Commit Graph

852 Commits

Author SHA1 Message Date
Frank Breedijk
a25a66ff49 Lets add some unit tests to testssl.sh - Using abdsll.com work 2016-06-27 16:49:54 +02:00
Dirk Wetter
02e9f5cd23 fix colum spacing again for all alg chacha poly ciphers 2016-06-15 21:31:10 +02:00
Dirk Wetter
9b8fc2c6f0 rename old alg chacha/poly ciphers according to SSLlabs (#379 / https://github.com/PeterMosmans/openssl/issues/43) 2016-06-15 20:14:08 +02:00
Dirk Wetter
d10dd6d34c align old chacha/poly ciphers output in OPENSSL name, see #379 2016-06-15 20:12:48 +02:00
Dirk
1fae394b04 2013 --> OLD for CHACHA/POLY ciphers 2016-06-13 21:38:02 +02:00
Dirk Wetter
d4454d009b Merge pull request #383 from dcooper16/printSAN
Printing of subjectAltName extension
2016-06-13 19:32:31 +02:00
David Cooper
1d0c8cb3f8 Printing of subjectAltName extension
Modify the extraction of the subjectAltName extension from certificates in order to address SANs with name forms other than DNS and otherName.
2016-06-13 12:52:19 -04:00
Dirk Wetter
88fd5c4e19 Merge pull request #381 from PeterMosmans/chachanaming
Updated ChaCha20 cipher names
2016-06-13 08:27:28 +02:00
Peter Mosmans
a06c71d915 Updated ChaCha20 cipher names
See https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 (the latest version as of this writing is 04).
The previous version received the suffix _2013. See https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
2016-06-13 10:34:04 +10:00
Dirk Wetter
1b7653e438 Update Readme.md 2016-06-11 09:08:51 +02:00
Dirk Wetter
61a049ccf9 Merge pull request #380 from dcooper16/runallciphers128limit
run_cipher_per_proto() 128-cipher limit
2016-06-10 20:30:47 +02:00
David Cooper
8c86049848 run_cipher_per_proto() 128-cipher limit
Ensure that neither run_allciphers() nor run_cipher_per_proto() sends a ClientHello with 128 or more cipher suites.
2016-06-10 13:45:25 -04:00
Dirk
adbb1932eb simplified cipher and protocol retrieval in 'Testing server preferences' 2016-06-09 15:56:53 +02:00
Dirk
d561687554 initial commit 2016-06-09 15:06:42 +02:00
Dirk
6b07b89946 - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
Dirk
5ceace33e0 - FIX #189 with a smart check, introduced global var SERVER_SIZE_LIMIT_BUG
- introduced "has_server_protocol()" which can be used to check b4 connecting if protocol is a/v
2016-06-09 11:04:40 +02:00
Dirk
94d5a8df80 hint for new (etxernal) binaries 2016-06-09 00:06:11 +02:00
Dirk Wetter
f754d67e74 Merge pull request #377 from dcooper16/curve25519
Adding x25519 and x448 to ClientHello
2016-06-08 17:32:28 +02:00
David Cooper
4750c3f0d5 Adding x25519 and x448 to ClientHello
This added x25519 and x448 to the list of supported elliptic curves in the ClientHello created by socksend_tls_clienthello().
2016-06-08 11:25:47 -04:00
Dirk Wetter
c929fba206 Merge pull request #342 from dcooper16/socksend_tls_clienthello_extensions
More extensions in socksend_tls_clienthello()
2016-06-08 10:39:17 +02:00
Dirk
022dbc687a Merge branch 'master' of github.com:drwetter/testssl.sh 2016-06-07 23:07:17 +02:00
Dirk
d858edca1b - filled PROTOS_OFFERED w sense
- minor fixes for fileout
- introduced "fixme()"
2016-06-07 23:06:58 +02:00
Dirk Wetter
1d051a24e0 Merge pull request #374 from dcooper16/CREDITS
Update CREDITS.md
2016-06-07 22:40:56 +02:00
David Cooper
fa866f6458 Update CREDITS.md 2016-06-07 14:23:33 -04:00
David Cooper
c13ae4a001 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-07 10:35:32 -04:00
Dirk
8ed6214b6f preliminary fix for #189 (SIZELMT_W_ARND=true needed) 2016-06-07 13:02:58 +02:00
Dirk
29072315e5 output correction for IPv6 and --ip=<addr 2016-06-07 09:08:48 +02:00
Dirk
6f4ba5bda7 - corrected handling of shortened warning periods for LE certs (dual certs were wrong)
- (kind of) readded cert_key_algo in output
- smaller output fixes e.g. for GOST certificates
2016-06-06 13:42:17 +02:00
Dirk Wetter
4668b9879a Update Readme.md 2016-06-04 19:17:10 +02:00
Dirk Wetter
efdcd805a9 Update Readme.md 2016-06-04 19:14:38 +02:00
Dirk Wetter
561cfa16fc - FIX #367 2016-06-02 21:31:24 +02:00
David Cooper
e8cc32af54 Merge branch 'master' into socksend_tls_clienthello_extensions 2016-06-02 09:16:45 -04:00
Dirk Wetter
6a9b0e01fc - polishing #366 and IPv6-related 2016-06-02 09:59:52 +02:00
Dirk Wetter
51f4c9ac9e Merge pull request #366 from typingArtist/365_fix_ipv6_handling
drwetter#365 fix ipv6 handling
2016-06-02 09:27:14 +02:00
typingArtist
2c69e83f5b https://github.com/drwetter/testssl.sh/issues/365 add UNBRACKETED_IPV6 quirks option
Since some OpenSSL binaries, namely Gentoo’s, don’t support bracketed
IPv6 addresses but unbracketed ones, specified as the -connect option,
the UNBRACKETED_IPV6 environment variable can be set to true for
disabling the automatic addition of brackets around IPv6 addresses on
such platforms.
2016-05-27 20:11:47 +02:00
typingArtist
cf62353fc6 https://github.com/drwetter/testssl.sh/issues/365 ensure DNS PTR lookups use un-bracketed IPv6 address
While standard OpenSSL requires the literal IPv6 address enclosed
in [brackets], standard DNS lookup tools don’t support the additional
characters. Before making reverse PTR lookups, these brackets have to
be removed from the IPv6 addresses.
2016-05-27 19:54:23 +02:00
Dirk Wetter
1074c062c7 Merge branch 'master' of github.com:drwetter/testssl.sh 2016-05-27 17:44:08 +02:00
Dirk Wetter
e1a8306286 - try to address #352
- WARNING in fileout is MEDIUM now
- NOT ok for medium on screen squashed
2016-05-27 17:43:45 +02:00
Dirk Wetter
1ecad208fe Update Readme.md 2016-05-26 18:03:07 +02:00
Dirk Wetter
6fb15e83fa global $OPENSSL_NR_CIPHERS 2016-05-26 12:56:55 +02:00
David Cooper
acc72a1daf Merge branch 'master' into socksend_tls_clienthello_extensions 2016-05-25 16:50:56 -04:00
Dirk Wetter
65193cdcee Merge pull request #361 from dcooper16/run_rc4_show_each_fix
run_pfs() and run_rc4() show each fixes
2016-05-24 23:47:23 +02:00
David Cooper
e0c147ec86 run_pfs() and run_rc4() show each fixes
When run_rc4() is run with the "--show-each" option, but without the "--wide" option, a list of all RC4 ciphers is printed, without any distinction between those that are supported by the server and those that are not. This is the same issue I noted in #332 for run_pfs().

