95f583322a
Merge branch 'master' into no_version_tolerance_test
2016-10-27 16:51:50 -04:00
99300a0059
bump version
2016-10-27 22:02:35 +02:00
00a5d19276
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-10-27 22:00:19 +02:00
337e66fc61
Merge branch 'CA_pinning'
2016-10-27 21:59:42 +02:00
1613bb214e
Merge branch 'master' into CA_pinning
...
Conflicts:
testssl.sh
2016-10-27 21:59:10 +02:00
bfad620bf5
Update Readme.md
2016-10-21 22:16:19 +02:00
5e5edd5c89
FIX #490
2016-10-15 22:55:24 +02:00
6abca0c598
Merge pull request #495 from mailsvb/minor_display_fix_ssl3_offer
...
remove additional pr_off at the end of sslv2 check
2016-10-14 22:07:19 +02:00
4ce4d922ac
remove additional pr_off at the end of sslv2 check
2016-10-12 22:32:35 +02:00
d32dbdaff3
Updating MS store, sill small, still not automated/cumbersome not sure if ok
2016-10-12 21:15:37 +02:00
6723622024
- do not do HTTP2+SPDY checks if non-STARTTLS but also non-HTTP
...
- ASSUMING_HTTP --> ASSUME_HTTP
- minor cleanups
2016-10-11 22:30:30 +02:00
3c55eec654
Remove test of version tolerance
...
PR #346 added a test for version tolerance to `run_protocols()`, but I think it may now be more appropriate to remove that test. Draft -16 of TLS 1.3, which was posted on September 22, changed the way that version negotiation is handled for TLS 1.3 and above. The current version tolerance test sends a ClientHello with the version field set to "03, 05", to represent a TLS 1.4 ClientHello. While this was consistent with RFC 5246 and with drafts of TLS 1.3 up to -15, draft -16 changed the version field to `legacy_version` and declared that its value should be "03, 03" for TLS 1.2 and above. (For TLS 1.3 and above a Supported Versions extension is included to inform the server which versions of TLS the client supports.) The change in draft -16 was made as a result of the problems with servers not handling version negotiation correctly.
Since the current draft suggests that a server should never be presented with a ClientHello with a version higher than "03, 03" (even for clients that support TLS versions higher than 1.2), it seems there is no reason to include the version tolerance test anymore.
For servers that do not support TLS 1.2, the additional checks that were added by PR #346 will already detect if the server cannot perform version negotiation correctly.
2016-10-11 11:01:04 -04:00
d59c581700
Update Readme.md
2016-10-11 12:17:33 +02:00
77f98e73e2
medium only for "Secure Client-Initiated Renegotiation" != HTTP
2016-10-10 23:27:34 +02:00
51912944ec
Merge pull request #492 from mailsvb/CA_BUNDLES_PATH
...
fix usage of CA_BUNDLES_PATH env for local ca_bundles
2016-10-09 10:22:22 +02:00
5a967302dc
fix usage of CA_BUNDLES_PATH env for local ca_bundles
2016-10-08 22:50:44 +02:00
1c5eb17729
(saving work): major cleanups for output readability and code
2016-10-06 18:53:25 +02:00
bd64fb4214
minor putput cleanup for headers
2016-10-03 21:17:29 +02:00
f9d44484af
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-10-03 21:01:54 +02:00
9fe87223cc
fix anchor
2016-10-03 20:48:32 +02:00
248351eef5
Update Readme.md
2016-10-03 20:29:50 +02:00
bf1d3933bf
Update Readme.md
2016-10-03 20:28:44 +02:00
878ab519c0
update
2016-10-03 20:21:38 +02:00
19b63aa8a9
duplicate headers fixed, #FIX 488, outstanding: proper treatment of simulatenous Public-Key-Pins|Public-Key-Pins-Report-Only
2016-10-03 18:52:48 +02:00
e2023f51ac
evaluate env TESTSSL_INSTALL_DIR and CA_BUNDLES_PATH for CA bundles and/or RFC/IANA mapping, FIX #475 , #435
2016-10-02 18:15:13 +02:00
eb1f6e05bb
update, thanks to Niko78, see #371
2016-10-02 10:04:25 +02:00
fd6e2c0682
cleanup of #489
2016-10-01 22:25:14 +02:00
09c19b4654
FIX #489 , clear warning if >=1 HSTS headers are present
2016-10-01 10:04:33 +02:00
fd83509ae5
update
2016-09-29 23:23:44 +02:00
5115055895
update
2016-09-29 21:44:54 +02:00
15f9315cd0
fix last build
2016-09-29 21:27:24 +02:00
a5adb2f3ec
fixing last T CI run
2016-09-29 21:20:13 +02:00
68697b822e
fixing last run, hopfully
2016-09-29 21:19:09 +02:00
05a0e555a7
- save 1x sed in count_lines/words
2016-09-29 20:59:13 +02:00
d786a94a8c
output + code polishing, phrasing. lf still has space for improvements
2016-09-28 20:32:01 +02:00
b238fab3c1
Merge pull request #443 from dcooper16/remove_sockread
...
Replace sockread() with sockread_serverhello()
2016-09-27 22:34:17 +02:00
144e2c20cf
Update Readme.md
2016-09-27 00:08:01 +02:00
092badc55a
Update Readme.md
2016-09-27 00:01:13 +02:00
e59efb0313
Merge branch 'master' of github.com:drwetter/testssl.sh
2016-09-26 23:48:08 +02:00
556d637069
updated
2016-09-26 23:47:39 +02:00
76e9a58223
Delete openssl.Linux.armv7l
2016-09-26 23:31:21 +02:00
9a4211e867
Delete openssl.Darwin.i386
2016-09-26 23:30:55 +02:00
6ded937b14
Merge branch 'master' into remove_sockread
2016-09-26 17:02:53 -04:00
7e729d26cd
Darwin 64bit binary, see https://gist.github.com/jpluimers/9257ba6e27afea1b98376d9d4411c88c
2016-09-26 22:52:26 +02:00
2201c59ba3
FIX #477 : check also for ALPN as TLS extension
2016-09-26 21:47:57 +02:00
98663b4c72
Merge branch 'master' into remove_sockread
2016-09-26 09:46:27 -04:00
fcdc15b24b
no STARTTLS for NPN, preparing #477
2016-09-24 16:59:28 +02:00
0cadeefb05
cleanup #473
2016-09-24 16:07:23 +02:00
679d1b9c1f
Merge pull request #473 from nachtgeist/issue-467
...
Fix handling of empty argument to "-nextprotoneg" parameter
2016-09-24 16:01:47 +02:00
f24770f6f4
Merge pull request #478 from wdhongtw/master
...
Remove duplicated do_rc4 in debug_globals()
2016-09-24 13:13:15 +02:00
