Git
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,868 Commits 14 Branches 30 Tags 208 MiB
Commit Graph

3868 Commits

Author SHA1 Message Date
Daniel Reichelt 2a926609ca quote argument for s_client's -nextprotoneg parameter 
The argument to -nextprotoneg is provided in sometimes empty an unquoted
variables. Because of the missing quotes, the next word on the line "-status"
gets parsed as "-nextprotoneg"'s argument instead of enabling the OCSP status
check.

This fixes #467.
 2016-09-13 21:22:35 +02:00
Dirk cca1b49890 - fixing wrong cipher order for URL=ipaddress 2016-09-12 21:54:51 +02:00
Dirk Wetter 4158372ab7 Merge pull request #468 from knweiss/referenced_but_not_assigned 
compare_server_name_to_cert(): Fix unassigned vars.
 2016-09-12 16:51:34 +02:00
Dirk Wetter 93c240278a Merge pull request #469 from knweiss/referenced_but_not_assigned2 
certificate_info(): Fix unassigned variable.
 2016-09-12 16:49:33 +02:00
Karsten Weiss b9d9a909b1 certificate_info(): Fix unassigned variable. 
Fix referenced but not assigned variable 'sign_algo'.

In testssl.sh line 4309:
               fileout "${json_prefix}algorithm" "DEBUG" "Signature Algorithm: $sign_algo"
                                                                               ^-- SC2154: sign_algo is referenced but not assigned.

Found by ShellCheck.
 2016-09-12 16:20:05 +02:00
Karsten Weiss 7dbbe42ea0 compare_server_name_to_cert(): Fix unassigned vars. 
Two instances of referenced but not assigned variables ('req' instead of
'ret').

In testssl.sh line 4130:
     if [[ $req -eq 0 ]]; then
           ^-- SC2154: req is referenced but not assigned.

Found by ShellCheck.
 2016-09-12 16:12:18 +02:00
Dirk f0132dcb7f stringer usabiliy warning for SHA1 + HTTP 2016-09-07 21:34:27 +02:00
David Cooper 7932d34fda Updates to cipher suite table 
Changed `Enc=CHACHA20/POLY1305(256)` to `Enc=ChaCha20(256)` and `Enc=GOST-28178-89-CNT(256)` to `Enc=GOST(256)` in order to shorten the names that are printed, so that they fit in the allocated column.

Added the four experimental post-quantum cipher suites mentioned in #462.
 2016-09-06 14:47:20 -04:00
David Cooper 3b3d16849d Merge branch 'master' into remove_sockread 
Conflicts:
	testssl.sh
 2016-09-06 11:38:54 -04:00
David Cooper 950b39122e Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-06 10:34:53 -04:00
Dirk d1cc7b3755 FIX #426 2016-09-06 08:32:05 +02:00
Dirk c00c98caa2 warning for SHA1 sig algo and web servers 2016-09-05 10:01:46 +02:00
David Cooper 44c37e3177 Merge branch 'master' into remove_sockread 2016-09-02 10:50:28 -04:00
David Cooper f17a09e1d9 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-02 10:47:36 -04:00
Dirk Wetter 228296e175 Merge pull request #290 from andreild/issue-289-domain-resolution-etc-hosts 
Fix #289 - the grep that decides whether a domain is a local address …
 2016-09-02 15:38:28 +02:00
Dirk Wetter fdcdad3faa Merge pull request #345 from dcooper16/more_sslv2_sslv3_fixes 
More SSLv2 (and SSLv3) related fixes
 2016-09-02 09:06:52 +02:00
Dirk Wetter caec8029f2 Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI 
Fix tls_sockets() when SNI empty
 2016-09-02 08:50:35 +02:00
David Cooper a9002ba6e6 Fix tls_sockets() when SNI empty 
`socksend_tls_clienthello()` always includes a server name extension in the ClientHello (for TLS 1.0 and above), even if `$SNI` is empty. If `$NODE` is an IP address, then the IP address is placed in the extension, even though RFC 6066 says that only DNS names are supported in the extension.