In run_pfs(), the displayed output was corrected, but all ciphers were still being added to $pfs_ciphers, so the list of supported PFS ciphers sent to fileout() was incorrect.

This PR fixes both issues.
2016-05-24 13:57:47 -04:00
Dirk
5a03e96304 - consequently removed "NOT ok" for not-av of TLS 1.2 2016-05-23 22:42:40 +02:00
Dirk Wetter
bf17a17b70 - 3DES in standard cipher list is medium, thus "NOT ok" is too much (need for elegant general way for "medium")
(see also https://www.keylength.com/en/8/)
2016-05-23 18:56:05 +02:00
Dirk Wetter
aa99c5eb88 - FIX #347
- LF removed in JSON
2016-05-20 13:45:53 +02:00
Dirk Wetter
803e363310 Merge pull request #356 from dcooper16/server_key_size
Fix typo in Server key size check
2016-05-20 08:16:48 +02:00
Dirk Wetter
fbf25d7ae1 Merge pull request #357 from dcooper16/cert_sig_algo
Recognize more signature algorithms
2016-05-20 08:12:52 +02:00
David Cooper
2ffed62d53 Recognize more signature algorithms
This PR adds to the list of signature algorithms recognized in certificate_info().
2016-05-19 16:45:56 -04:00
David Cooper
dccf9bef63 Fix typo in Server key size check
When certificate_info() is trying to determine what type of public key the server has so that it can determine whether the key size is acceptable, it sometimes looks at $cert_sig_algo rather than $cert_key_algo. This PR fixes that and also adds support for DSA public keys.
2016-05-19 16:39:06 -04:00