Commit Graph

136 Commits

Author SHA1 Message Date
Dirk dbb8fc8013 Fix CI 2024-09-03 18:28:56 +02:00
Dirk 2067ac8123 Fall back to heise.de
.. to scan.

It worked in a few examples locally. Other hosts I tried so far weren't
available anymore (like scanme.nmap.org). In order to reduce the burden
we scan now only during PRs.
2023-07-31 16:34:56 +02:00
Dirk fc14a02035 Changed heise.de to example.com as sometimes we're blocked 2023-07-31 13:44:35 +02:00
Odinmylord 035996cc44 updated default_testssl.csvfile with new RSA-PSS 2023-03-23 00:14:15 +01:00
Dirk Wetter b84e182ca2
Merge pull request #2332 from drwetter/sanitize_fileout
Make sure control chars from HTTP header don't end up in html,csv,json
2023-03-12 16:18:20 +01:00
Dirk Wetter cacd8c57b1 Add variable htmlfile + filter GOST message
... which is needed for newer LibreSSL/OpenSSL versions
2023-03-12 15:09:24 +01:00
Dirk Wetter 66ebfb2f58 Add changes to CSV baseline 2023-02-06 21:56:54 +01:00
Dirk Wetter 2e0898c9ef Remove NNTP from CI tests
Maybe for the future we should check whether host is available and
if so then run the test
2023-01-31 09:34:18 +01:00
David Cooper 6088eddab6 Show server supported signature algorithms
This commit modifies run_fs() to show the signature algorithms the server supports in the ServerKeyExchange message for TLS 1.2 and in the CertificateVerify message for TLS 1.3.

Signature algorithms are not shown for TLS 1.1 and earlier, since for those protocol versions the signature algorithm to use is specified by the protocol. While the signature algorithm used in TLS 1.1 and earlier is weak, testssl.sh already warns if these protocol versions are supported.
2022-11-18 06:23:24 -08:00
Dirk Wetter e918a2c31f remove negotiated cipher / protocol also in baseline file 2022-11-14 20:25:56 +01:00
David Cooper 5c889bde0f Include cipher order information in file output on a per protocol basis
This commit fileout() calls to ciphers_by_strength() and cipher_pref_check() to indicate whether or not the server enforces a cipher order for a protocol version.
2022-10-20 12:49:22 -07:00
Dirk Wetter c92a648391 Add LibreSSL from MacOS 2022-05-31 16:17:47 +02:00
Dirk Wetter 854028166d Including AppleMail 2022-05-31 15:12:16 +02:00
Dirk Wetter 6536eaddb6 remove Java 12 and OSX 10 in baseline file 2022-05-31 14:09:19 +02:00
Dirk Wetter 6023acd58c Merge branch '3.1dev' into update_clients1 2022-05-31 12:09:23 +02:00
Dirk Wetter dfbb9f8122 Fix Actions
this one works locally...
2022-05-30 13:37:07 +02:00
Dirk Wetter 8d817e1dcf PR to merge #2189
added: changes in CI so that it goes through
2022-05-25 18:46:08 +02:00
Dirk 04463784a8 Fix censys link in DROWN section
See #2127. the line seems very long though.

Note: this was previously commited as #2184 but as there were two mistakes
and one other thing which could be improved I decided to make a hard reset.