This PR changes `socksend_tls_clienthello()` so that the server name extension is only included in the ClientHello is `$SNI` is not empty.
 2016-09-01 13:22:39 -04:00
Dirk 2313aee22d fix for previously borken HPKP_MIN value 2016-09-01 19:09:12 +02:00
Dirk 1c53160348 ups ;-) 2016-09-01 19:04:47 +02:00
David Cooper 305c8c0063 Merge branch 'master' into remove_sockread 2016-09-01 10:57:43 -04:00
David Cooper 59d4acec11 Merge branch 'master' into more_sslv2_sslv3_fixes 2016-09-01 10:56:57 -04:00
David Cooper e10d256ae6 Merge branch 'master' into openss2rfc_rfc2openssl 2016-09-01 10:55:29 -04:00
Dirk d665f69c72 fix #436 2016-09-01 12:42:56 +02:00
David Cooper 9ef0d1f4ea 20 lines is 320 bytes, not 160 2016-08-31 17:07:53 -04:00
David Cooper a2f968d4ad Undo changed behavior for CCS 2016-08-31 17:03:50 -04:00
David Cooper d9578bb975 Merge branch 'master' into remove_sockread 2016-08-31 17:02:18 -04:00
Dirk Wetter 2613d20375 Merge pull request #460 from dcooper16/certificate_info 
Display SNI information in "Server Certificate" line
 2016-08-31 18:26:45 +02:00
David Cooper e79e980336 Display SNI information in "Server Certificate" line 
This PR is an attempt to address issue #447. If more than one certificate is being displayed, then a parenthetical saying "(in response to request w/o SNI)" is added for any certificate that was obtained using `$SNI=""`.

In addition, if the certificate was obtained without SNI, then `certificate_info()` doesn't call `$OPENSSL s_client` in order to obtain the non-SNI host certificate and it does not display a separate "Trust (hostname)" finding for the non-SNI certificate.
 2016-08-30 15:22:46 -04:00
David Cooper 1b548cee10 Follow https://github.com/Tripwire/OpenSSL-CCS-Inject-Test 
Attempt to rewrite `run_ccs_injection()` to follow the logic from https://github.com/Tripwire/OpenSSL-CCS-Inject-Test.
 2016-08-30 11:38:43 -04:00
David Cooper f88ad58e72 Merge branch 'master' into openss2rfc_rfc2openssl 2016-08-29 15:03:35 -04:00
David Cooper 6e6fdf6410 Merge branch 'master' into more_sslv2_sslv3_fixes 2016-08-29 15:02:40 -04:00
David Cooper 9bcf232f0f Check for empty byte6 2016-08-29 14:10:16 -04:00
David Cooper 3dc8754a0e Merge branch 'master' into remove_sockread 2016-08-29 14:07:43 -04:00
Dirk Wetter ba1ea6dcba Merge pull request #455 from dcooper16/unsupported_purpose 
Output correct error for unsupported certificate purpose
 2016-08-29 17:39:00 +02:00
David Cooper 957225595f Merge branch 'master' into unsupported_purpose 2016-08-29 10:17:27 -04:00
David Cooper 2abf6fc7c7 Fix merge 2016-08-29 10:14:21 -04:00
David Cooper dea2b1a761 Merge branch 'master' into remove_sockread 
Conflicts:
	testssl.sh
 2016-08-29 10:05:01 -04:00
David Cooper 01391e318a Merge branch 'master' into openss2rfc_rfc2openssl 2016-08-29 10:00:18 -04:00
David Cooper 97b8dd1959 Merge branch 'master' into more_sslv2_sslv3_fixes 
Conflicts:
	testssl.sh
 2016-08-29 09:57:36 -04:00
Dirk f5792a1e8d 1st important fixes ;-) 2016-08-28 21:43:48 +02:00
Dirk 54a66b9d88 - minor output fixes 
- removed "experimental" from TLS_FALLBACK_SCSV + DROWN
- bumped up version to rc2
 2016-08-28 21:41:30 +02:00
Dirk Wetter 1e5b619a19 Merge pull request #427 from dcooper16/server_preference_sslv2_fixes 
SSLv2 fixes for server preference
 2016-08-28 19:15:22 +02:00
Dirk Wetter dbb7d6f4be Merge pull request #444 from dcooper16/sslv2_sockets 
Move printing of results out of sslv2_sockets()
 2016-08-28 18:27:29 +02:00
Dirk Wetter f4d9a638ba Merge pull request #449 from dcooper16/poodle_no_ssl3 
Warning on Poodle test when no local SSLv3 support
 2016-08-28 18:10:50 +02:00
Dirk Wetter a76e67cbbe Merge pull request #450 from dcooper16/determine_optimal_proto_fix 
Fix SSLv2-only test in determine_optimal_proto()
 2016-08-28 18:08:01 +02:00
Dirk Wetter 1d83e220bf Merge pull request #456 from dcooper16/dh_keys 
Support DH server keys
 2016-08-28 18:04:22 +02:00
Dirk Wetter 8da00a8025 Merge pull request #445 from dcooper16/devel_option 
Fix "--devel" with SSLv2
 2016-08-28 18:03:17 +02:00
Dirk Wetter dfa0cfd0b4 Merge pull request #453 from dcooper16/no_ssl2 
OpenSSL 1.1.0 doesn't have "-no_ssl2" option
 2016-08-28 17:58:56 +02:00
Dirk Wetter b9c0ac9ee3 Merge pull request #451 from dcooper16/beast_no_ssl3 
Warning on BEAST when no local SSLv3 support
 2016-08-28 17:57:39 +02:00