Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,424 Commits 17 Branches 35 Tags
83d2a63e0fae7887afb58ef880a0efea44219972
Commit Graph

1424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
5f47359291 polishing output for #413 2016-07-11 18:44:28 +02:00
Dirk Wetter
400e969585 Merge pull request #413 from dcooper16/test_curves 
Determine support elliptic curves for ECDHE- ciphers
 2016-07-11 18:11:09 +02:00
Dirk Wetter
9f47ccece2 Merge pull request #412 from dcooper16/supported_elliptic_cur 
Reorder supported curves
 2016-07-11 17:08:39 +02:00
David Cooper
891c56f8bf Determine support elliptic curves for ECDHE- ciphers 
This PR extends run_pfs() to display the set of elliptic curves supported by the server, if the server supports any ECDHE- ciphers.
 2016-07-11 11:00:56 -04:00
David Cooper
fb94221ce0 Reorder supported curves 
Reorder the supported curves sent by socksend_tls_clienthello() from strongest to weakest.
 2016-07-11 10:52:48 -04:00
David Cooper
f968bd8346 Merge branch 'master' into version_negotiation 2016-07-11 10:45:59 -04:00
David Cooper
197bee8658 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-07-11 10:44:37 -04:00
David Cooper
c6373a181f Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-11 10:43:35 -04:00
David Cooper
08953416e8 Merge branch 'master' into more_sslv2_sslv3_fixes 2016-07-11 10:42:28 -04:00
Dirk Wetter
16087f8252 Merge pull request #411 from welwood08/patch-2 
Server cipher order NPN tests should use SNI
 2016-07-11 16:24:45 +02:00
Dirk
3e8d5208dc further fix, see #410 2016-07-11 16:20:36 +02:00
Dirk Wetter
c32706c039 Merge pull request #410 from welwood08/patch-1 
Unreadable SAN list on FreeBSD
 2016-07-11 16:01:35 +02:00
Will Elwood
2573a9b8b8 More SNI for NPN tests 
Found another NPN test (for the case where server doesn't specify cipher order?) that wasn't using SNI.
Also found a comment saying proxies don't support NPN => removed `$PROXY` from all modified lines.
 2016-07-11 14:37:20 +01:00
Will Elwood
382d22648a Server cipher order NPN tests should use SNI 
I noticed the NPN parts of this test were not returning any ECDSA ciphers where I expected them to match the results of the immediately preceding TLS 1.2 test. Found it wasn't using SNI so my test server was using the default domain (snakeoil RSA certificate) instead of the tested domain (dual ECDSA/RSA certificates).
 2016-07-11 14:15:50 +01:00
Will Elwood
3c39396391 Unreadable SAN list on FreeBSD 
On FreeBSD, sed does not support "\n" in the replacement string of a substitution. The SANs are currently output all together inside a single pair of quotes and each separated with an "n" character, needless to say this is very difficult to read.

After a little digging, it seems this is a somewhat recent regression of the fix in #173. I believe `tr` would be a more cross-platform way to do this, and several sources (including the author of that PR) would seem to agree - assuming the newline is now necessary.

It doesn't appear to matter what order the newline replacement happens amongst all the other replacements, so I have placed it first simply to avoid extending any already-long lines. Please correct me if this deduction is false.
 2016-07-11 13:35:55 +01:00
Dirk Wetter
018468a670 more user friendly... 2016-07-09 14:24:38 +02:00
David Cooper
f216cbe61f Merge branch 'master' into version_negotiation 2016-07-08 09:39:12 -04:00
David Cooper
02a39e4859 Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-07-08 09:38:06 -04:00
David Cooper
dfa92445ee Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-08 09:37:09 -04:00
David Cooper
788042ba37 Merge branch 'master' into more_sslv2_sslv3_fixes 2016-07-08 09:35:52 -04:00
Dirk
eb58598ca5 make it public, see #122 2016-07-08 11:40:17 +02:00
Dirk
af4117aa7a FIX #404 2016-07-08 11:25:41 +02:00
Dirk
8c11334030 FIX #405 2016-07-08 11:15:41 +02:00
Dirk Wetter
57bf01a360 Merge pull request #402 from dcooper16/poodle 
Check for all CBC ciphers in Poodle test
 2016-07-08 10:04:49 +02:00
Dirk Wetter
9c92a866e0 Update Readme.md 2016-07-08 08:04:58 +02:00
Dirk Wetter
345087c3a4 Merge pull request #403 from teward/patch-1 
Missing closing parenteses in help output for --openssl
 2016-07-06 20:45:45 +02:00
Thomas Ward
de05711e5a Fix grammar issue in help output for --openssl 
Missing a closing parentheses `)`.
 2016-07-06 14:23:32 -04:00
David Cooper
ec6c0ce605 Check for all CBC ciphers in Poodle test 
This PR should address issue #399.