Apologize if it caused inconvenience.
2022-05-14 12:06:09 +02:00
Dirk 1eb8347174 Update comparion/diff file for CI
... for the time being
2022-05-10 13:08:44 +02:00
David Cooper fa5d13eb06 Reorder output of run_server_preference()
This commit reorders the output of run_server_preference() as discussed in #1311.
2022-03-22 15:40:49 -04:00
David Cooper 1814da4e53 Working NNTP server
Switch NNTP server testing to a currently working server from http://vivil.free.fr/nntpeng.htm.
2022-03-16 07:57:40 -04:00
Dirk Wetter ce746cd8b7 Add CI check
* for STARTTLS + LDAP
* for STARTTLS + POP3 reenable check with openssl as GH has not the time limits which Travis had
2022-02-01 10:02:35 +01:00
Emmanuel Bouthenot 4c2a1296a7 Add unit testing (manage)sieve protocol while using STARTTLS 2021-12-20 17:18:07 +01:00
Dirk Wetter fc06fcee56 fix travis 2021-12-10 18:26:03 +01:00
Dirk Wetter 18f3ad7c31 fix travis 2021-12-10 15:58:10 +01:00
David Cooper 64d110f19d
Check file permissions on ./testssl.sh
This commit adds a check that ./testssl.sh has both read and execute permission. If ./testssl.sh is lacking execute permission, it will pass the tests in 00_testssl_help.t and 01_testssl_banner.t that run the program as `bash ./testssl.sh`, but will fail the subsequent tests that run the program as `./testssl.sh`, but the reason for the failure will not be clear.
2021-11-15 07:25:08 -05:00
David Cooper 3d9f109780
Fix 2030
Fix CI issue created by #2028 and by new certificate fingerprint.
2021-10-28 08:13:34 -04:00
Steve Mokris 0012adf47e Add a test to verify that expired.badssl.com's chain of trust is expired. 2021-10-05 13:53:58 -04:00
Dirk 529e9da823 Fix GHA (starttls nntp)
using another IP
2021-09-09 23:17:09 +02:00
a1346054 b1f5c6c9af Trim excess whitespace 2021-09-04 13:28:30 +00:00
a1346054 6782e2a3b9 Fix spelling 2021-09-04 12:39:03 +00:00
Peter Dave Hello cbae32e5a4 Add missing vim modeline config in sh & perl files, cc #1901 2021-06-01 14:40:24 +08:00
Peter Dave Hello 9e61b8ba13 Make vim modeline config consistent, cc #1901 2021-06-01 14:31:31 +08:00
Dirk Wetter a6f8aa61de Fix travis
Respect changed HSTS epoch time of 180 days.

(DROWN output is changed too as the certificated changed but doesn't matter
as the travis check filters that)
2021-05-10 11:28:25 +02:00
Dirk e71ebfea4a Adjust master template for t/61_diff_testsslsh.t
... so that Travis CI works again
2021-04-02 16:57:20 +02:00
Dirk c66d58b135 Filter for changing certificates of testssl.sh's server 2021-01-18 09:30:31 +01:00
Dirk Wetter 39132fe3d0 Fix order for -U and --ids-friendly
Workaround for bug see #1717. In addition: Bring  the test closer to a cleaner style,
as the others

Should --ids-firednly could be as well be removed when travis runs faster.
2020-12-11 20:49:15 +01:00
Dirk Wetter 96d4b4f08b Trying to reduced the runtime of travis
Often in the past travis was hitting a limit (50min?).

This is a try to make reasonable cuts to the unit tests:
- For STARTTLS some checks with OPenSSL are skipped
- For JSON and HTML outputs --ids-friendly was added assumming we
  don't change the output of ticketbleed, CCSI, HeartBleed and ROBOT any more.
- There's also not point to run those checks against badssl
- for  the diff check we switch to 'or diag' to display a dfifference
2020-11-27 13:19:52 +01:00
Dirk 665209bf60 typos 2020-11-26 16:27:40 +01:00
Dirk 1b63760bc3 Add baseline master file for testssl.sh 2020-11-26 16:05:08 +01:00
Dirk a98ede0720 Finalize first diff check for travis 2020-11-26 15:58:13 +01:00
Dirk 49d321cfbb Add "command not found" 2020-11-26 13:41:44 +01:00
Dirk 191efddaee document changes from previous commits 2020-11-26 13:07:49 +01:00
Dirk 0c20b21fc2 Better order, "command not found added" 2020-11-26 13:02:10 +01:00
Dirk 4ca4e075a2 Use test::diff so that errors are spotted better 2020-10-02 13:07:13 +02:00
Dirk 7981a238a5 Comment out S2S XMPP server test for now 2020-05-02 19:40:45 +02:00
Dirk 5da54b9ce8 fix var declaration 2020-05-01 21:42:41 +02:00
Dirk 9e61d6605e Perl needs a semicolon ;-/ 2020-05-01 19:17:58 +02:00
Dirk 191c69fbdd Minor probe for STARTTLS xmpp-server
... don't know whether this gets through -- depends on the
version openssl used (1.0.2 doesn't have that)
2020-05-01 18:39:36 +02:00
Dirk Wetter 8c466bf2ee Rename PFS/perfect forward secrecy to FS/forward secrecy
In all instances:

* command line (will break things)
* JSON IDs (will break things)
* in the documentation
* in the travis checks where used
* everywhere in the code: variables, functions, comments
2020-04-14 15:53:05 +02:00