PR fixes that by setting LC_ALL to C. Fixes #2929 .	2025-10-30 13:30:08 +01:00
Dirk Wetter	d3a96d9382	Merge pull request #2927 from testssl/fix_2926_ua_sneaky Update "sneaky" user agent	2025-10-28 15:16:04 +01:00
Dirk Wetter	ce820cdaf5	Update "sneaky" user agent fixes #2926 for 3.3dev.	2025-10-28 10:26:06 +01:00
Dirk Wetter	08ed5521a9	Merge pull request #2922 from testssl/shellcheck1 Squash some shellcheck errors	2025-10-13 22:10:44 +02:00
Dirk Wetter	c53e7a3955	Fix more shellcheck complaints (high severity) ... and fine tune some comments in the beginning	2025-10-13 21:06:02 +02:00
Dirk Wetter	8bc2185a72	Merge pull request #2923 from testssl/drwetter-patch-1 Minor fine tuning	2025-10-12 11:49:26 +02:00
Dirk Wetter	2cfa23e7f7	Minor fine tuning * version 3.2 was removed from links * badges updated * minor language improvements	2025-10-12 11:34:56 +02:00
Dirk Wetter	672493ebe7	Fix check for /bin/sh	2025-10-11 18:59:51 +02:00
Dirk Wetter	7090d5fbdd	Saving everything before commit/push is supposed to be better ;-)	2025-10-11 18:00:48 +02:00
Dirk Wetter	8392a4aed5	Squash some shellcheck errors and some warnings. Five errors of type [SC2145](https://www.shellcheck.net/wiki/SC2145) are left as I am not sure whether it'll be safe to follow the recommendation	2025-10-11 13:19:28 +02:00
Dirk Wetter	ae69789ecb	Merge pull request #2916 from testssl/update_Linux_CA_store Update Linux CA store	2025-10-09 22:12:09 +02:00
Dirk Wetter	07a0aa4bef	Merge pull request #2919 from testssl/update_GHAs Update GHAs	2025-10-09 21:27:38 +02:00
Dirk	9ff79c472f	Remove workflows/docker-3.2.yml for 3.3dev	2025-10-09 21:25:30 +02:00
Dirk	d732088923	Roff pages won't trigger a unit test anymore	2025-10-09 21:24:45 +02:00
Dirk Wetter	0a7810ea47	Update Linux CA store from Debian 13. Fixes #2915	2025-10-09 20:42:21 +02:00
Dirk Wetter	df100d986b	Merge pull request #2913 from testssl/fix_2909 Fix date for Ubuntu >= 25.10	2025-10-09 20:30:15 +02:00
Dirk Wetter	80d05c0831	Merge pull request #2912 from testssl/early_data TLS 1.3 early data / 0-RTT	2025-10-09 18:55:14 +02:00
Dirk Wetter	aacde5dadb	Merge branch '3.3dev' into early_data	2025-10-09 15:50:12 +02:00
Dirk	3353627373	Fix unit test for Mac and Ubuntu Linux	2025-10-09 15:44:53 +02:00
Dirk Wetter	32defa1864	Ignore MLKEMs for TLS 1.3	2025-10-09 15:44:53 +02:00
Dirk Wetter	eb915110c9	Update baseline	2025-10-09 15:44:53 +02:00
Dirk	e226a56486	Update basline scan for unit test This PR updates the baseline after switching to the new server.	2025-10-09 15:44:53 +02:00
Dirk Wetter	8534e72dc3	Merge pull request #2914 from testssl/unittest_new_baseline Update baseline scan for unit test	2025-10-09 15:38:37 +02:00
Dirk	6201627298	Fix unit test for Mac and Ubuntu Linux	2025-10-09 13:29:36 +02:00
Dirk Wetter	accd1f20cd	Rearrange order of date checks works for all "older" Linux systems, MacOS, OpenBSD and according to #teki69 also Ubuntu 25.10 .	2025-10-08 23:26:48 +02:00
Dirk Wetter	6af5377507	Ignore MLKEMs for TLS 1.3	2025-10-08 23:15:49 +02:00
Dirk Wetter	f081db83e1	Update baseline	2025-10-08 23:14:54 +02:00
Dirk Wetter	da7c713b08	Add 0-RTT also: * fine tuning protocol section * reference RFC 8470 (well..) and FIPS 203 * add a general linkto TLS related RFCs	2025-10-08 10:31:48 +02:00
Dirk Wetter	d637daefeb	Add 0-RTT	2025-10-08 10:15:14 +02:00
Dirk	a4b6ded123	Update basline scan for unit test This PR updates the baseline after switching to the new server.	2025-10-08 10:03:19 +02:00
Dirk Wetter	36bc08ce18	Fix date for Ubuntu >= 25.10 works for - ubuntu 24.04 - Debian 13 - openbsd 6.6 / 7.x - macos 15.7.1 Fixes #2909	2025-10-07 23:23:09 +02:00
Dirk Wetter	e0401b6207	TLS 1.3 early data / 0-RTT This PR implements a check for TLS early data. It needs a compatible OpenSSL or LibreSSL version. For modern OS versionis it should automagically pick the right, modern binary for the check. Mitigations like Defer processing or HTTP 425 are not yet tested. To clarify is * whether to penalize SSLlabs rating (@magnuslarsen). testssl.net has it enabled but the Web UI claims it's not a/v, see https://www.ssllabs.com/ssltest/analyze.html?d=testssl.net&s=172.67.205.231&hideResults=on&latest * Man pages To be in line with other HAS2_* global vars (HAS2_QUIC, HAS2_UDS), the following vars were renamed from their OPENSSL2_HAS_* counter parts: - HAS2_TLS13 - HAS2_CHACHA20=false - HAS2_AES128_GCM=false - HAS2_AES256_GCM=false	2025-10-06 17:03:56 +02:00
Dirk Wetter	3ece1e4b11	Merge pull request #2911 from testssl/early_data_preparation Define vars for early data	2025-10-05 21:34:53 +02:00

1 2 3 4 5 ...

5209 Commits