I created the list of ciphers using the CIPHERS_BY_STRENGTH file from PR #373, making a list of all ciphers that had "CBC" in the RFC name and for which I had been able to find a corresponding OpenSSL name. Then, since that list contained more than 128 ciphers, I removed any ciphers from the list where the name ended in "-SHA256" or "-SHA384", as it is my understanding that those ciphers can only be used with TLS 1.2.
 2016-07-06 10:52:54 -04:00
Frank Breedijk
02fb4ef9ca Debug begone 2016-07-06 00:12:48 +02:00
Frank Breedijk
845e6c13a3 And we have unit tests too (and found some bugs in the process) 2016-07-05 23:55:19 +02:00
Frank Breedijk
95e42b2fdf Better displaying of findings 2016-07-05 23:33:20 +02:00
Frank Breedijk
5ea49c1433 Merge branch 'master' of https://github.com/drwetter/testssl.sh into feature/ca-pinning 2016-07-05 18:15:46 +02:00
Frank Breedijk
07f91a54bf Fixed the encoding for root/intermediate CAs now. 2016-07-05 18:10:36 +02:00
David Cooper
b6accbe737 Merge branch 'master' into version_negotiation 2016-07-05 10:24:53 -04:00
David Cooper
1102ef324c Merge branch 'master' into run_allciphers(),run_cipher_per_proto(),-and-SSLv2 2016-07-05 10:23:13 -04:00
David Cooper
ad92ca8519 Merge branch 'master' into openss2rfc_rfc2openssl 2016-07-05 10:21:30 -04:00
David Cooper
6ec00c33db Merge branch 'master' into more_sslv2_sslv3_fixes 
Conflicts:
	testssl.sh
 2016-07-05 10:19:53 -04:00
Dirk
0217992553 fixed error where an URI in X509v3 Issuer Alternative Name was displayed and an URI in SAN 2016-07-05 00:08:51 +02:00
Dirk
d2f2dab7fb fix regression lf in CN 2016-07-05 00:02:34 +02:00
Dirk
2bba19360f see #401, part 2 2016-07-04 23:52:52 +02:00
Dirk Wetter
251e3f9a3b Merge pull request #371 from dcooper16/fix_issue_276 
Fix issue #276
 2016-07-04 23:25:13 +02:00
Dirk
0b5705fff4 FIX #258, FIX #398 
partly addressed: #246
 2016-07-04 23:05:12 +02:00
Frank Breedijk
e280cac2af Without bash-bsd check 2016-07-04 17:30:32 +02:00
Frank Breedijk
4efb6531c2 Merge branch 'master' of https://github.com/drwetter/testssl.sh into issues/258 2016-07-04 17:28:06 +02:00
Frank Breedijk
3049425740 Checks for CA and intermediate pins too. Need to clean up output and write unit tests 2016-07-04 17:25:48 +02:00
Frank Breedijk
a648470988 Not done yet, but the basic code is working 2016-07-04 17:21:24 +02:00
Dirk
f01bff973a renamed function, better banner for logging 2016-07-04 13:59:39 +02:00
Dirk
491a03233b updating neat_list() to be faster and more compatible to openssl 1.1.0 with new chacha/poly ciphers 2016-07-03 22:35:21 +02:00
Dirk
d5242c255e FIX #384 2016-07-03 21:45:49 +02:00
Frank Breedijk
946506f3ac This Fixes #258 - Checks if /dev/fd is mounted on FreeBSD 2016-07-03 19:52:48 +02:00